Domain no longer available after Lets Encrypt install

My domain is: schnox.de

I ran this command:

everything before the first step.

It produced this output:
My test website is not available

My web server is (include version):
nginx 1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.4 LTS

My hosting provider, if applicable, is:
eugamehost.com

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, Terminus 8.10.0

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0

Hello,
I followed the linked guide. When I installed LetsEncrypt via certbot i could no longer reach my test site on schnox.de.
what could be a reason for this?

Thank you very much!

1 Like

Hi @Schnox, and welcome to the LE community forum :slight_smile:

The most likely reason is that HTTPS connections are being blocked from reaching your nginx server.
The HTTP connections are being allowed and they redirect to HTTPS:

curl -Ii schnox.de
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 02 Apr 2024 23:01:04 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://schnox.de/
4 Likes

Hi @rg305, and thank you for your quick reply :smiley:

i dont really know alot about networking. Is this something I configure in nginx or whereelse would I fix this issue?

1 Like

Start with nginx:

  • Check the config to ensure it is listening/serving content on port 443.
    You can review the output of: "nginx -T"
    You can also check the system with:
    sudo netstat -pant | grep -i listen

Then, if that all looks correct, check any firewalls/NAT/PortForwardingRules that may apply.

  • ensure port 443 is being allowed as port 80 is and that they are both set to reach the same IP
3 Likes

in the nginx log nginx is listening on port 443 as configured by certbot:

I can only attach one picture so this is the first one.

I dont really know if this is the correct configuration. But i believe it is listening to 443 on the standard gateway. Also the ufw firewall is allowing Full nginx access on port 80 and 443:

If I understand correctly these configurations are correct right?

Thank you so much for your help!

1 Like

So far, so good.
But something is preventing the HTTPS conenctions:

curl -Ii https://schnox.de/
curl: (28) Failed to connect to schnox.de port 443 after 129434 ms: Connection timed out

Are there any inline devices that could block or route those packets?

3 Likes

I don't think so. I just installed the LEMP stack and configured LetsEncrypt.
Could this have anything to do with my A-Records? But I could reach the site before configuring LetsEncrypt.

No; Not a DNS issue.

And you still can; Just via HTTP only.

Is there... an IPS?
Is there... Fail2Ban?
Is there... any NAT capable device in the path?
Is there... any port forwarding / port translation being done?

3 Likes

None that I installed myself.
I don't know if the Host eugamehost.com has anything to do with that but I can't find anything related in the Server Dashboard.

We could test by moving port 443 to some other unused number - like 8443.

2 Likes

I tried this:

(I changed the listen to 8433 ssl;)

and tried reaching schnox.de:8433
I cannot reach it. Is what I did correct?

1 Like

That all looks correct.
But I too can't reach port 8443.

I don't understand how port 80 and port 22 are working.

3 Likes

Okay,
thank you for your efforts. I'll check back in and try stuff tomorrow.
I'll let you know if I can find the problem.

2 Likes

You might need to open ports at the hosting provider level. At least that's often the case for VPS on AWS I believe. Might be applicable to your situation too.

3 Likes

There was a Menu outside of the Server Dashboard where I could configure allowed Ports.

2 Likes