Https stopped working

gbook2 · May 21, 2024, 2:29pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: olinnidb.org

I ran this command: certbot

It produced this output:
[root@nidb letsencrypt]# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: olinnidb.org
2: www.olinnidb.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

An RSA certificate named olinnidb.org already exists. Do you want to update its
key type to ECDSA?

(U)pdate key type/(K)eep existing key type: U
Renewing an existing certificate for olinnidb.org and www.olinnidb.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: olinnidb.org
Type: connection
Detail: 199.231.27.108: Fetching http://olinnidb.org/.well-known/acme-challenge/MLnrngwgmcl0JJ5v7SWQiKquHO1xIH1grbWWtK8nyR0: Connection reset by peer

Domain: www.olinnidb.org
Type: connection
Detail: 199.231.27.108: Fetching http://www.olinnidb.org/.well-known/acme-challenge/43JPNYobJdMyR62Ror8-Prbeb4BZkpK-2vXACqZTrxM: Connection reset by peer

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@nidb letsencrypt]#

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.10.0

Details:
I setup the certificate using certbot about 2 years ago. It worked fine until about 2 months ago. Then I was unable view the website using the domain name. Viewing by IP address works. Nothing on the server changed, I hadn't even logged in to the server in a year. There are no firewalls, all ports are open.

petercooperjr · May 21, 2024, 3:03pm

So, you can't get to the server, and neither can Let's Encrypt. You need to fix that first, before worrying about anything to do with your certificates. Once your server is working again, then Let's Encrypt will be able to issue you a certificate.

This random online tool shows connectivity working in only a couple countries, if that's helpful.

Bruce5051 · May 21, 2024, 6:02pm

Hi @gbook2,

To me it looks like there is geo blocking happening.

Please read these:

Rip · May 21, 2024, 6:26pm

For what it's worth, I can get to the domain from my location in the "PNW" US

Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-21 11:23 PDT
Nmap scan report for 199.231.27.108
Host is up (0.10s latency).
PORT    STATE    SERVICE
22/tcp  filtered ssh
80/tcp  open     http
443/tcp open     https

EDIT: GEO blocking is not recommended as "Best Practice"

Bruce5051 · May 21, 2024, 6:35pm

And from here http://www.site24x7.com/tools/public/t/results-1716316433700.html I see

And from here GeoPeeker - A tool for viewing sites from different geographic locations I see

gbook2 · May 21, 2024, 6:42pm

I ended up completely deleting the certificates, even though they weren't expired. Then commented out any changes made by certbot to the apache config. Then restarted apache. It worked by domain name. Then I ran certbot again and it worked. No idea what happened.

griffin · May 21, 2024, 7:42pm

Sounds like your apache configuration got corrupted. Deleting the certificates was unnecessary in that process.

system · June 20, 2024, 7:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.