Certbot Succeeded But HTTPS Doesn't Work


#1

My domain is: ardentunited.me

I ran this command:

certbot certificates

It produced this output:

Certificate Name: ardentunited.me
Domains: ardentunited.me
Expiry Date: 2018-09-25 22:42:31+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ardentunited.me/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ardentunited.me/privkey.pem

My web server is (include version):Amazon Lightsail

The operating system my web server runs on is (include version):Ubuntu 16.04

My hosting provider, if applicable, is:Amazon AWS

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

I can connect to ardentunited.me (not www.ardentunited.me, but I believe that’s fine). But, I can’t connect to https://ardentunited.me

My A record (host *) points to 34.217.34.181

Please let me know what I’m doing wrong, thanks!


#2
a.ardentunited.me.      1799    IN      A       34.217.34.181
a.ardentunited.me.      0       IN      CNAME   _705a3fba37c159e591bcd76735b90c5f.acm-validations.aws.
a.ardentunited.me.      1799    IN      TXT     "28bGXnTHCkwBj5Pso3VrsqOLNvbin99PZupYBZ9NEmA"

Please keep in mind that you can’t mix CNAME records with any other record type. The presence of that CNAME is possibly disabling your A record.

I do not think AWS asked you to create that record. Their instructions usually provide a label that begins with an underscore. A wildcard CNAME like that is a surefire way to screw up your zone.

Another thing to consider is that *.example.org does not cover example.org on its own.

What you should do is just create separate records for your zone apex (example.org and www.example.org).


#3

I’ve deleted the CNAME, but https://ardentunited.me still leads to “Hmm. We’re having trouble finding that site.” on Firefox


#4

That’s better, but you still don’t have any A records on ardentunited.me (just www.ardentunited.me, thanks to the wildcard).


#5

Do I add one with host WWW?


#6

You need to add one with no host/or @ as the host, depending on your DNS user interface.


#7

Got it, I believe Namecheap is @. I added it.


#8

Looks fine now, but you’ll probably need to wait out the DNS cache on your local workstation and whatever resolvers you are using, before that browser error is gone.

Your server doesn’t seem to actually be accessible on ports 80 or 443, though.


#9

Hmm, I opened it to everything though.


#10

Also, I changed the IP to the static AWS IP.


#11

setup a default nginx vHost with listen 443 would definitely helps.

Now all your site display default “welcome to Nginx”


#12

Yeah, that’s fine, I’m just trying to get the https link to work.


#13

Hi @jzlegion ,

Just create a new vHost in your server & enter the following details…

Warning: I’m just responding to the request “get https link to work”, with no liability.

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate  /etc/letsencrypt/live/ardentunited.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ardentunited.me/privkey.pem;
    root /var/www/html;
}

Here you go.

Thank you


#14

Didn’t work. Is it a problem that I don’t have sites-available in my nginx directory? I created sites-enable but not sites-available.


#15

Do you restart your nginx server after adding the vHost, is your nginx config (global) include a include(which pointed to your site-enabled folder)?


#16

Yeah, I restarted it after creating the vHost.


#17

It still looked as “not listening” for me…

Execute this command please:
nginx -T (It will print all vHosts), please check if there’s the code snippet i shared in the output.

Thank you


#18

I’m not sure:https://gist.github.com/Legionof7/4369425c772d424334e4d349b895b46d


#19

That’s the issue, you haven’t have nginx reading vHosts from sites-enabled folder.

Go to your nginx.conf file located in /etc/nginx/nginx.conf, add the line include /etc/nginx/sites-enabled/*; (change the directory to where the sites-enabled actually located) to the bottom of the file (last line)

Then restart nginx.


#20

Couldn’t restart.
Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.