Certbot fails using nginx under XUbuntu

My domain is:
rose.ddns.me

I ran this command:
sudo certbot --nginx

It produced this output:
Timeout during connect (likely firewall problem)
PS I've attached the full Terminal output.

My web server is (include version):
nginx 1.18.0 (ubuntu)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
None

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.40.0

letsencrypt.txt (1.5 KB)

Following instructions from How to Host a Static Website with Nginx | by Jason Rigden | Medium, I instead installed python3-certbot-nginx instead of python-certbot-nginx. Is that correct? I got this error: Timeout during connect (likely firewall problem). I've got port forwarding on my router to the appropriate computer for ports 80 & 8080, and I've got ufw showing for nginx Full, nginx HTTP & nginx HTTPS. Any ideas?

It would seem something is wrong with the port forwarding, or IP address, or at the ISP level. I can't connect from my laptop either:

$ curl -vvv -m10 rose.ddns.me
*   Trying 120.155.181.225:80...
* Connected to rose.ddns.me (120.155.181.225) port 80 (#0)
> GET / HTTP/1.1
> Host: rose.ddns.me
> User-Agent: curl/7.77.0
> Accept: */*
>
* Operation timed out after 10005 milliseconds with 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 10005 milliseconds with 0 bytes received
1 Like

@_az Thanks for your helpful reply. Just call me stupid. I mistakenly used rose.ddns.me, whereas I should have used rose.myddns.me.
After correcting the various filenames and file contents that I had previously setup for nginx, I ran the curl statement you suggested and it gave:
john@johnpc:~$ curl -vvv -m10 rose.myddns.me

  • Trying 2.101.153.62:80...
  • TCP_NODELAY set
  • Connected to rose.myddns.me (2.101.153.62) port 80 (#0)

GET / HTTP/1.1
Host: rose.myddns.me
User-Agent: curl/7.68.0
Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 301 Moved Permanently
    < Server: nginx/1.18.0 (Ubuntu)
    < Date: Sat, 15 Jan 2022 12:12:27 GMT
    < Content-Type: text/html
    < Content-Length: 178
    < Connection: keep-alive
    < Location: https://rose.myddns.me/
    <
301 Moved Permanently

301 Moved Permanently


nginx/1.18.0 (Ubuntu) * Connection #0 to host rose.myddns.me left intact

I presume that the above shows the website rose.myddns.me is Ok. However, when I tried it in Firefox on another computer on my network, it gave 'Potential Security Risk Ahead' and when I clicked on 'Advanced' it gave 'The certificate is not trusted because it is self-signed.' I have attached a a screenshot of that.


Is that expected behaviour in Firefox? If not, what needs correcting?
I have not been able to attach the Security Certificate (after clicking on View) because I am a new user of this community.

1 Like

At the moment I can't view your certificate because you don't have port 443 (HTTPS) forwarded. This needs to be done in addition to port 80 (HTTP).

But it would seem that your Let's Encrypt certificate has not taken effect in nginx.

Did you already try:

sudo certbot --nginx -d rose.myddns.me 

?

2 Likes

I forgot to forward port 443 on router. Everything now Ok. Thanks for your help.

3 Likes