CNAME redirection doesn't work

Hello world!

I can't renew my certificate for mediaserver.pieterhouwen.info. Says it can't find the domain.

What I ran:

certbot renew

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mediaserver.pieterhouwen.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mediaserver.pieterhouwen.info
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (mediaserver.pieterhouwen.info) from /etc/letsencrypt/renewal/mediaserver.pieterhouwen.info.conf produced an unexpected error: Failed authorization procedure. mediaserver.pieterhouwen.info (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mediaserver.pieterhouwen.info/.well-known/acme-challenge/v_Qf_PSkhdhHLhT3El1bcSAqRzEMoEIqlprDx_WYtxA: Error getting validation data. Skipping.

I then ran:

nslookup mediaserver.pieterhouwen.info

This got me:

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
mediaserver.pieterhouwen.info   canonical name = pieterhouwen.duckdns.org.
Name:   pieterhouwen.duckdns.org
Address: 83.86.188.222

Should I upload my entire debug log here? I don't know which lines would be relevant here.

I don't see a DNS issue in the error message. Your DNS also works fine (https://unboundtest.com/m/A/mediaserver.pieterhouwen.info/RPX573WH)

Problem is, your website isn't reachable on port 80 what so ever.

4 Likes

Yeah you seem to be correct. That's really weird, my nginx config shows this:


server {
    if ($host = mediaserver.pieterhouwen.info) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name mediaserver.pieterhouwen.info;
    return 404; # managed by Certbot
}

Do you see any problems with this? My entire .conf file looks like this:

root@vpn-machine:/etc/nginx/sites-enabled# cat mediaserver.pieterhouwen.info.conf
# Default server configuration
#
server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name mediaserver.pieterhouwen.info;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # try_files $uri $uri/ =404;
                proxy_pass http://192.168.2.147:18096;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_buffering off;
                proxy_request_buffering off;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mediaserver.pieterhouwen.info/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mediaserver.pieterhouwen.info/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = mediaserver.pieterhouwen.info) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name mediaserver.pieterhouwen.info;
    return 404; # managed by Certbot


}

I figured it out. My problem was in the chair, not in the computer.

I messed up my port forwarding config without noticing it. Thanks for your efforts!

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.