I am trying to install ssl certificate

tanjaj · September 11, 2019, 8:07pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tatjanajevdjic.design

I ran this command: sud certbot --apache

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: tatjanajevdjic.design
2: blog.tatjanajevdjic.design
3: www.blog.tatjanajevdjic.design
4: elkom.tatjanajevdjic.design
5: www.elkom.tatjanajevdjic.design
6: nextcloud.tatjanajevdjic.design
7: www.nextcloud.tatjanajevdjic.design
8: www.tatjanajevdjic.design

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.tatjanajevdjic.design
http-01 challenge for elkom.tatjanajevdjic.design
http-01 challenge for nextcloud.tatjanajevdjic.design
http-01 challenge for tatjanajevdjic.design
http-01 challenge for www.blog.tatjanajevdjic.design
http-01 challenge for www.elkom.tatjanajevdjic.design
http-01 challenge for www.nextcloud.tatjanajevdjic.design
http-01 challenge for www.tatjanajevdjic.design
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.tatjanajevdjic.design/.well-known/acme-challenge/bn-CuLkxOd-tSitsCQaDyaudvMT3qIUn2NGWhiWcH0g: Timeout during connect (likely firewall problem), elkom.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://elkom.tatjanajevdjic.design/.well-known/acme-challenge/YgSug_pEh9j2YADkctITU6LNxYd6Xyh68IeblX3Dbd0: Timeout during connect (likely firewall problem), www.blog.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.blog.tatjanajevdjic.design/.well-known/acme-challenge/UgsPdFV6KscQS_2yX4vYGokQ8TNE68V1e-J6v5NRYos: Timeout during connect (likely firewall problem), nextcloud.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nextcloud.tatjanajevdjic.design/.well-known/acme-challenge/RQ9YkNQmfQSgY7WSZrVlFm8skvA4mlIWvswjTehIRRE: Timeout during connect (likely firewall problem), www.nextcloud.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.nextcloud.tatjanajevdjic.design/.well-known/acme-challenge/xn74gq7hRcNzpAI2J9xoR8ETtEqRp03PJtfFc9zyv_U: Timeout during connect (likely firewall problem), blog.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://blog.tatjanajevdjic.design/.well-known/acme-challenge/2dyI7ZKWeMjGH5oewLYqE38nXQ7YTAir97ujiqnOQ64: Timeout during connect (likely firewall problem), tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://tatjanajevdjic.design/.well-known/acme-challenge/mEYVGRGwpiO_2gBq_wq0Nmc79tDj7_0uKROuGhH_qQM: Timeout during connect (likely firewall problem), www.elkom.tatjanajevdjic.design (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.elkom.tatjanajevdjic.design/.well-known/acme-challenge/lCNdVtgSyPca4-g3VTwS0ue5FR8LBG1apbV6gmkXiiw: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://www.tatjanajevdjic.design/.well-known/acme-challenge/bn-CuLkxOd-tSitsCQaDyaudvMT3qIUn2NGWhiWcH0g:
Timeout during connect (likely firewall problem)

Domain: elkom.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://elkom.tatjanajevdjic.design/.well-known/acme-challenge/YgSug_pEh9j2YADkctITU6LNxYd6Xyh68IeblX3Dbd0:
Timeout during connect (likely firewall problem)

Domain: www.blog.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://www.blog.tatjanajevdjic.design/.well-known/acme-challenge/UgsPdFV6KscQS_2yX4vYGokQ8TNE68V1e-J6v5NRYos:
Timeout during connect (likely firewall problem)

Domain: nextcloud.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://nextcloud.tatjanajevdjic.design/.well-known/acme-challenge/RQ9YkNQmfQSgY7WSZrVlFm8skvA4mlIWvswjTehIRRE:
Timeout during connect (likely firewall problem)

Domain: www.nextcloud.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://www.nextcloud.tatjanajevdjic.design/.well-known/acme-challenge/xn74gq7hRcNzpAI2J9xoR8ETtEqRp03PJtfFc9zyv_U:
Timeout during connect (likely firewall problem)

Domain: blog.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://blog.tatjanajevdjic.design/.well-known/acme-challenge/2dyI7ZKWeMjGH5oewLYqE38nXQ7YTAir97ujiqnOQ64:
Timeout during connect (likely firewall problem)

Domain: tatjanajevdjic.design
Type: connection
Detail: Fetching
http://tatjanajevdjic.design/.well-known/acme-challenge/mEYVGRGwpiO_2gBq_wq0Nmc79tDj7_0uKROuGhH_qQM:
Timeout during connect (likely firewall problem)

Domain: www.elkom.tatjanajevdjic.design
Type: connection
Detail: Fetching
http://www.elkom.tatjanajevdjic.design/.well-known/acme-challenge/lCNdVtgSyPca4-g3VTwS0ue5FR8LBG1apbV6gmkXiiw:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version):Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

danb35 · September 11, 2019, 9:02pm

This is telling you what the problem is--the Let's Encrypt servers can't connect to any of your hostnames on port 80. They need to be able to do that.

tanjaj · September 12, 2019, 4:38am

Here is my firewall status:
sudo ufw status
[sudo] password for tatjana:
Status: active

To Action From

Apache Full ALLOW Anywhere
22/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
80 ALLOW Anywhere
80/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)

and in the picture is registrar’s DNS

I would appreciate some directions - who am I supposed to ask - Digital Ocean or Hover regarding this issue? I am new to this, and I appreciate your help.
Thanks in advance,
Tatjana

JuergenAuer · September 12, 2019, 6:49am

Hi @tanjaj

it’s not a problem of your dns, that’s ok. You must have another blocking instance.

See the output - https://check-your-website.server-daten.de/?q=tatjanajevdjic.design

Domainname	Http-Status	Sec.	G
• http://tatjanajevdjic.design/
104.248.198.78	-14	10.023	T
Timeout - The operation has timed out

• http://www.tatjanajevdjic.design/
104.248.198.78	-14	10.013	T
Timeout - The operation has timed out

• https://tatjanajevdjic.design/
104.248.198.78	-14	10.027	T
Timeout - The operation has timed out

• https://www.tatjanajevdjic.design/
104.248.198.78	-14	10.027	T
Timeout - The operation has timed out

• http://tatjanajevdjic.design/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.248.198.78	-14	10.014	T
Timeout - The operation has timed out
Visible Content:

• http://www.tatjanajevdjic.design/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.248.198.78	-14	10.023	T
Timeout - The operation has timed out

Only timeouts.

The two last rows are critical, because Certbot creates a validation file in /.well-known/acme-challenge, Letsencrypt checks that file.

Works your http internal? What says

curl http://tatjanajevdjic.design/

tanjaj · September 12, 2019, 1:30pm

curl http://tatjanajevdjic.design/

Apache2 Ubuntu Default Page: It works * { margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; }

body, html {
padding: 3px 3px 3px 3px;

background-color: #D8DBE2;

font-family: Verdana, sans-serif;
font-size: 11pt;
text-align: center;

}

div.main_page {
position: relative;
display: table;

width: 800px;

margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;

border-width: 2px;
border-color: #212738;
border-style: solid;

background-color: #FFFFFF;

text-align: center;

}

div.page_header {
height: 99px;
width: 100%;

background-color: #F5F6F7;

}

div.page_header span {
margin: 15px 0px 0px 50px;

font-size: 180%;
font-weight: bold;

}

div.page_header img {
margin: 3px 0px 0px 40px;

border: 0px 0px 0px;

}

div.table_of_contents {
clear: left;

min-width: 200px;

margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;

}

div.table_of_contents_item {
clear: left;

width: 100%;

margin: 4px 0px 0px 0px;

background-color: #FFFFFF;

color: #000000;
text-align: left;

}

div.table_of_contents_item a {
margin: 6px 0px 0px 6px;
}

div.content_section {
margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;

}

div.content_section_text {
padding: 4px 8px 4px 8px;

color: #000000;
font-size: 100%;

}

div.content_section_text pre {
margin: 8px 0px 8px 0px;
padding: 8px 8px 8px 8px;

border-width: 1px;
border-style: dotted;
border-color: #000000;

background-color: #F5F6F7;

font-style: italic;

}

div.content_section_text p {
margin-bottom: 6px;
}

div.content_section_text ul, div.content_section_text li {
padding: 4px 8px 4px 16px;
}

div.section_header {
padding: 3px 6px 3px 6px;

background-color: #8E9CB2;

color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;

}

div.section_header_red {
background-color: #CD214F;
}

div.section_header_grey {
background-color: #9F9386;
}

.floating_element {
position: relative;
float: left;
}

div.table_of_contents_item a,
div.content_section_text a {
text-decoration: none;
font-weight: bold;
}

div.table_of_contents_item a:link,
div.table_of_contents_item a:visited,
div.table_of_contents_item a:active {
color: #000000;
}

div.table_of_contents_item a:hover {
background-color: #000000;

color: #FFFFFF;

}

div.content_section_text a:link,
div.content_section_text a:visited,
div.content_section_text a:active {
background-color: #DCDFE6;

color: #000000;

}

div.content_section_text a:hover {
background-color: #000000;

color: #DCDFE6;

}

div.validator {
}

Apache2 Ubuntu Default Page

    <div class="section_header section_header_red">
      <div id="about"></div>
      It works!
    </div>
    <div class="content_section_text">
      <p>
            This is the default welcome page used to test the correct 
            operation of the Apache2 server after installation on Ubuntu systems.
            It is based on the equivalent page on Debian, from which the Ubuntu Apache
            packaging is derived.
            If you can read this page, it means that the Apache HTTP server installed at
            this site is working properly. You should <b>replace this file</b> (located at
            <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
      </p>


      <p>
            If you are a normal user of this web site and don't know what this page is
            about, this probably means that the site is currently unavailable due to
            maintenance.
            If the problem persists, please contact the site's administrator.
      </p>

    </div>
    <div class="section_header">
      <div id="changes"></div>
            Configuration Overview
    </div>
    <div class="content_section_text">
      <p>
            Ubuntu's Apache2 default configuration is different from the
            upstream default configuration, and split into several files optimized for
            interaction with Ubuntu tools. The configuration system is
            <b>fully documented in
            /usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
            documentation. Documentation for the web server itself can be
            found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
            package was installed on this server.

      </p>
      <p>
            The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
      </p>
      <pre>

apache2.conf is the main configuration
file. It puts the pieces together by including all remaining configuration
files when starting up the web server.

                    <li>
                       <tt>ports.conf</tt> is always included from the
                       main configuration file. It is used to determine the listening ports for
                       incoming connections, and this file can be customized anytime.
                    </li>

                    <li>
                       Configuration files in the <tt>mods-enabled/</tt>,
                       <tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
                       particular configuration snippets which manage modules, global configuration
                       fragments, or virtual host configurations, respectively.
                    </li>

                    <li>
                       They are activated by symlinking available
                       configuration files from their respective
                       *-available/ counterparts. These should be managed
                       by using our helpers
                       <tt>
                            a2enmod,
                            a2dismod,
                       </tt>
                       <tt>
                            a2ensite,
                            a2dissite,
                        </tt>
                            and
                       <tt>
                            a2enconf,
                            a2disconf
                       </tt>. See their respective man pages for detailed information.
                    </li>

                    <li>
                       The binary is called apache2. Due to the use of
                       environment variables, in the default configuration, apache2 needs to be
                       started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
                       <b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
                       default configuration.
                    </li>
      </ul>
    </div>

    <div class="section_header">
        <div id="docroot"></div>
            Document Roots
    </div>

    <div class="content_section_text">
        <p>
            By default, Ubuntu does not allow access through the web browser to
            <em>any</em> file apart of those located in <tt>/var/www</tt>,
            <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
            directories (when enabled) and <tt>/usr/share</tt> (for web
            applications). If your site is using a web document root
            located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
            document root directory in <tt>/etc/apache2/apache2.conf</tt>.
        </p>
        <p>
            The default Ubuntu document root is <tt>/var/www/html</tt>. You
            can make your own virtual hosts under /var/www. This is different
            to previous releases which provides better security out of the box.
        </p>
    </div>

    <div class="section_header">
      <div id="bugs"></div>
            Reporting Problems
    </div>
    <div class="content_section_text">
      <p>
            Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
            Apache2 package with Ubuntu. However, check <a
            href="https://bugs.launchpad.net/ubuntu/+source/apache2"
            rel="nofollow">existing bug reports</a> before reporting a new bug.
      </p>
      <p>
            Please report bugs specific to modules (such as PHP and others)
            to respective packages, not to the web server itself.
      </p>
    </div>




  </div>
</div>
<div class="validator">
</div>

JuergenAuer · September 12, 2019, 1:46pm

So we know: Your webserver works internal. So it's a firewall problem you have to fix.

There must be another blocking instance you have to found and change.

The online tool must be able to query your http version.

tanjaj · September 12, 2019, 7:56pm

You’re right, I removed firewall (site was under construction)- and everything works fine.

Thank you very much for your help.
Now, I am sure about this stuff.

Best regards,
Tatjana

system · October 12, 2019, 8:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.