Hi at all,
due to i am very nooby in point of server hosting i sadly was not able to fix this issue even there are a lot of quite similar posts here on the board…My certificate is expired and now i tried the following:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.entwicklercouch.de/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Debian 8.5 64Bit
My hosting provider, if applicable, is:
ZAP Hosting
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
And here is my nginx config:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name entwicklercouch.de www.entwicklercouch.de;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-entwicklercouch.de.conf;
include snippets/ssl-params.conf;
access_log /root/log/nginx/entwicklercouch.de.log;
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
# Add index.php to the list if you are using PHP
location ~ /.well-known {
allow all;
}
location /sockettest/ {
root /root/webserver/sockettest;
index index.html index.htm;
}
location /alexa-api/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:3000;
}
location /alexa-skill/ {
proxy_pass http://localhost:3009;
}
location /bamboo/ {
proxy_pass http://localhost:8085;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
location / {
proxy_pass http://localhost:8080;
root /root/webserver/app/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Please help me with this i really have no idea what i am doing wrong
Is nginx running at all? Because most of the time, when some port (in this case 80) is filtered by a firewall, the client would get a time out (because all packets are silently dropped).
However, in your case, your server replies to the client with an “active” “go away” kind of signal, causing the “connection refused” error.
And with the tip of @JuergenAuer above: what is actually running on port 443? Because it doesn’t seem to be the nginx configuration you’ve posted here.
Hi, thanks for the fast reply. Maybe nginx really is not working:
systemctl restart nginx
leads to
Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
while
systemctl status nginx.service
shows
~# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since So 2018-06-24 17:01:53 CEST; 1min 59s ago
Process: 18324 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 9555 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
Process: 18521 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 18519 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 6293 (code=exited, status=0/SUCCESS)
Jun 24 17:01:52 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jun 24 17:01:52 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jun 24 17:01:52 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jun 24 17:01:52 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com nginx[18521]: nginx: [emerg] still could not bind()
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com systemd[1]: nginx.service: control process exited, code=exited status=1
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Jun 24 17:01:53 rs-zap336199-1.zap-srv.com systemd[1]: Unit nginx.service entered failed state.
why is it already in use and why cant it be restarted?
chrome doees not give me the possibility to accept the certificate (also Firefox doesn't). And I'd still love to renew the certificate again. 5 min ago I tried certbot renew again and i now receive:
Attempting to renew cert from /etc/letsencrypt/renewal/www.entwicklercouch.de.conf produced an unexpected error: Failed authorization procedure. www.entwicklercouch.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Die etwas andere Domain Börse Connection refused, entwicklercouch.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Die etwas andere Domain Börse Connection refused. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.entwicklercouch.de/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
HSTS is a wonderful feature. But it should only used when the certificate management process works.
Anyway: If it is not possible to use http-01 - challenge (Port 80 doesn’t work), check if you can switch to dns-01 - challenge (creating two dns - txt entries).
i really have no idea what i am doing wrong