Por favor, preencha todos os campos abaixo para que nós possamos ajudar você. Obs.: você deve indicar seu nome de domínio para receber ajuda. Os nomes de domínio dos certificados emitidos são divulgados nos logs da Transparência de Certificados (por exemplo, crt.sh | example.com). Assim, não indicar seu nome de domínio não o mantém em segredo, mas torna a nossa ajuda mais difícil.
Posso ler respostas em inglês: yes
Meu nome de domínio é: psp.app.br
Executei esse comando: certbot certonly
Produziu essa saída:
aving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): psp.app.br
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for psp.app.br
Waiting for verification...
Challenge failed for domain psp.app.br
http-01 challenge for psp.app.br
Cleaning up challenges
Some challenges have failed.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Meu servidor web é (com versão): nginx-proxy
O sistema operacional no meu servidor web é (com versão): docker image jwilder/nginx-proxy:latest
O serviço de hospedagem do meu site (se aplicável) é: Digital Ocean
Posso acessar um shell root na minha máquina (sim ou não, ou não sei): sim
Uso um painel de controle para administrar meu site (não, ou indique o nome e a versão do painel de controle):
Have you changed your configuration? When I try your domain name I get a response from an nginx server. But, your request used standalone which will only work when you do not have another server handling port 80. The nginx server responding now always returns an http error 503. But, it is responding so is not timing out like you show.
Also, the Let's Debug test site shows the domain name app.br is currently affected by Rate Limits. Many people create subdomains with that name and the total is 50 per week. So, you may be affected by that even once you get the communications working.
Hi @MikeMcQ thanks for responding so quickly, people like you make this digital world amazing!
I will test another domain to see if the problem is my subdomain or if there is something else there.
I was a little confused about the nginx error thing. What I happen to be in a context where I am using a vps(digital ocean) with a number of services installed on dockers/conteiners and an nginx-proxy behind them. One of these dockers is a zerotier that is directed to a local server with a raspberry in my house. I have to do this because the ISP blocks my port 80 and so I need to do this redirection to the device in my home.
When I have to create the certificate it gives me an error saying that port 80 is busy, so I have to take down the nginx-proxy container to run certbot, but if I do that in fact the service that is being redirected to my raspberry will not be online at certificate time.
Could you just leave nginx running and let it process any ACME HTTP challenge requests that come in on port 80? Every challenge has requests from the Let's Encrypt server to your domain that starts with:
Hmm. Not to me. I now see timeouts for psp.app.br and a similar error connecting to coolab.org. See their Let's Debug tests here and here
Here is the nmap port results for each (filtered usually means firewall blocking):
Nmap scan report for psp.app.br (159.203.86.156)
Host is up (0.0078s latency).
PORT STATE SERVICE
22/tcp closed ssh
25/tcp filtered smtp
80/tcp filtered http
443/tcp filtered https
Nmap scan report for coolab.org (159.203.86.156)
Host is up (0.0080s latency).
PORT STATE SERVICE
22/tcp closed ssh
25/tcp filtered smtp
80/tcp closed http
443/tcp closed https
I have a feeling this is related to all the containers and how they interact with your host. I am not good enough with containers to work through this. Sorry
Maybe so. But, something is wrong. Possibly in the routing of requests to the nginx container server. See below your nginx server for port 80 (http) requests should reply with either an http 301 or http 404. But, requests instead get a 503.
I see your https nginx server block has a way to return a 503 (the proxy failing) but an http request should not get there (at least not without getting an http 301 redirect)
Now I have created a container just to redirect the psp.app.br address internally within the vps.
It seems to be ok now but since the server is on my local network I can't see if the outside is giving errors.
The nginx config doesn't contain a server block for psp.app.br.
So the "default" is being used:
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}