Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: alf4all.nl
I ran this command: sudo snap install --classic certbot
It produced this output: all ok
My web server is (include version): Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.4.52 LTS
My hosting provider, if applicable, is: local
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 2.6.0
Before installing Certbot http worked fine (as well local and via the internet). Afther installing Certbot, http and https on local browser worked perfect, as well http and https via the internet dosn't work. Still I forwarded port 80 in my router to the server with Apache, strange http via internet does not work anymore. https local came with a warning: potential security risk. how can i control if the certbot did it good?
Thanks and regards...
Hello @Wijnand, welcome to the Let's Encrypt community.
Using the online tool Let's Debug yields these results https://letsdebug.net/alf4all.nl/1616053
http://alf4all.nl/.well-known/acme-challenge/sometestfile is being redirected to
$ curl -Ii http://alf4all.nl/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Tue, 19 Sep 2023 16:11:10 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
And that Port 443 (for HTTPS) is filtered
$ nmap -Pn -p80,443 alf4all.nl
Starting Nmap 7.80 ( https://nmap.org ) at 2023-09-19 09:08 PDT
Nmap scan report for alf4all.nl (188.8.131.52)
Host is up (0.16s latency).
rDNS record for 184.108.40.206: 88-159-57-235.fixed.kpn.net
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 2.07 seconds
Problem solved, thanks a lot. Is there a simple explanation somewhere of the result of "Let's debug"?
The explanation is that you got a cert properly and must have chosen the
--apache plug-in as installer. This created a VirtualHost for HTTPS and changed your existing HTTP VirtualHost so that it redirected to HTTPS
But, you did not have port 443 open on your router so HTTPS requests failed. And, since HTTP was being redirected to HTTPS they also failed.
These worked locally for you because those requests don't go through your router.
Let's Debug is mostly used to diagnose problems getting a cert although in this case it pointed to the redirection and the
nmap output showed the blocking (filtering) of port 443
Does that help?
Thank you very much for the explanation. I had already adjusted my router and that helped. I just didn't realize that http requests via the internet are no longer accepted, but they are still accepted within the local network. Greetings, Wijnand...