Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is nginx version: nginx/1.22.1
The operating system my web server runs on is Arch linux Kernel: 6.0.12-arch1-1
I can login to a root shell on my machine
I'm Not using a control panel to manage my site
The version of my client is Certbot 2.3.0
the server that the subdomain points to is proxy passed from the nginx server to a jellyfin server
when visiting the subdomain in its current state it gives the error NET::ERR_CERT_COMMON_NAME_INVALID
(this is what im trying to fix)
Port 80 needs to be open for the nginx authenticator plugin to work, as it uses the http-01 challenge.
Previously you managed to get a wildcard certificate for *.cherrysofa.com, which would also cover your subdomain sofa.cherrysofa.com. Did something change in the mean time?
I'm pretty sure even novice users should be able to deduct the http:// scheme in combination with "timeout during connect" to port 80. Also, the error message itself is not from Certbot, but from the ACME server.
It seems you didn't --expand an existing certificate for cherrysofa.com actually, but issued a cert just for the subdomain: crt.sh | 9166887715
I'm curious by the way: why would you redact the public IP address? Anyone can simply resolve your hostname to that IP address? What's the point in redacting?
i dont really understand how https and this sorta stuff works.
so now that the certificate for cherrysofa.com is expanded.
how do i get rid of the certificate i accidently made for sofa.cherrysofa.com.
and how do i solve the too many redirects issue
for the public ip thing it just felt like the right thing to do im not very smart
You did not expand that existing certificate, but issued a new one just for the sofa subdomain. At least it doesn't show up on crt.sh | cherrysofa.com and there seems to be no backlog currently on crt.sh, so if you did issue an expanded cert, it should have shown up by now already.
If you're absolutely sure you don't need a certificate any longer, you can delete it. Please see the Certbot documentation about deleting certs here: User Guide — Certbot 2.6.0 documentation
That's a nginx issue and this is not a nginx support Community I'm afraid.
That's very unnecessary and unnecessarily deleting certificates can lead to hitting rate limits, which could make you end up without any certificate at all and not able to issue a new one.
A good place to start is to check what you currently have in Certbot by running: