Certbot failes to authentication

Help
41

Sorry to revive an old thread but I don't now where to look for information on this...
I had everything working using nginx proxy manager and then all of a sudden I can not reach my domain from my phone. If I set a private dns (Adguard), it works... On Lan it works.

Please, any advice is much appreciated!

42

I still see this problem:

Which seems to imply that the NAT device isn't forwarding the ports correctly.

6 Likes
43

Thanks.
Sorry, I forgot.

Domain in use:
iotsrv.xyz
Example: heimdall.iotsrv.xyz

44

You "forgot" that all this time we have been "working" with the wrong domain name? ("iotserver.st")

This new domain is behind CloudFlare:

Name:      iotsrv.xyz
Addresses: 2606:4700:3036::6815:199
           2606:4700:3031::ac43:8173
           104.21.1.153
           172.67.129.115

Name:      heimdall.iotsrv.xyz
Addresses: 2606:4700:3031::ac43:8173
           2606:4700:3036::6815:199
           104.21.1.153
           172.67.129.115

It should be simple to use their CA to secure all related connections.

9 Likes
45

Haha, no!! :rofl: That was included from my isp but didn't work, so I bought a "real" domain.

I told you two weeks ago that u got it working. This new problem is with this domain.

Yes, it is. How do I use the CA (don't even know what that is?)? Will look at it today or tomorrow! Thanks. :face_with_peeking_eye:

1 Like
46

You can use a Cloudflare Origin CA cert on your origin server. You don't need to use Let's Encrypt for that.
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

With a new domain name and a new config it would have been better for you to start a new topic. Something to keep in mind for future.

8 Likes
47

Thanks. I thought there was something like that going on since it says the certificate is from Cloudflare inc ecc CA-3.

Yes, I should have.

Any ideas why the site is unreachable from my phone when I use the mobile net?
Chrome gives: dns_probe_finished_nxdomain.
When I use dns.adguard.com as a "private DNS" the site opens..

1 Like
48

I don't. That's a DNS lookup problem. Not related to your certs.

I can reach your site but it gives me a 520 error from Cloudflare. You can find more debug info for that here:
https://support.cloudflare.com/hc/en-us/articles/115003011431-Troubleshooting-Cloudflare-5XX-errors

curl -IL https://iotsrv.xyz
HTTP/2 520
date: Tue, 14 Jun 2022 15:42:08 GMT
content-length: 0
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D46dGsFsN%2F2L5xHTgfELmCRGlm6I%2F78gFAIoee86Z1bY6kZgJDFYdk45qYX4qfyEy1NYP8AiozLVOzLtGu3p%2BIVtErTb1YQi%2BsqCOBguxgmUiCnzGzWPSHBFBiZWpPBuAMPxoEOd9Lna"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 71b42c974d6e5d8c-IAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
9 Likes
49

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.