Failed Certbot nginx generation VM ubuntu server

esromerom · November 25, 2021, 3:36pm

Hello i am having an issue getting a certificate, for the domain wirepas.insolem.fr. I am virtualizing the server to handle some services there. The port forwarding on potrt 80 and 443 are working well but the
comand to generate the cert always says no DNS, but there is ping to the domain where ever I try.
I have already moved the cert request to the physic server to check out if the VM is the issue but nevertheless it does not work either.

My domain is:

wirepas.insolem.fr

I ran this command:

sudo certbot certonly --webroot -d wirepas.insolem.fr

It produced this output:

Waiting for verification...
Challenge failed for domain wirepas.insolem.fr
http-01 challenge for wirepas.insolem.fr
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: wirepas.insolem.fr
   Type:   connection
   Detail: Fetching
   http://wirepas.insolem.fr/.well-known/acme-challenge/JpxrLUISjtizqq9X6BQm5jM_0SQBRRfbgEOIlnUGIFo:
   Connection reset by peer

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):
nginx and haproxy in the VM

The operating system my web server runs on is (include version: In a virtualized UBUNTU 20

I can login to a root shell on my machine YES

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

MikeMcQ · November 25, 2021, 3:44pm

Welcome to the community @esromerom

First, your certonly command is missing the webroot path - usually like this before the -d
-w /yourserver/root/path
See:
https://eff-certbot.readthedocs.io/en/stable/using.html#webroot

Your DNS points to 163.172.81.191 so you should check that is correct.

When I try connecting to your server I get the same "connection reset by peer" as shown in your error message from certbot. So, something is preventing connection.

curl -I wirepas.insolem.fr
curl: (56) Recv failure: Connection reset by peer

Can also test connection with Lets Debug

Note right now Lets Encrypt is having some service problems but this does not cause your connection problems from Lets Debug or a curl from my test machine.

esromerom · November 25, 2021, 4:11pm

Hello
Thanks for your inmediat reply.
Well i have tried also with the webroot path parameter, But I have gotten the same answer.
Yes the DNS points to the good IP address.
And from the Lets debug site,I can see there is no answer from the port 80. I will check again but i have no clues of what could be wrong with the port forwarding.

MikeMcQ · November 25, 2021, 4:41pm

Yeah, I do not know either. There is something wrong in your server and / or network configuration that does not allow inbound http requests. You should at least see a test page response. Note ping does not use port 80 so interesting but not a way to test that.

Maybe check your iptables? Or search for the curl error message for ideas on AskUbuntu forum. Perhaps someone else here may have other suggestions.

system · December 25, 2021, 4:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.