I cant install certificate

Rip · March 29, 2023, 12:35pm

Also it looks to me like you have already obtained certs for your domain.

Is it possible to use one of them?

massimo45 · March 29, 2023, 12:35pm

how do i configure it correctly?

massimo45 · March 29, 2023, 12:37pm

yes i will like to use it. how do i re-install it

Rip · March 29, 2023, 12:45pm

@MikeMcQ knows a lot more about nginx configurations than I.
But for starters as he stated earlier:

But it is impossible unless the ports are open on your firewall or IDS or whatever (router)

rip:T430 ~ >>  nmap -p 22,80,443 cointex.live
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-29 05:39 PDT
Nmap scan report for cointex.live (138.68.189.23)
Host is up (0.17s latency).

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https

Even when one of your current certs are configured, you still need to open port 80 and 443 if you expect the site(s) to be available publicly.

massimo45 · March 29, 2023, 12:48pm

thank you. how do i open the port?

MikeMcQ · March 29, 2023, 12:57pm

Your ports were open earlier otherwise rip would not have seen the response to the "header" request for HTTP. And, Let's Encrypt servers also saw 403 error.

It looks like you now stopped nginx. Did you?

massimo45 · March 29, 2023, 12:58pm

yes i did

MikeMcQ · March 29, 2023, 12:58pm

What does this show

certbot certificates

massimo45 · March 29, 2023, 12:58pm

Found the following certs:
Certificate Name: cointex.live
Serial Number: 4cedc1103e0f5cad0a60afb880696d71548
Key Type: RSA
Domains: cointex.live www.cointex.live
Expiry Date: 2023-06-27 11:41:38+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/cointex.live/fullchain.pem
Private Key Path: /etc/letsencrypt/live/cointex.live/privkey.pem

Rip · March 29, 2023, 12:58pm

That depends on your environment in which I an not an expert.
You are running vps on digital ocean with nginx. The syntax is different than what I am proficient at.
I am not fluent on nginx or vps configs. An expert with your configuration will help you.
@MikeMcQ or @rg305 might be close by...

massimo45 · March 29, 2023, 1:00pm

okay
thank you

MikeMcQ · March 29, 2023, 1:01pm

Excellent. You have your cert and private key files on your machine. You just need to configure nginx to use them.

You can do that manually or use the --nginx plug-in to help. For manual changes refer to

I recommend NOT using HSTS or Stapling until after you have stable nginx system and know exactly what these do. These are advanced options that can cause difficulties.

MikeMcQ · March 29, 2023, 1:03pm

The overall port config looks fine. You and LE both saw 403 so reached their nginx. The HTTPS requests were failing probably due to nginx not configured to use certs yet (although could be NAT issue hard to say yet). The latest failures were them stopping nginx so normal to see ports "closed".

rg305 · March 29, 2023, 4:38pm

Not sure where you learned to use that, but it doesn't fix anything that's broken.
And as certbot certificates, and the cert history shows, you already had a cert to cover those names.

Step #1: Get the HTTP sites working "normally".
Step #2: Secure the sites using the cert you already have [no need to run certbot anymore]

massimo45 · March 30, 2023, 7:10am

okay
Thanks

massimo45 · March 30, 2023, 7:11am

noted
thanks

schoen · April 4, 2023, 1:37am

A post was split to a new topic: Can't install certificate

rg305 · April 4, 2023, 5:13pm

2 posts were split to a new topic: Invalid response

rg305 · April 4, 2023, 5:21pm

2 posts were merged into an existing topic: Invalid response

system · May 4, 2023, 5:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.