Challenge failed for domain

nginx version: nginx/1.18.0 (Ubuntu)

109.88.89.61

1 Like

Good news / bad news

Good news: You seem to be at the right IP

Name:    captiveportal.secureinside.be
Address: 109.88.89.61

matches

Bad news: You are not on the system that the Internet sees responding on port 80.

Server: nginx/1.14.0 (Ubuntu)

does NOT match

1 Like

So...
Do you have access to the router/firewall?
If so, can you see where the inbound TCP port 80 (HTTP) connections are being sent?

1 Like

Yes I have access to the router.

The port 80 is redirecting to the 1st web server

1 Like

I don't know what "1st web server" means.
I had previously asked:

to which you replied:

Now, I'm not so sure.

Can you draw a quick sketch of all the systems involved [and include their IPs]?

1 Like

Webserver 1 (Odoo)

Webserver 2 (Ubuntu Server)

2 Likes

Ok that explains like one thousand words - LOL
[as most pictures do]

In this case, there is no local webroot in server one [WS1] that can reach server two [WS2]
So, webroot it out of the question.

That leaves us with the reverse proxy solution.
For that, you will have to modify the nginx config on WS1 to handle the name for WS2 and keep the HTTP connections from being redirected to HTTPS (simplifies things in the long run).
Then on WS2, you will have to handle the HTTP connections (port 81 is OK) and run certbot with the correct local webroot.

2 Likes

If you are good and ready for that, we first need to see the nginx -T from WS1.

2 Likes

Thank you, I will take that into consideration.

What I will try to do is a configuration more specific on the router level so that the servers are more independent.

That way when the router sees "captiveportal.secureinside.be" with port 80, it redirects to a specific server.
Like setting up more rules so that it doesn't just read the port.

Because I don't have access to the WB1, it's managed by a 3rd party person in the company.

And if I don't succeed I will try and setting up the reverse proxy.

What do you think ?

1 Like

I think you will be hard pressed to find such an intelligent (layer 4+) feature in a layer 3 router.
But if available, that would resolve this problem [by moving the SNI/reverse proxy requirement into the router].

I think if you control the router, then you can setup a reverse proxy on the .81 and do the same thing in the other direction [provided you can make such changes to the router].

2 Likes

I understand. Will see what I can do and again a huge thank you, really appreciate it for trying to resolve this issue, apologize in advance for any time wasted and it was a pleasure troubleshooting it with this community. Learned a lot ! :smiley:

Wish you and everybody a nice day and stay safe ! :slight_smile:

3 Likes

Time is never wasted when spent with friends or while learning/teaching.
And well spent when doing both :slight_smile:

Cheers from Miami :beers:
image
[now back to trading crypto for beer...]

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.