It looks like Google Cloud Platform doesn't support Port Address Translation (PAT).
And RPNow doesn't allow itself to be moved from port 80 (for HTTP).
So HTTP-01 authentication might be out of the question.
Next up is DNS-01 authentication.
to make that run smoothly, you will need a DNS Service Provider (DSP) that supports DNS zone updates via API.
So, who does your domains' DNS? (Google?)
Yeah, I thought I'd keep it in one spot and got the domain on google too... 
OK.
So if you don't already have one (probably not), you will need to setup an API key to allow certbot to add and remove the required TXT records for DNA authentication for your domain.
Then we can have certbot use those credentials to obtain a cert for your domain.
This might help:
Welcome to certbot-dns-googleβs documentation! β certbot-dns-google 0 documentation
I really really really appreciate all your help!! Thank you so much!
I'll look into it once I'm back from work; I have to go now.
Thank you again! 
Some croissants for you
We might also be able to use certbot in standalone mode if you can shutdown RPNow temporarily and via a scriptable method.
Some food for thought...
And thanks for the s
They go well with 
Hey, so I've been trying to get a service account and such, but is security even an issue anymore? When I try to access loveinthedark.net it doesn't tell me it can't provide a secure connection, it tells me it can't be reached and that the website refuses to connect.
I'm asking now as if I've never heard about a "connection" before: what's the difference?
Thank you 
Something is amiss.
The HTTP side works (but doesn't redirect to HTTPS):
curl -Iki http://loveinthedark.net/
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 27 Aug 2021 23:46:50 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 23 Aug 2021 15:45:22 GMT
Connection: keep-alive
ETag: "6123c292-264"
Accept-Ranges: bytes
But the HTTPS side refuses to even connect:
curl -Iki https://loveinthedark.net/
curl: (7) Failed to connect to loveinthedark.net port 443: Connection refused
Hi @Sam_Enby @Osiris @rg305 !!
This is what I am seeing right now.
22/tcp open ssh
80/tcp open http
443/tcp closed https
8443/tcp filtered https-alt
Might have something to do with the issue.
2 posts were merged into an existing topic: My site is continuously unreachable
Okay, I am really confused. I just tried to start the server and it can't.
β test server ######################## TESTING RPNOW SERVER (Press CTRL+C to stop) ######################## 2021/08/30 15:23:28 Loaded config at /etc/rpnow.ini 2021/08/30 15:23:28 Listening on :443 2021/08/30 15:23:28 listen and serve: listen tcp :80: bind: address already in use Server exited on error: exit status 1 server status... (server not running)
So the address is already in use... Is it because I installed nginx?
It is likely because nginx is running and using port 80.
Try:
systemctl stop nginx
So I uninstalled and reinstalled nginx and now it's working?
I'll work on the service account now, decided to make a completely new one for this. Let's see how this will pan out.
If nginx is set to use port 80, then they will eventually conflict with each other again.
Yeah I just wanted to see what it did.
I installed (or think I installed) the DNS plugin for google. When I run one of the examples I get this:
akaspirin@smol-rpnow:~$ certbot certonlyThe following error was encountered:[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.Ask for help or search for solutions at [https://community.letsencrypt.org](https://community.letsencrypt.org/). See the logfile /tmp/tmpm9pg1bxw/log or re-run Certbot with -v for more details
Try that again with sudo:
sudo certbot certonly
lol never mind, I think I got it.
Now it's just the issue of nginx and rpnow both using port 80, right?
Things I tried to do:
Changed the nginx port from 80 to 3200.
Tested the server of rpnow, which works now.
nginx is also happily listening on 3200.
I'm still getting the connection refused error...
I probably did something wrong when I installed the dns plugin (I don't know if I did, but probably, knowing me), so I'm gonna take a look at it tomorrow. A new day, etc.
Did I say thank you already? 
Unless you have a NAT device (sorry I've forgotten most of this topic) to point the external inbound port 80 connections to your servers' port 3200...
The port 3200 will never been seen by anyone.
If you do have NAT/PAT control, then the problem can be solved:
nginx to handle the LE challenge request and redirect all others to HTTPS.If you don't, then we still need to learn how to:
So that certbot can use port 80 and satisfy the LE HTTP challenge requests.
[no need for nginx in this solution]
Hey,
I found the code for rpnow
If I get it on my account somehow, can I manipulate it?
That seems a bit extreme, but I suppose you could find and change where it uses port 80.
My suggestion was to find a way to turn RPNow off and then back on to allow certbot to use port 80.