Domain issues: Issues that may prevent any certificate for this domain being issued

My domain is: www.viberchatbot.ga

I ran this command: sudo certbot --nginx

It produced this output:

sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: viberchatbot.ga
2: www.viberchatbot.ga
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/viberchatbot.ga.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for viberchatbot.ga and www.viberchatbot.ga

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/viberchatbot.ga/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/viberchatbot.ga/privkey.pem
This certificate expires on 2022-09-18.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for viberchatbot.ga to /etc/nginx/sites-enabled/flask_app
Successfully deployed certificate for www.viberchatbot.ga to /etc/nginx/sites-enabled/flask_app
Your existing certificate has been successfully renewed, and the new certificate has been installed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version): Flask 2.1.2

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS

My hosting provider, if applicable, is: freenom.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.28.0

I am getting the following from letsdebug on my domain and www.domain:

Which is different from what I got a a day ago:

DNS checkup for viberchatbot.ga is showing A records as Resolved

I have the following in my test.py:

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World!'

if __name__ == "__main__":
    app.run(host="0.0.0.0",  debug=True)

and I start it with:
gunicorn3 --workers=3 test:app

I can access gunicorn3 with curl:
curl -il 127.0.0.1:8000
HTTP/1.1 200 OK
Server: gunicorn
Date: Mon, 20 Jun 2022 09:19:53 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14 Hello, World!

I see from letsdebug that the request reaches my external address at 80 http 141.147.63.84 and is then forwarded to my 443 https but then I lose the connection.

I got a free domain from Freenom to test out hosting a server on ubuntu. Got the following settings:

Is there an issue with the certificate?
Adding text from LetsDebug so it will pop out in search queries:

[ANotWorking](https://letsdebug.net/viberchatbot.ga/1082596#ANotWorking-Error)

ERROR

viberchatbot.ga has an A (IPv4) record (141.147.63.84) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

Get "https://viberchatbot.ga/.well-known/acme-challenge/letsdebug-test": dial tcp 141.147.63.84:443: connect: no route to host

Trace:
@0ms: Making a request to http://viberchatbot.ga/.well-known/acme-challenge/letsdebug-test (using initial IP 141.147.63.84)
@0ms: Dialing 141.147.63.84
@178ms: Server response: HTTP 301 Moved Permanently
@178ms: Received redirect to https://viberchatbot.ga/.well-known/acme-challenge/letsdebug-test
@178ms: Dialing 141.147.63.84
@266ms: Experienced error: dial tcp 141.147.63.84:443: connect: no route to host

[IssueFromLetsEncrypt](https://letsdebug.net/viberchatbot.ga/1082596#IssueFromLetsEncrypt-Error)

ERROR

A test authorization for viberchatbot.ga to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

141.147.63.84: Fetching https://viberchatbot.ga/.well-known/acme-challenge/nCDFPuK8rJH09t8rjsRms66r-5FYbIg-UagkdYaPUbU: Error getting validation data

Adding clarification form previous LetsDebug that I was not able to add in initial post:

***Which is different from what I got a a day ago:

Please don't keep renewing a perfectly fine certificate over and over again: if issuance of the certificate is not the issue, but something else is, it doesn't make sense to re-issue the certificate. Currently, you've issued four perfectly certificates already: crt.sh | viberchatbot.ga Which makes you at risk of running into rate limits.

The "no route to host" error is probably due to a firewall blocking access to port 443 as the ICMP response is coming directly from your IP address 141.147.63.84 while port 80 works nicely.

2 Likes

I had all 443 allowed from UFW however I guess it did not work until I restarted the whole instance from the Oracle cloud.

Everything is up and running now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.