Error Generating with cerbot-auto

Hello, I am having a hard time generating a certificate with certbot. I get the following error below. Not really too sure where I'm going wrong. I followed this guide: https://computingforgeeks.com/how-to-install-odoo-on-debian-10-linux/ and as far as I can tell, it should be working. Doing a DNS/lookup test is showing the right IP linked to the domain name as well. Any help is appreciated! Thanks!

My domain is: www.techhelpportal.com

I ran this command: sudo /usr/local/bin/certbot-auto certonly --standalone -d {DOMAIN} --preferred-challenges http --agree-tos -n -m {EMAIL} --keep-until-expiring

It produced this output: IMPORTANT NOTES:

My web server is (include version): Odoo 13/NGINX reverse proxy

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.9.0

1 Like

Are you sure you are using an nginx reverse proxy? When I connect to your domain, the response headers show:

Server: Werkzeug/0.16.0 Python/3.7.3

which means that Odoo is directly running on port 80. Otherwise, we'd see the nginx server name.

If you wish to use the standalone mode of Certbot, you need to stop the Odoo server and then run Certbot. If Odoo is not using port 80, you need to tell Certbot to match it with e.g. --http-01-port 8080.

If you want to actually setup an nginx proxy, I think that's a great idea and it's the best way to secure your site. However, you will first need to make sure that nginx is the one that runs on port 80, and set it up to proxy_pass your Odoo site which runs on another port. Then you can just run certbot-auto --nginx.

3 Likes

Hello,
Thank you for the help! It was actually the iptables we had with port redirection that was messing up everything. Removing that and the cert went through beautifully. Thank you for the help!

1 Like