I’ve tried using Lets Debug (https://letsdebug.net/):
Also when I go to http://www.gotobot.co/.well-known/acme-challenge/gaUqqPUxLW327SaAGExNEGBXYZAKP-gXi4aeV7NYFBY I get this errror:
Hi @Encrypt1919
read the output of the check - https://check-your-website.server-daten.de/?q=gotobot.co
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://gotobot.co/ 184.72.187.19 | -2 | 1.343 | V | |
| ConnectFailure - Unable to connect to the remote server | ||||
| • http://www.gotobot.co/ 184.72.187.19 | -2 | 1.343 | V | |
| ConnectFailure - Unable to connect to the remote server | ||||
| • https://gotobot.co/ 184.72.187.19 | -2 | 1.344 | V | |
| ConnectFailure - Unable to connect to the remote server | ||||
| • https://www.gotobot.co/ 184.72.187.19 | -2 | 1.340 | V | |
| ConnectFailure - Unable to connect to the remote server | ||||
| • http://gotobot.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 184.72.187.19 | -2 | 1.340 | V | |
| ConnectFailure - Unable to connect to the remote server | ||||
| Visible Content: | ||||
| • http://www.gotobot.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 184.72.187.19 | -2 | 1.340 | V | |
| ConnectFailure - Unable to connect to the remote server |
A working http webserver is required if you want to create a certificate.
So fix your configuration. That's a prerequirement if you want to create a certificate.
But you have already a certificate:
| Issuer | not before | not after | Domain names | LE-Duplicate | next LE |
|---|---|---|---|---|---|
| Let's Encrypt Authority X3 | 2020-03-04 | 2020-06-02 | gotobot.co, www.gotobot.co - 2 entries | duplicate nr. 1 |
So you had a working configuration. Restore that.
2 Likes
I mentioned here that I had another ec2 instance where I sucesfully connected LetsEncrpyt certificates but I’ve just deleted that instance a made now a new one.
Since I’m using docker here, do I need to configure nginx on my ec2 instance or correct some code from .conf files that I posted earlier?
I’ve tried putting a empty .txt file in ./nginx/certbot/www since this is how I use it in docker volumes:
- ./nginx/certbot/www:/var/www/certbot
and this is the location of my acme challenge:
location /.well-known/acme-challenge/ {
# allow letsencrypt to verify challenges
root /var/www/certbot;
# put extra configuration here, if needed
}
and when I go on this location it doesn’t display it:
http://www.gotobot.co/.well-known/acme-challenge/test.txt
What should I do now?
I’ve read this thread: Invalid response: unauthorized (404) with certbot certificate generation (all details provided)
and run the same command as a solution there: sudo netstat -peanut and I get the image below, so is there maybe a problem:
there is nothing particularly unusual about that netstat output
(it’s unrelated, but: are you running rpcbind on purpose?)
you need to have your containerized nginx listening on port 80 of the host machine. can you confirm 184.72.187.19 is the right ip address and you can get nginx to listen there?
Is port 22 open to the world?
[completely unrelated - but looks quite risky]
1 Like
I don’t think I am running rpc bind on purpose, only if this script somehow started it?
I’ve checked multiple times that 184.72.187.19 is public IP of my aws ec2 instance.
I’ve posted this picture in previous comments:
I opened all ports I’ve interacted with so I don’t have any firewall errors so I can make this work atleast. 
Do you have any thoughts why this isn’t working for me:
1 Like
Check the error.log file.
Also not sure why there is a "." at the start of this:
that's fine, as long as passwordauthentication is off.
I assume it's a relative path, they're common in docker-compose.yml files
1 Like
I’m running with docker-compose everything so I’m not sure where do you mean I should check for that error.log?
Because I’m accessing in current directory:
volumes:
- ./nginx/conf/conf.d:/etc/nginx/conf.d
- ./nginx/conf/partials:/etc/nginx/partials
- ./nginx/certbot/conf:/etc/letsencrypt
- ./nginx/certbot/www:/var/www/certbot
- ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
Any ideas what else can I check?
If all the others have the “.” and they work, then that should be OK.
As for the error.log, that is an nginx setting.
Check through your nginx config files for exact path/location/file name for it.
1 Like
you know, @rg305 made me think of something: have you tried resetting those volumes or using docker voulmes instead of bind mounts?
1 Like
@9peppe I haven't tried that but I think rest of the process works fine, I generally have most of issues with this, now it seems that the error of loading certificate persists even though I've copied them to my local directories.
It seems there is a “problem” (maybe unrelated) with your nginx config.
What says?:
nginx -t
When I do “sudo vi /home/ec2-user/gotobot2/certs/fullchain.pem” I open the certificate but the script doesn’t seem to be able to do it?
nginx -t:
What says?:
nginx -T | grep fullchain
Seems there is no “use” of that fullchain file in your nginx config.
If the cert is valid, you should be able to make use of it.
Does it have to do anything with the fact that I’m running my fullchain commands with docker and this is all aws cli console testing?