Having issues with SSL on my domain

JakeyBrs · October 26, 2023, 10:47am

My domain is: mengyboi.xyz

I ran this command: sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /bwdata/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly --logs-dir /etc/letsencrypt/logs

It produced this output:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mengyboi.xyz
Type: unauthorized
Detail: 45.201.198.193: Invalid response from Penguin's Association "\n\n \n Penguin's Association\n\n <meta charset="utf-8">\n"

Domain: vault.mengyboi.xyz
Type: unauthorized
Detail: 45.201.198.193: Invalid response from Penguin's Association "\n\n \n Penguin's Association\n\n <meta charset="utf-8">\n"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 88. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu server 22.04

My hosting provider, if applicable, is: home server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.3

rg305 · October 26, 2023, 11:11am

It looks like you are trying to authenticate using certbot in standalone mode within a Docker container.

But there seems to already be something responding at that IP [port 80]:

curl -Ii http://mengyboi.xyz/
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Cache-Control: no-cache, private
Date: Thu, 26 Oct 2023 11:05:26 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6InloT00vOUhwRE1yS3czemU1NnlIeFE9PSIsInZhbHVlIjoic1g3TDlwRzlyTkRXSVhHSEhwRGZZZzVQUWdLNFIxOVJqbHd2MmthRHVnM3NPVStoOFphY2tXQ3A0NFFuTmR4RUJ0S25SRE5tVktxMGxnaHJRaVNHamxHbmxHc3RVYjB4Rk9Xb0pmaStMM1Z4TjUvTzJmNnNqbUxZZXJXcHA5cDQiLCJtYWMiOiJjMjEyZGViZTg4N2U3ZDZhNjJkNGZhYzhkMzZlMDcyMWI0YTMxMzVlMDkwMDlkYmZhNWQwODU2NWIyOWRlMjViIiwidGFnIjoiIn0%3D; expires=Thu, 26-Oct-2023 23:05:26 GMT; Max-Age=43200; path=/; samesite=lax
Set-Cookie: pterodactyl_session=eyJpdiI6IjJIQmhxMFFHVTZVNm9uMnJ0VjBMWmc9PSIsInZhbHVlIjoiSFhIaUs0eldBUVVwN3dlRTJiSWlOUGZUaWdrZ3pEZm55UzFIYnFIYlhHM0loQTcxS1VzZFdSSFA5aXFiRFU3OGlUMGN3eFhwWllnY3g0MWo3a2RzLzlNTldBcnJVcUE1N1JMbUhNLzBJdFp0dFFkYWpTallDVk5NZkcwRlZuU0EiLCJtYWMiOiIzMjg4MGU2ZGNhZmRhNzc3OTNiYjJhNTY5YTlmOWE4NzJhYTIyODMyYzN

Which means: The HTTP ACME challenge requests are not reaching certbot.
If you are on the right server [IP]...
You can check that with the output of:
curl -4 ifconfig.io
You may be able to proxy those requests into the container.
But you may not be able to bind the container to those ports [80 & 443] - if they are already in use outside the container.

Bruce5051 · November 1, 2023, 5:15pm

Using the online tool Let's Debug yields https://letsdebug.net/mengyboi.xyz/1658586

system · December 1, 2023, 5:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.