Having trouble connecting certbot to my web control panel

My domain is: cockpit-controlpanel.com

I ran this command: sudo certbot certonly --standalone

It produced this output:Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cockpit-controlpanel.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cockpit-controlpanel.com/privkey.pem
Your cert will expire on 2020-12-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”

My web server is (include version): cockpit ?.??

The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: 1&1 IONOS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): that’s the point of this - cockpit ?.??

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

Hello. :slightly_smiling_face:

Perhaps start here?

https://cockpit-project.org/guide/latest/https.html

1 Like

Doesn’t really fix my problem - that’s about SSL, not connecting my domain

Your entire site is down, also on port 80. Seems to me it’s not a TLS error indeed, but a general webserver/server configuration issue.

The fact certbot ran succesfully with the standalone option seems to suggest there’s no webserver running at all.

Please fix your webserver in general (which is not the scope of this Community) first. Then install the certificate with the help of the site provided by @griffin. If your TLS/HTTPS afterwards still gives you issues, you’re very much welcome to come back here to ask us for help about that!

3 Likes

My domain is: cockpit-controlpanel.com

I ran this command: sudo certbot certonly --standalone

It produced this output:IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cockpit-controlpanel.com
    Type: connection
    Detail: Fetching
    http://cockpit-controlpanel.com/.well-known/acme-challenge/_6cR9z8IpdDLbdaW5MRKQCjBPdTBDqquf16EckwELy8:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): cockpit ?.??

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: 1&1 IONOS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes - cockpit ?.??
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

@Litbelb There’s no connection possible to your host, not with IPv6 nor with IPv4. Earlier, I was getting a “connection refused” reply from your server, but now I’m only getting time outs. So earlier you didn’t have your webserver running, but at least your host was replying to connection attempts (with a “connection refused” error), now it isn’t replying at all! Could it be you have enabled some kind of firewall perhaps? Are the IP addresses for cockpit-controlpanel.com still correct?

I would recommend to fix your general networking/server issues first before trying to focus on enabling TLS on your control panel.

3 Likes

Ok - I might know the issue, I am using my hosting provider’s (vultr) nameserver. I’ll try to change it back.

Sorry about the new post - I didn’t know that was what you wanted

Ok. I fixed it. It’s back to the “refused to connect” error. :frowning:
I know for a fact that cockpit is running fine. What is going on?

Your IP addresses seem to have changed recently, I was connecting to the old ones (with a very long TTL of 2 days, so it was still cached in my ISPs resolvers). Now I’m getting a connection refused again indeed.

Is your cockpit service listening on the correct ports?

2 Likes

Which hosting provider’s nameservers are you actually using? 1&1 IONOS or Vultr?

3 Likes

@JimPas Right now, IONOS’
@Osiris Yes

1 Like

Your server isn’t answering to any TCP connection on commonly used ports, except SSH (port 22). Are you really really sure Cockpit is listening? Could you please run sudo netstat -nap | grep -E ":80|:443" | grep LISTEN ?

1 Like

grep: ?: No such file or directory

1 Like

grep doesn’t come pre-installed on Debian? How could you live without grep? :grimacing: Please install it with apt-get install grep and repeat the command.

Or did you by any chance include the question mark at the end of my sentence? The question mark shouldn’t be copied along, if you look closely you’ll notice the command is in a distinct color and has a light grey background color. The question mark has normal formatting.

3 Likes

It is

I did. Fixing it returned no response. Looks like I’m wrong.

1 Like

What port(s) should it listen to?

80 for HTTP and 443 for HTTPS. Other ports are possible, but are non-standard for HTTP/HTTPS. You’d need to specify the protocol and port in the URL if you choose to use non-standard ports.

2 Likes

Huh. I don’t see the configuration file.

@Litbelb I’m afraid this isn’t the “Help with Cockpit configuration Community”. This Community is for Let’s Encrypt and associated issues. In my opinion, your current issues with the configuration of your Cockpit is way outside the scope of this Community. @griffin already posted an URL to the HTTPS documentation, I’m sure you can find other documentation on that Cockpit site too.

You’re very welcome to come back to the Community once you have a basic grasp of configuring Cockpit, but are running into issues related to TLS.

2 Likes