Certbot Succeeded But HTTPS Doesn't Work

jzlegion · June 28, 2018, 1:26am

I ran this command:

certbot certificates

It produced this output:

Certificate Name: ardentunited.me
Domains: ardentunited.me
Expiry Date: 2018-09-25 22:42:31+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ardentunited.me/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ardentunited.me/privkey.pem

My web server is (include version):Amazon Lightsail

The operating system my web server runs on is (include version):Ubuntu 16.04

My hosting provider, if applicable, is:Amazon AWS

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

I can connect to ardentunited.me (not www.ardentunited.me, but I believe that's fine). But, I can't connect to https://ardentunited.me

My A record (host *) points to 34.217.34.181

Please let me know what I'm doing wrong, thanks!

_az · June 28, 2018, 1:31am

a.ardentunited.me.      1799    IN      A       34.217.34.181
a.ardentunited.me.      0       IN      CNAME   _705a3fba37c159e591bcd76735b90c5f.acm-validations.aws.
a.ardentunited.me.      1799    IN      TXT     "28bGXnTHCkwBj5Pso3VrsqOLNvbin99PZupYBZ9NEmA"

Please keep in mind that you can’t mix CNAME records with any other record type. The presence of that CNAME is possibly disabling your A record.

I do not think AWS asked you to create that record. Their instructions usually provide a label that begins with an underscore. A wildcard CNAME like that is a surefire way to screw up your zone.

Another thing to consider is that *.example.org does not cover example.org on its own.

What you should do is just create separate records for your zone apex (example.org and www.example.org).

jzlegion · June 28, 2018, 1:41am

I’ve deleted the CNAME, but https://ardentunited.me still leads to “Hmm. We’re having trouble finding that site.” on Firefox

_az · June 28, 2018, 1:42am

That’s better, but you still don’t have any A records on ardentunited.me (just www.ardentunited.me, thanks to the wildcard).

jzlegion · June 28, 2018, 1:46am

Do I add one with host WWW?

_az · June 28, 2018, 1:47am

You need to add one with no host/or @ as the host, depending on your DNS user interface.

jzlegion · June 28, 2018, 1:51am

Got it, I believe Namecheap is @. I added it.

_az · June 28, 2018, 1:54am

Looks fine now, but you’ll probably need to wait out the DNS cache on your local workstation and whatever resolvers you are using, before that browser error is gone.

Your server doesn’t seem to actually be accessible on ports 80 or 443, though.

jzlegion · June 28, 2018, 1:56am

Hmm, I opened it to everything though.

jzlegion · June 28, 2018, 1:59am

Also, I changed the IP to the static AWS IP.

stevenzhu · June 28, 2018, 2:27am

setup a default nginx vHost with listen 443 would definitely helps.

Now all your site display default “welcome to Nginx”

jzlegion · June 28, 2018, 2:57am

Yeah, that's fine, I'm just trying to get the https link to work.

stevenzhu · June 28, 2018, 3:14am

Hi @jzlegion ,

Just create a new vHost in your server & enter the following details..

Warning: I'm just responding to the request "get https link to work", with no liability.

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate  /etc/letsencrypt/live/ardentunited.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ardentunited.me/privkey.pem;
    root /var/www/html;
}

Here you go.

Thank you

jzlegion · June 28, 2018, 3:19am

Didn’t work. Is it a problem that I don’t have sites-available in my nginx directory? I created sites-enable but not sites-available.

stevenzhu · June 28, 2018, 3:21am

Do you restart your nginx server after adding the vHost, is your nginx config (global) include a include(which pointed to your site-enabled folder)?

jzlegion · June 28, 2018, 3:23am

Yeah, I restarted it after creating the vHost.

stevenzhu · June 28, 2018, 3:30am

It still looked as “not listening” for me…

Execute this command please:
nginx -T (It will print all vHosts), please check if there’s the code snippet i shared in the output.

Thank you

jzlegion · June 28, 2018, 3:41am

I'm not sure:nginx -t · GitHub

stevenzhu · June 28, 2018, 3:46am

That’s the issue, you haven’t have nginx reading vHosts from sites-enabled folder.

Go to your nginx.conf file located in /etc/nginx/nginx.conf, add the line include /etc/nginx/sites-enabled/*; (change the directory to where the sites-enabled actually located) to the bottom of the file (last line)

Then restart nginx.

jzlegion · June 28, 2018, 3:53am

Couldn't restart.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.