Generar certificado SSL

Tengo problemas al momento de querer generar el certificado SSL, con certbot.
Este no puede verificar mi dominio, ya e intentado de multiples formas incluida la forma manual, y puedo acceder desde el navegador a los archivos de prueba que creo o al archivo de verificacion que creo de forma manual, pero me sigue indicando que no es posible encontrar el recursos.
Este es mi dominio: sitrand.gobernaciondecochabamba.bo
Estoy usando nginx y esta es la configuracion que tengo

server {
    listen 80;
    server_name sitrand.gobernaciondecochabamba.bo;
    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/rotero;
    }

    location / {
        root /var/www/rotero;
    }
}

Y este es el mensaje de error obtenido:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: sitrand.gobernaciondecochabamba.bo
  Type:   connection
  Detail: 200.87.176.247: Fetching http://sitrand.gobernaciondecochabamba.bo/.well-known/acme-challenge/lE-6qcASP1VezXQA6ahgXerZ5FV0dySni0nNZKFmLYo: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Igualmente e intentado realizar la comprobacion usando otro proveedor como zeroSSL, y puedo cargar mi archivo de prueba normal y puedo acceder a el, pero la momento de comprobarlo con ZeroSSL, este falla

Hi @Cristian-Beltran, and welcome to the LE community forum

Sorry, I don't have time to translate my response.
The problem is not your configuration.
The problem is that the HTTP connections from LE can't reach your server.

Hello, I have already checked that, but I am not sure about the reason why this is happening. My firewall allows requests on port 80 and 443, and I have even deactivated it to allow the connection, but this error still persists. Similarly, I have verified with the manual check of Certbot that I can access the verification file from my browser.
I'm not sure why it can't access my server, especially when I have access from my browser. I have also used curl to retrieve the files and check the connection, but it still doesn't work.

There must be something inline blocking IPs.

I can't reach it either:

curl -Ii sitrand.gobernaciondecochabamba.bo
curl: (56) Recv failure: Connection reset by peer

Let's Debug can't reach it either:
Let's Debug (letsdebug.net)

Also, I've checked the debug information,

curl -Ii sitrand.gobernaciondecochabamba.bo
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 06 Feb 2024 16:28:28 GMT
Content-Type: text/html
Content-Length: 431
Last-Modified: Tue, 30 Jan 2024 14:19:13 GMT
Connection: keep-alive
ETag: "65b90561-1af"
Accept-Ranges: bytes

but the link is incorrect; it's not the correct domain. The test was performed on: sitrand.gobernciondecochabamba.bo, but my actual domain is: sitrand.gobernaciondecochabamba.bo.

Well, there must be some type of "Geo-Location" blocking device.
I still get:

curl -Ii sitrand.gobernaciondecochabamba.bo
curl: (56) Recv failure: Connection reset by peer

I think it must be that because I've obtained the certificate on other servers, but this one is a government server and there must be some IP blocking by region, because it's strange; I've already performed the test and it keeps failing, but I can access easily the test file through the browser or by making a curl request.

You can access it because you are not outside your country - LOL

Are there any other IT folks you can talk to about this?

I would have to check with the head of the systems department, but he takes a while to respond. That's why I was trying to solve it on my own, but I think the only option left is to allow requests to the server. Thank you very much for the help. At least I could verify that it's due to a regional block.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.