I ran this command: sudo certbot certonly --standalone
It produced this output:Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cockpit-controlpanel.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cockpit-controlpanel.com/privkey.pem
Your cert will expire on 2020-12-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
If you like Certbot, please consider supporting our work by:
Your entire site is down, also on port 80. Seems to me it’s not a TLS error indeed, but a general webserver/server configuration issue.
The fact certbot ran succesfully with the standalone option seems to suggest there’s no webserver running at all.
Please fix your webserver in general (which is not the scope of this Community) first. Then install the certificate with the help of the site provided by @griffin. If your TLS/HTTPS afterwards still gives you issues, you’re very much welcome to come back here to ask us for help about that!
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version): cockpit ?.??
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: 1&1 IONOS
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes - cockpit ?.??
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0
@Litbelb There’s no connection possible to your host, not with IPv6 nor with IPv4. Earlier, I was getting a “connection refused” reply from your server, but now I’m only getting time outs. So earlier you didn’t have your webserver running, but at least your host was replying to connection attempts (with a “connection refused” error), now it isn’t replying at all! Could it be you have enabled some kind of firewall perhaps? Are the IP addresses for cockpit-controlpanel.com still correct?
I would recommend to fix your general networking/server issues first before trying to focus on enabling TLS on your control panel.
Your IP addresses seem to have changed recently, I was connecting to the old ones (with a very long TTL of 2 days, so it was still cached in my ISPs resolvers). Now I’m getting a connection refused again indeed.
Is your cockpit service listening on the correct ports?
Your server isn't answering to any TCP connection on commonly used ports, except SSH (port 22). Are you really really sure Cockpit is listening? Could you please run sudo netstat -nap | grep -E ":80|:443" | grep LISTEN ?
grep doesn’t come pre-installed on Debian? How could you live without grep? Please install it with apt-get install grep and repeat the command.
Or did you by any chance include the question mark at the end of my sentence? The question mark shouldn’t be copied along, if you look closely you’ll notice the command is in a distinct color and has a light grey background color. The question mark has normal formatting.
80 for HTTP and 443 for HTTPS. Other ports are possible, but are non-standard for HTTP/HTTPS. You’d need to specify the protocol and port in the URL if you choose to use non-standard ports.
@Litbelb I’m afraid this isn’t the “Help with Cockpit configuration Community”. This Community is for Let’s Encrypt and associated issues. In my opinion, your current issues with the configuration of your Cockpit is way outside the scope of this Community. @griffin already posted an URL to the HTTPS documentation, I’m sure you can find other documentation on that Cockpit site too.
You’re very welcome to come back to the Community once you have a basic grasp of configuring Cockpit, but are running into issues related to TLS.