GoDaddy, Nginx, Windows, and Certbot: Let's play together

JakeVestal · November 12, 2021, 5:53pm

Nice to meet you guys -- this looks like a great community

OK here's the deal - I can't get certbot certonly --standalone to run. My answers to the critical questions are pasted below, but here's some getting started information:

I've got a permeant server running Windows 10 that I access via Microsoft Remote Desktop, and on which I have full admin rights.

That server runs Waitress to host a Python Dash app that serves to localhost on Port 3000.

I've installed Nginx on that server to reverse proxy the app using the following server block:

    server {
        listen 80;
        listen [::]:80;

        server_name  fintech-test.co;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location / {
            proxy_pass http://127.0.0.1:3000;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

On the GoDaddy side, I've kept the default rules in the DNS and I've added an A Rule with the following parameters:
Type: A
Name: @
Data: 152.3.64.207
TTL: 1/2 Hour

My domain is: fintech-test.co

I ran this command: certbot certonly --standalone

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): fintech-test.co
Requesting a certificate for fintech-test.co

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: fintech-test.co
  Type:   unauthorized
  Detail: Invalid response from http://fintech-test.co/.well-known/acme-challenge/OX8ud7y_qOh2SASWzWsnqaxS8cODW_r-tJGzMfIDZY0 [34.102.136.180]: "<!doctype html><html lang=\"en\"><head><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\"><meta name=\"viewport\" con"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx 1.21.4 (mainline)

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Ideas for what might be fouling things up:

I need to get into Windows Defender Firewall and add a rule or something to free Port 80.... but if that were true, then it seems like the webpage wouldn't serve, and right now, you do indeed get a splash page when you visit fintech-test.co.
I need to configure something else within GoDaddy
I need to adjust my server_name -- or other directive -- within my nginx.conf file

That's about all I got. Thanks for the help everyone

rg305 · November 12, 2021, 7:38pm

That seems like the two would be fighting for the same port.
But I don't see that error in the logs posted...

I think I need a picture of your network/systems layout.
Or you could just type out 1000 words - LOL

rg305 · November 12, 2021, 7:42pm

I think I'm starting to piece this together.
nginx at IP 152.3.64.207 [needs a cert]
Windows 10 at [some other IP] has certbot for Windows

If that's true, then you can't use HTTP authentication at the Windows 10 PC for the name that resolves to nginx server elsewhere.

And, sorry, yes hi nice to meet you too

griffin · November 12, 2021, 7:43pm

@rg305

I think the nginx may be proxying to the Windows 10, but my glance was quick and may be inaccurate.

rg305 · November 12, 2021, 7:45pm

That would be a twist - but also within the realm of possibility.
Given:

Name:    vcm-22936.vm.duke.edu
Address: 152.3.64.207

The nginx "server" may not be racked somewhere in a datacenter - bad assumption on my part.

Circle right back to - paint me a picture - I'm lost !
Dumb GPS!

griffin · November 12, 2021, 7:46pm

As far as I can tell, GoDaddy is just the DNS Service Provider (DSP) here and not the actual Hosting Service Provider (HSP).

rg305 · November 12, 2021, 7:47pm

Nice chatting with you @griffin
Now if we could just get Jake back on the partyline...

Yeah, reading GoDaddy threw me off.

JakeVestal · November 17, 2021, 4:22pm

I'm not seeing a button for adding pictures to posts in this forum layout -- any idea how I do that?

But I stop nginx before running certbot certonly --standalone because that's what I was instructed to do. Therefore they can't be fighting for the same port.

JakeVestal · November 17, 2021, 4:23pm

Yes. GoDaddy is ONLY a host name resolver - all I want it to do is map the url to the ip address. Everything else is handled on the Windows 10 computer to which I have full access. Griffin was right

rg305 · November 17, 2021, 9:37pm

rg305 · November 17, 2021, 9:41pm

Or just copy/paste it in - like the one above from Snipping Tool

I don't see any splash page or anything at all:

curl -Ii http://fintech-test.co/
curl: (56) Recv failure: Connection reset by peer

system · December 17, 2021, 9:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.