Help Creating a Cert with no Webserver

My domain is:

node1.quintons.xyz

My web server is (include version):

None. Want cert only

The operating system my web server runs on is (include version):

Ubuntu 24.04LTS

My hosting provider, if applicable, is:

N/A

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No site. Cert only

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.9.0

I ran this command:

sudo certbot --manual --preferred-challenges dns certonly -d node1.quintons.xyz

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for node1.quintons.xyz

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.node1.quintons.xyz.

with the following value:

HMePBiONmQAgc8V0QC_SThd0Xe3F7jU8Jht7z1P6RG4

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.node1.quintons.xyz.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

Press Enter to Continue
An unexpected error occurred:
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.  ```

2025-01-21 01:17:33,108:DEBUG:certbot._internal.main:certbot version: 2.9.0
2025-01-21 01:17:33,108:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-01-21 01:17:33,108:DEBUG:certbot._internal.main:Arguments: ['--manual', '--preferred-challenges', 'dns', '-d', 'node1.quintons.xyz']
2025-01-21 01:17:33,108:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-21 01:17:33,114:DEBUG:certbot._internal.log:Root logging level set at 30
2025-01-21 01:17:33,115:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2025-01-21 01:17:33,115:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='manual', value='certbot._internal.plugins.manual:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7b84fe3ead80>
Prep: True
2025-01-21 01:17:33,115:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7b84fe3ead80> and installer None
2025-01-21 01:17:33,115:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2025-01-21 01:17:33,158:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2181731955', new_authzr_uri=None, terms_of_service=None), 7b5a0aff574bb86ec7d72eeb7ddbcaf0, Meta(creation_dt=datetime.datetime(2025, 1, 20, 22, 24, 12, tzinfo=<UTC>), creation_host='wings1', register_to_eff=None))>
2025-01-21 01:17:33,158:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-01-21 01:17:33,159:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-01-21 01:17:33,362:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 828
2025-01-21 01:17:33,362:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 21 Jan 2025 01:17:33 GMT
Content-Type: application/json
Content-Length: 828
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "QaJFogLIEEg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "The same profile you're accustomed to"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-01-21 01:17:33,363:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for node1.quintons.xyz
2025-01-21 01:17:33,368:DEBUG:acme.client:Requesting fresh nonce
2025-01-21 01:17:33,368:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-01-21 01:17:33,432:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-01-21 01:17:33,432:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 21 Jan 2025 01:17:33 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 695xoWTDwf2uu3ik8sGN5JpB1V69tNnO3Q0AwtSPJlOXN3I7RZI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-01-21 01:17:33,432:DEBUG:acme.client:Storing nonce: 695xoWTDwf2uu3ik8sGN5JpB1V69tNnO3Q0AwtSPJlOXN3I7RZI
2025-01-21 01:17:33,433:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "node1.quintons.xyz"\n    }\n  ]\n}'
2025-01-21 01:17:33,437:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE4MTczMTk1NSIsICJub25jZSI6ICI2OTV4b1dURHdmMnV1M2lrOHNHTjVKcEIxVjY5dE5uTzNRMEF3dFNQSmxPWE4zSTdSWkkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "pM0iTdfsNLujK1L0uHLXQiRb9uOinHqjhxCW_RXj4w54E4YFDIZUgtMnHZ2MPlsbc4F3ZUwRfMD-8m8sukHbnBw3zg5RqRI3kDSnbhysw7oZoknjLOqS5tOUk2IoADtfFqijv0-zvvJ0_yGA5zqbKo2C7e4iVWOhbXV3VLnOVxHvHGUSKmz0_4dWyPg82fpBGSEnAw1dQ3e1koPuLsr_ncAvJmSCgU4z8rn9rWLV4mVv5lSXNpcRofXNJHx-U-BhphnnJSpet86wZHwiuUVLe4t8cmmpFFFvCQMAHaXdyaSQLgM9rmxzxQgW9J5FhTIAesLgWJAwEtrTAIM0mXyGYA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm5vZGUxLnF1aW50b25zLnh5eiIKICAgIH0KICBdCn0"
}
2025-01-21 01:17:33,549:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 352
2025-01-21 01:17:33,550:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 21 Jan 2025 01:17:33 GMT
Content-Type: application/json
Content-Length: 352
Connection: keep-alive
Boulder-Requester: 2181731955
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2181731955/346433344675
Replay-Nonce: 695xoWTDGmD277YgYsqpSjcgL1lF5QehpHe8ecsoUZyv_EsBPXY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2025-01-28T01:17:33Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "node1.quintons.xyz"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/2181731955/463771898065"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2181731955/346433344675"
}
2025-01-21 01:17:33,550:DEBUG:acme.client:Storing nonce: 695xoWTDGmD277YgYsqpSjcgL1lF5QehpHe8ecsoUZyv_EsBPXY
2025-01-21 01:17:33,550:DEBUG:acme.client:JWS payload:
b''
2025-01-21 01:17:33,552:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2181731955/463771898065:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE4MTczMTk1NSIsICJub25jZSI6ICI2OTV4b1dUREdtRDI3N1lnWXNxcFNqY2dMMWxGNVFlaHBIZThlY3NvVVp5dl9Fc0JQWFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIxODE3MzE5NTUvNDYzNzcxODk4MDY1In0",
  "signature": "W65QjnjdOjzeNd2npb154Y05yJIAxaoSyztmGSiZuZzEoy1ZZMb6QnkWnDYCfQigkCHZkbtW-RYkgLcGeDTqOscy1S9qFr4iHfce3WuLcwSTe80XNj33zCeKeYh6TL7tNV6hJiHFyZeT11AJLrAQ3pmQtBxNhtggcymv-msjxcv9XBxZinOLgkJBbEENxDulxnWQWMHaKSdB5y1dn83bFbiXWCJWusEPdKHBgo-9ca0VJKM9kug_ibWirUwoX588yw7O-P8cOBMd70Q60XdRoKyeyAiYlWGt-BmGfO7ncRmcuuzEE9AFYlX9lwIjzuSBFdgNrTTNVbXrQWdFO5MnUA",
  "payload": ""
}
2025-01-21 01:17:33,627:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2181731955/463771898065 HTTP/1.1" 200 826
2025-01-21 01:17:33,628:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 21 Jan 2025 01:17:33 GMT
Content-Type: application/json
Content-Length: 826
Connection: keep-alive
Boulder-Requester: 2181731955
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: TuPv3OuuLGhZxc8JtOYSusHqyBYBqlHbyRDzVa4Yh1rpF2WsxGA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "node1.quintons.xyz"
  },
  "status": "pending",
  "expires": "2025-01-28T01:17:33Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2181731955/463771898065/hLL7LQ",
      "status": "pending",
      "token": "NqsmcRRA86_0790fh6yG39h8fLiB0Ugoil7PARWS42A"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2181731955/463771898065/kr2hHw",
      "status": "pending",
      "token": "NqsmcRRA86_0790fh6yG39h8fLiB0Ugoil7PARWS42A"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2181731955/463771898065/RjzO0w",
      "status": "pending",
      "token": "NqsmcRRA86_0790fh6yG39h8fLiB0Ugoil7PARWS42A"
    }
  ]
}
2025-01-21 01:17:33,628:DEBUG:acme.client:Storing nonce: TuPv3OuuLGhZxc8JtOYSusHqyBYBqlHbyRDzVa4Yh1rpF2WsxGA
2025-01-21 01:17:33,629:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-01-21 01:17:33,629:INFO:certbot._internal.auth_handler:dns-01 challenge for node1.quintons.xyz
2025-01-21 01:17:33,630:DEBUG:certbot._internal.display.obj:Notifying user: Please deploy a DNS TXT record under the name:

_acme-challenge.node1.quintons.xyz.

with the following value:

nstrxlyM7QMxJFI1R3prE1vdMpIkOGTwUyJMn82a5tY

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.node1.quintons.xyz.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

2025-01-21 01:18:35,283:DEBUG:acme.client:JWS payload:
b'{}'
2025-01-21 01:18:35,286:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2181731955/463771898065/hLL7LQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE4MTczMTk1NSIsICJub25jZSI6ICJUdVB2M091dUxHaFp4YzhKdE9ZU3VzSHF5QllCcWxIYnlSRHpWYTRZaDFycEYyV3N4R0EiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIxODE3MzE5NTUvNDYzNzcxODk4MDY1L2hMTDdMUSJ9",
  "signature": "uQIhjcIpBu8_vJIfW7lfQHTAXlNfahVihq7-svTlGHNK0vc0HwZBZICQrbmmyuj8tOYEJwrkX5tpPAwTAWs20IUPh4sYiuPQuyMUmlwTODcvqlx-XCpatjSvn18z-dAlvRelHalNc_Pdhi5YVWsmZiT9EC1vuH04BPFnBsqkDgN7oOaJzXCCpg3zZFbgiee1oU7jul6ZXv4hRLVAtz29eO-yoGJFhdESiclU0NIqL2Zyd3QtNSsOfE-quJ5cwv0SO73cUCnn2TtvP6KoFmWdUuC728X4FhPEcnyeuQDxFUfvMRQLjSFZYjXRCXVETz9Kx655DFlothPd120H4WFVgA",
  "payload": "e30"
}
2025-01-21 01:18:35,329:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 537, in _make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 461, in getresponse
    httplib_response = super().getresponse()
                       ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 1428, in getresponse
    response.begin()
  File "/usr/lib/python3.12/http/client.py", line 331, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 300, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 845, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 472, in increment
    raise reraise(type(error), error, _stacktrace)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/util.py", line 38, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 537, in _make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 461, in getresponse
    httplib_response = super().getresponse()
                       ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 1428, in getresponse
    response.begin()
  File "/usr/lib/python3.12/http/client.py", line 331, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 300, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 104, in handle_authorizations
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 424, in answer_challenge
    resp = self._post(challb.uri, response)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 750, in _post_once
    response = self._send_request('POST', url, data=data, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 647, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 501, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

2025-01-21 01:18:35,330:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-01-21 01:18:35,330:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-01-21 01:18:35,331:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 537, in _make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 461, in getresponse
    httplib_response = super().getresponse()
                       ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 1428, in getresponse
    response.begin()
  File "/usr/lib/python3.12/http/client.py", line 331, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 300, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 845, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 472, in increment
    raise reraise(type(error), error, _stacktrace)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/util.py", line 38, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 537, in _make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 461, in getresponse
    httplib_response = super().getresponse()
                       ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 1428, in getresponse
    response.begin()
  File "/usr/lib/python3.12/http/client.py", line 331, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/http/client.py", line 300, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 104, in handle_authorizations
    self.acme.answer_challenge(achall.challb, resp)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 424, in answer_challenge
    resp = self._post(challb.uri, response)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 750, in _post_once
    response = self._send_request('POST', url, data=data, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 647, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 501, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
2025-01-21 01:18:35,341:ERROR:certbot._internal.log:An unexpected error occurred:
2025-01-21 01:18:35,343:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

An nginx server is replying to HTTP requests to that domain. It might be easier to use something like:

sudo certbot certonly --nginx -d node1.quintons.xyz

The DNS Challenge is often harder to automate and, in fact, the --manual option you chose with that cannot be automated without providing a manual auth hook.

I see:

Request to: node1.quintons.xyz/71.86.227.197, Result: [Address=71.86.227.197,Address Type=IPv4,Server=nginx/1.24.0 (Ubuntu),HTTP Status=301,Number of Redirects=1,Final HTTP Status=200

1 Like

There is an nginx server running at my house but that is not on the machine I am currently trying to get the cert on. I am trying to install a game panel service called Pterodactyl. The actual user accessible website is panel.quintons.xyz which has a valid cert and is running on an ngix server. However I am trying to create a node on another machine that will actually run the game servers. The two are supposed to communicate over https. I can't have the port 80 pointing at my node machine because its already pointing to my web server.

I understand. When you use the DNS Challenge, do you consistently get that same error?

Because that looks like something that might be a temporary comms problem.

1 Like

You actually kinda can, if they're using different FQDNs.

You do so by using SNI and separate server blocks for the main nginx to act as a reverse proxy. Your nginx config there gives you control on what's proxied and what's not, if you don't want the node to be accessible from the public internet and you only want to proxy .well-known/acme-challenge, for example. (You might also need split horizon dns, it sounds a bit complex)

1 Like