I ran the command below to install BigBlueButton on my machine witch is a web conferencing system. The let's encrypt certificate generation is included in the script. Unfortunately I got the error shown bellow.
Can you please help me to fix this problem?
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bbb.univ-bejaia.dz
Using the webroot path /var/www/bigbluebutton-default/assets for all unmatched domains.
Waiting for verification...
Challenge failed for domain bbb.univ-bejaia.dz
http-01 challenge for bbb.univ-bejaia.dz
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bbb.univ-bejaia.dz
Type: connection
Detail: 41.111.207.110: Fetching
https://bbb.univ-bejaia.dz:443/.well-known/acme-challenge/GUDDGp3cWuDP0cSbKg5BnEtpFXR0UCSttzic-oKzOmU:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
bbb-install: Let's Encrypt SSL request for bbb.univ-bejaia.dz did not succeed - exiting
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): ubuntu 20.04
My hosting provider, if applicable, is: we hotse our server
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know
Did you configure nginx yourself? Or did it come from the BBB package?
Because HTTP requests to your domain are being redirected to HTTPS. Which is fine. But, your nginx HTTPS server block is not setup properly. Or, perhaps your Fortinet firewall is blocking the incoming requests. Could be either.
Ideally you would not redirect the HTTP request for the ACME HTTP Challenge and just do all the rest. If you configured your nginx could you show the server block for port 80? We could instruct how to modify it.
Otherwise you are probably better off asking your Fortinet support and/or BBB for help on setting up your system. This problem is affecting any requests not just the Let's Encrypt challenge.
# HTTP request to home page redirected (so are LE HTTP challenges)
curl -i http://bbb.univ-bejaia.dz/
HTTP/1.1 302 Object moved
Location: https://bbb.univ-bejaia.dz:443/
# But HTTPS request fails (even ignoring self-signed Fortinet cert)
curl -ik https://bbb.univ-bejaia.dz/
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::
unexpected eof while reading, errno 0
It comes from the BBB package (The script bbb-install.sh installs and configures nginx).
I asked the fortinet firewall manager to open ports 80 and 443 so I don't think the problem comes from the firewall, however, in the /etc/nginx/sites-enabled directory, I didn't find a block for https, I only found two files Default and bigblubutton, the latter is configured as follows:
server_tokens off;
server {
listen 80;
listen [::]:80;
server_name bbb.univ-bejaia.dz;
access_log /var/log/nginx/bigbluebutton.access.log;
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
}
Also, to test if port 433 is open, I ran several commands as you can see in the attached screenshots:
When I run the command ufw status it shows me as if port 443 and 80 are both open. On the other hand, when I run the two commands: nc -zv localhots 443 and ss -tuln | grep : 443 it shows me as if port 443 is not open. Can you please tell me the difference between these two displays and also how to open port 443 if it is closed.
Someone is redirecting HTTP to HTTPS but that server block does not have any redirect. So, it must be getting redirected before reaching your nginx server. Does your Fortinet do that?
The full reply looks like below. Does that help identify what is doing the redirect?
curl http://bbb.univ-bejaia.dz/
curl: (52) Empty reply from server
curl http://bbb.univ-bejaia.dz/.well-known/acme-challenge/Test_File-1234
curl: (52) Empty reply from server
I don't know, this is the first time I install BBB so I'm a little lost. I usually generate let's encrypt certificates for three sites that run under debian, with apache as web server and I installed certbot myself. When the certificates are generated, I manually import them into fortiweb and it works. But in this case, the bbb script does everything itself and I don't know what it does exactly, in addition, the system and the web server have changed (ubuntu and nginx). Until now I don't know why the certificate was not generated.