tcp4 0 0 *.80 . LISTEN -
2 Likes
I decided to figure out IPv6 another day and deleted the AAAA record from the domain. It didn't fix my issue, but Lets Debug stopped throwing a big scary red box and instead gives this output:
That test result from Let's Debug looks correct. 404 errors for its test are normal and expected. The Let's Debug site cannot create files on your server to satisfy the challenges so it's tests are mostly to check connectivity and other issues. The overall result should have said it was successful - didn't it?
A 404 is not normal when using the standalone like you did in the first post. What does that do now?
3 Likes
same output as before. let me run a fresh run and grab that output...
root@reverse-proxy:/ # certbot certonly -v --standalone -d 'spaceraser.dev'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for spaceraser.dev
Performing the following challenges:
http-01 challenge for spaceraser.dev
Waiting for verification...
Challenge failed for domain spaceraser.dev
http-01 challenge for spaceraser.dev
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: spaceraser.dev
Type: unauthorized
Detail: 172.13.9.105: Invalid response from http://spaceraser.dev/.well-known/acme-challenge/UCMF0vzPQJxFj1JEu1Bppc_CRNOltM6Ej-FDZxztnOk: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
OK. Your nginx server is bound to and responding on port 80.
The standalone option requires use of port 80 for itself. Normally you see an error message about "cannot bind to port 80" but some systems don't.
You either need to stop nginx before using standalone.
OR, since you want nginx to handle HTTPS (you said you want it as a reverse proxy) you should instead using webroot authentication or even the --nginx plug-in
Use webroot if you want to configure nginx for https yourself. Or, try the nginx plug-in which will (probably) do it for you. I'm not familiar with your system first-hand but normally the plug-in does well.
3 Likes
OK the --nginx plugin was the solution! It ran through fine and tells me it's a success. I still can't access my website via the domain but I'm assuming thats an issue somewhere else now
1 Like
Have you checked your router to ensure it passes port 443 requests like it does for port 80?
4 Likes
I just hadn't finished installing the cert in the conf file. That's done and it's passing the traffic along just fine! Thanks so much, everyone. I'm not done with the job but the SSL part is wrapped up nicely.
3 Likes
You must have used certonly with --nginx?
2 Likes
That's exactly what it was. I went in and pointed the config file to where the cert and key was and that was all it needed!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.