My web server is (include version): node js express + apache2
The operating system my web server runs on is (include version): ubuntu 20.04
My hosting provider, if applicable, is: -
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0
Hi, i have a server on which I deployed node js express server a month ago, configured redirection in apache2 from localhost:3000 to my rented domain bx.btasia.ru . Configured ssl certificate, double-checked that it has not expired. Checked whether ports tcp 80, 443 are open. But it still does not work, can you please tell me what else could be the problem.
Not from my point of view. Is the IP address 82.146.46.191 correct? How did you check? Your check with the check-host.net check seems to also say your website is completely down.
But needless to say, for that Apache reverse proxy to work, you would still need to have port 80 and 443 open.
Are you checking from your internal LAN by any chance, the same LAN as where the server is hosted? You didn't answer the "hosting provider" so I'm ASSUMING you're self-hosting? Please answer the questions properly in the future so that we don't need to assume anything.
That only shows that some applications are listening on those ports.
There still can be a firewall or NAT portmap preventing access to ports 80 and 443.
Weird thing is: port 22 seems to be open in your firewall, but closed on the OS level. The latter makes sense, because nothing is listening on port 22 (your SSH is probably the 22222 port, which is not accessible from the world wide web). But the former makes me think that at least some firewall plays a roll here. As everything seems to be blocked, except port 22. So something is coming through. Just not port 80 and 443.
Please note that for most situations port 80 is still required for renewal of the certificate. You can test renewal using sudo certbot renew --dry-run where --dry-run is for the testing purposes.
The HTTP-01 challenge states "The HTTP-01 challenge can only be done on port 80." and 'Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way).'
