Domain shows "Can't be reached" after running sudo certbot --nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 100-talents.com

I ran this command: sudo certbot --nginx

It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/100-talents.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/100-talents.com/privkey.pem
This certificate expires on 2022-05-03.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in t he background.

Deploying certificate
Successfully deployed certificate for 100-talents.com to /etc/nginx/conf.d/frapp e-bench.conf
Congratulations! You have successfully enabled HTTPS on https://100-talents.com

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

curl -Ii http://100-talents.com/
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 03 Feb 2022 06:25:44 GMT
Connection: keep-alive
Location: http://www.100-talents.com
X-Served-By: Namecheap URL Forward

NameCheap URL forward?

Is that not supposed to be there?
This is how my DNS is configured currently. I'm a bit new to this so I admit I might have made a mistake.

image1064×322 5.88 KB

Any help would be appreciated.

I can't be certain, but it is suspicious.
Try removing the "URL Redirect Record" line.

Just did this.

I also noticed as I was checking through nginx that the /etc/nginx/sites-enabled directory is empty, is that normal?

Not from my experience, but I have no idea how the server was setup.

Currently, your nginx is returing a 500 internal server error on HTTP. And I'm getting a "connection refused" on port 443 (HTTPS).

This means, I think, two things:

First: your nginx configuration seems to be messed up;
Second: your nginx doesn't listen on HTTPS port 443.

I didn't change anything about nginx itself. So it must have the default settings.

Just fixed the internal server error.

For the configuration, I ran nginx -t and it shows

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Don't know if that helps. Also how can I check if it is listening on port 443?

I also just ran certbot --nginx again and I get.

Could not automatically find a matching server block for 100-talents.com. Set the server_name directive to use the Nginx installer.

You have a choice to make. Do you want nginx to serve this site and this site only, or do you want to serve something else as well, on a different subdomain for example?

In the first case, you can probably edit nginx.conf directly. (I don't know if certbot can see that but you can always install your certificate manually... ehm, no, It's not something easier than this.)

The second case is easier. Make a /etc/nginx/sites-available/100-talents.com file with this contents:

server {
  listen 80;
  listen [::]:80;

  server_name 100-talents.com www.100-talents.com;
  
  # and the stuff needed to run your website: 
  #   - do you need php?
  #   - a webroot different fron the default one?
}

Then run

ln -s /etc/nginx/sites-available/100-talents.com /etc/nginx/sites-enabled/ && service nginx reload

This should be enough to let certbot work and stop complaining.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.