Certbot fails using nginx under XUbuntu

johnaaronrose · January 15, 2022, 8:55am

My domain is:
rose.ddns.me

I ran this command:
sudo certbot --nginx

It produced this output:
Timeout during connect (likely firewall problem)
PS I've attached the full Terminal output.

My web server is (include version):
nginx 1.18.0 (ubuntu)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
None

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.40.0

letsencrypt.txt (1.5 KB)

Following instructions from How to Host a Static Website with Nginx | by Jason Rigden | Medium, I instead installed python3-certbot-nginx instead of python-certbot-nginx. Is that correct? I got this error: Timeout during connect (likely firewall problem). I've got port forwarding on my router to the appropriate computer for ports 80 & 8080, and I've got ufw showing for nginx Full, nginx HTTP & nginx HTTPS. Any ideas?

_az · January 15, 2022, 9:06am

It would seem something is wrong with the port forwarding, or IP address, or at the ISP level. I can't connect from my laptop either:

$ curl -vvv -m10 rose.ddns.me
*   Trying 120.155.181.225:80...
* Connected to rose.ddns.me (120.155.181.225) port 80 (#0)
> GET / HTTP/1.1
> Host: rose.ddns.me
> User-Agent: curl/7.77.0
> Accept: */*
>
* Operation timed out after 10005 milliseconds with 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 10005 milliseconds with 0 bytes received

johnaaronrose · January 15, 2022, 12:25pm

@_az Thanks for your helpful reply. Just call me stupid. I mistakenly used rose.ddns.me, whereas I should have used rose.myddns.me.
After correcting the various filenames and file contents that I had previously setup for nginx, I ran the curl statement you suggested and it gave:
john@johnpc:~$ curl -vvv -m10 rose.myddns.me

Trying 2.101.153.62:80...
TCP_NODELAY set
Connected to rose.myddns.me (2.101.153.62) port 80 (#0)

GET / HTTP/1.1
Host: rose.myddns.me
User-Agent: curl/7.68.0
Accept: /

Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sat, 15 Jan 2022 12:12:27 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://rose.myddns.me/
<

301 Moved Permanently

nginx/1.18.0 (Ubuntu) * Connection #0 to host rose.myddns.me left intact

I presume that the above shows the website rose.myddns.me is Ok. However, when I tried it in Firefox on another computer on my network, it gave 'Potential Security Risk Ahead' and when I clicked on 'Advanced' it gave 'The certificate is not trusted because it is self-signed.' I have attached a a screenshot of that.

Is that expected behaviour in Firefox? If not, what needs correcting?
I have not been able to attach the Security Certificate (after clicking on View) because I am a new user of this community.

_az · January 15, 2022, 1:20pm

At the moment I can't view your certificate because you don't have port 443 (HTTPS) forwarded. This needs to be done in addition to port 80 (HTTP).

But it would seem that your Let's Encrypt certificate has not taken effect in nginx.

Did you already try:

sudo certbot --nginx -d rose.myddns.me

?

johnaaronrose · January 15, 2022, 5:23pm

I forgot to forward port 443 on router. Everything now Ok. Thanks for your help.

system · February 14, 2022, 5:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.