Error when testing my domain on HTTPS

I've followed all the steps in the certbot guide, but when I go to test my domain with HTTPS it says ‘connection refused’.

What could this be? Something I haven't configured correctly? I stopped my web application to do the installation and followed this guide using the standalone method: Certbot Instructions | Certbot

My domain is: vps48506.publiccloud.com.br

My web server is (include version): nginx/1.27.0

The operating system my web server runs on is (include version): Ubuntu 20

I can login to a root shell on my machine: I don't know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Have you configured nginx to handle HTTPS requests?

Because you describe using the "standalone" option which only gets a cert.

You would probably be better off using the --nginx option like this

sudo certbot --nginx -d vps48506.publiccloud.com.br

This has two benefits. One is it will create an HTTPS server block in nginx for you. The second is you won't have to stop nginx to renew your cert.

The --standalone option requires exclusive use of port 80 so needs nginx to be stopped to work. Standalone is best when you do not have a web server (like nginx) in use.

I got this error when I entered the command you mentioned:

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")

Is Nginx not installed correctly or is it some configuration I still have to do?

Logs from /var/log/letsencrypt:

2024-07-22 12:59:24,896:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-07-22 12:59:25,054:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-22 12:59:25,055:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3834/bin/certbot
2024-07-22 12:59:25,055:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'vps48506.publiccloud.com.br', '--preconfigured-renewal']
2024-07-22 12:59:25,055:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-22 12:59:25,065:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-22 12:59:25,067:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2024-07-22 12:59:25,067:DEBUG:certbot._internal.plugins.disco:No installation (PluginEntryPoint#nginx): Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 112, in prepare
    self._initialized.prepare()
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 204, in prepare
    raise errors.NoInstallationError(
certbot.errors.NoInstallationError: Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.
2024-07-22 12:59:25,067:DEBUG:certbot._internal.plugins.selection:No candidate plugin

How did you install nginx? Because nginx on Ubuntu usually works without trouble

Certbot is saying it could not find an nginx system in its usual location

We can either tell Certbot to use a different location. But, you'd have to know what that is.

Or, we can use the --webroot method. That just needs to know the root folder value in the nginx server block for this domain

You said you were using nginx and an nginx is replying to HTTP requests. Can you provide more background on its install method?

I found my nginx.conf file:

# Define o usuário e o grupo que o Nginx irá usar
user nginx;

# Define o número de processos de trabalho do Nginx
worker_processes auto;

# Define o local do arquivo de log de erros do Nginx e o nível de log
error_log /var/log/nginx/error.log warn;

# Define o arquivo PID do Nginx
pid /var/run/nginx.pid;

# Configuração do evento do Nginx
events {
    worker_connections 1024;
}

# Configuração do HTTP do Nginx
http {
    # Inclui o mapeamento de tipos MIME padrão
    include /etc/nginx/mime.types;

    # Define o tipo MIME padrão
    default_type application/octet-stream;

    # Define o formato de log principal
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # Define o local do arquivo de log de acesso do Nginx e o formato de log
    access_log /var/log/nginx/access.log main;

    # Ativa a compressão Gzip
    gzip on;
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_types text/plain text/css application/json application/javascript application/xml;

    # Configurações de cache
    client_max_body_size 50m;
    client_body_buffer_size 128k;

    # Define as configurações de roteamento para o React Router
    server {
        # Define a porta HTTP padrão
        listen 80 default_server;
        listen [::]:80 default_server;

        # Define o diretório raiz da aplicação React
        root /usr/share/nginx/html;

        # Define o arquivo padrão a ser servido
        index index.html;

        # Define as regras para lidar com rotas do React Router
        location / {
            try_files $uri $uri/ /index.html;
        }

In this case, my nginx is running on behalf of the front-end. I should stop execution and run:

sudo certbot --nginx -d vps48506.publiccloud.com.br

?

You tried that but the place nginx is installed is not the default for Ubuntu. So, Certbot cannot find the nginx executable.

You could use the --webroot method instead. That works best with a --deploy-hook. What command do you use to reload nginx? I could give example command once know that

Also, having just a single default server block defined in nginx can work. But, usually setting up a server block for each domain (or related domains) is best. You can leave the default there for mis-directed requests. But, better to have dedicated server block for your name.

Since I'm using docker for my frontend and backend, I just restart the container to reload or use sudo systemctl restart nginx

What would this command look like using --webroot and --deploy-hook?

Would it be something like this?

sudo certbot --nginx -d vps48506.publiccloud.com.br --webroot --deploy-hook

No, not like that More like this

sudo certbot --webroot -w /usr/share/nginx/html -d vps48506.publiccloud.com.br 

The -w folder must match the root in the server block for this domain / URI. The folder above matches your default server block because right now that's the only one you have.

After getting a fresh cert you need to reload your nginx container or send a command to your nginx container to reload nginx. When you know that command you add something like

--deploy-hook 'properCommandToReloadNginx'

Running this command: sudo certbot --webroot -w /usr/share/nginx/html -d vps48506.publiccloud.com.br

I got the following error message: /usr/share/nginx/html does not exist or is not a directory

Oh, right, your nginx is in a container. Sorry.

You need to specify a folder that is available to both where you run Certbot and the nginx container. Setup volumes accordingly.

For example, if you run Certbot in your host make a folder there and use that as the -w folder (like /var/mynginx/certbot). Then setup a volume in your nginx container to use that for the root for any HTTP Challenge requests. Could do something like. Modify the folders and names to suit your container / host.

server {
    listen 80;
    listen [::]:80;     # if using IPv6
    server_name vps48506.publiccloud.com.br;

    location /.well-known/acme-challenge/ {
        root /var/mynginx/certbot;       # make/use folder as you prefer
    }
    location / {
       return 301 https://$host$request_uri;
    }
}

I have a Dockerfile:

# Imagem do nginx
FROM nginx:latest

# Remove o arquivo de configuração padrão do Nginx
RUN rm /etc/nginx/conf.d/default.conf

# Copia o arquivo de configuração personalizado do Nginx
COPY nginx.conf /etc/nginx/nginx.conf

# Copia os arquivos de build do aplicativo React para o diretório raiz do Nginx
COPY ./app/dist/ /usr/share/nginx/html

And docker-compose.yaml:

version: '3'

services:
  nginx:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "80:80"
    restart: always

Those modifications you mentioned would be in my docker-compose.yaml, correct?

I am not a docker expert. I just understand its concepts. There are various ways to define the things. Maybe someone here will offer help but you might need to ask on a docker forum.

A multi-container docker setup requires a lot of care to get right.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.