I cannot get a certification

Help
61

Change to Cloudflare :slight_smile:

3 Likes
62

Then it looks like i need a domain name, and that costs money right

1 Like
63

It does not. But OP doesn't have any as of yet :stuck_out_tongue:

Well, if you want to configure nginx for OP manually, be my guest :roll_eyes: I was hoping Certbot would find the nginx configuration good enough once it was actually kinda correct.

There are other free DNS providers like FreeNom, but from time to time as far as I know all free DNS providers with free domain names have had some performance issues.

1 Like
64

Thanks for confirm. I had some concern that duckdns might work once which could affect the tests / actions.

2 Likes
65

Mozilla configurator does that :slight_smile: The rest is just copying any app specific stuff from port 80 to 443. In this case that was just the proxy statements. I didn't see that as a difficult copy / paste.

2 Likes
66

Usually, when DNS was not the issue, there was some other nginx or router misconfiguration, so I'd be happy with a valid validation for once, which should be the sign of not ever touch the nginx and router configuration again :rofl:

It isn't for you and me no, but as I said, good luck with that :slight_smile:

1 Like
67

Yeah, your own domain name will need registration fee. Should be around $10 or less per year

2 Likes
68

Do you have a good shop for buying them, I feel like most are third parties with a huge markup, couldnt find anything less than 15- 20 plus some bs fees

69

Cloudflare sells domains at cost. You are required to use Cloudflare nameservers with any domain you purchase from their registrar. If you were buying a domain to use with Cloudflare DNS, that will not pose a problem.

3 Likes
70

Are you saying i shouldnt buy a domain through their system? Are there any drawbacks a normal user like me can expericence if they host the nameservers?

71

For Cloudflare just as @linkp suggests.

You can buy domains elsewhere and (usually) set the DNS servers to Cloudflare (or someone else). But, then you have two accounts to manage (your registrar and Cloudflare)

Amazon sells domains pretty cheap too and are easy to use / renew. But, yes, beware of any vendor with "first year cheap" offers.

As for your later post, the only thing linkp was noting is that you can't register a domain with Cloudflare and then use someone elses name servers.

And, no, you don't want to run your DNS servers. It is complex

3 Likes
72

Not at all. It is unfortunately common to see posts in the Cloudflare Community from people who bought a domain at Cloudflare and then find themselves confused by third-party hosting setup guides that instruct them to change their nameservers when that is not possible for them.

I just wanted to make sure that you know about that limitation.

Cloudflare nameservers are among the best available and using them should not pose any issue for you.

3 Likes
73

Chances also are that if you try a few times, your DuckDNS nameservers ultimately will function good enough for a cert that one time.

74

yeah, I thought about automating the request for a day, with intervalls maybe every 10 min, but can i use this command

sudo certbot certonly --dry-run --webroot -w /var/www/html -d familjenisback.duckdns.org

and will that give me a good answers, or will i get rate limited?

75

You will not get rate limited using --dry-run (well, not unless far more than 6 requests per hour)

You only get 5 failed requests per hour with production so beware of that.

Just know that once --dry-run passes you need to issue Certbot without that to get your production cert. Given how sporadic duckdns has been that might fail anyway.

You also need to choose your Certbot command for production. Either as Osiris suggested and let Certbot make your port 443 server block. Or, by just removing --dry-run and then you create your own server block.

3 Likes
76

how would i let certbot make my serverblock?

77

With the command Osiris provided earlier ...

Hopefully duckdns behaves and Certbot is able to update your nginx config after that.

2 Likes
78

I gave up on duckdns and bough a domain on cloudflare. Is there any use of certbot and stuff now? cloudflare had an option to just upgrade everything to https so

79

well well well. To use immich fully i need to enable websockets. and those do not like CF proxy.. already got problems. So it looks like i do need certbot after all

80

I tried using sudo certbot -a webroot -i nginx -w /var/www/html -d harryisback.org. It still gave me a dns error.

# HTTP Server Block
server {
    listen 80;
    server_name harryisback.org immich.harryisback.org;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

# HTTPS Server Block
server {
    listen 443 ssl;
    server_name harryisback.org immich.harryisback.org;

    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

    # Allow large file uploads
    client_max_body_size 50000M;

    # Set headers
    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Enable websockets
    proxy_http_version 1.1;  # Use HTTP/1.1 for WebSocket
    proxy_set_header Upgrade $http_upgrade;  # Handle WebSocket upgrade
    proxy_set_header Connection "upgrade";  # Handle WebSocket upgrade
    proxy_redirect off;

    # Set timeouts
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout 600s;

    # Main location block
    location / {
        proxy_pass http://192.168.1.55:2283;  # Backend server
    }
}

this is how my conf file look now.