I'm running a Web app and to login I send a request to https://api.bryceai.com, the problem is that the certificate for that url expire. Yesterday I renew the certificate but still can't register or login. It there a time it takes to renew the certificates? or is there another problem I'm missing?
Hello @serpguru, welcome to the Let's Encrypt community.
Here is a list of issued certificates crt.sh | bryceai.com, the latest from Let's Encrypt being 2023-02-08 and on 2023-02-09 from C=US, O=Amazon, CN=Amazon RSA 2048 M01
Did you install the certificates after receiving them before the systemctl start nginx?
Also I would expect more likely to see systemctl restart nginx.
Because bryceai.com is setup to be proxied in Cloudflare and I can connect to it just fine.
But api.bryceai.com has its DNS pointing to an EC2 instance but port 443 (https) is closed. You may need to check your EC2 Security Group to ensure it is open. And, of course, check whatever service is handling api that it is running and configured with that cert for https
(Notice port 443 closed for api domain)
nmap api.bryceai.com
rDNS record for 3.21.192.3: ec2-3-21-192-3.us-east-2.compute.amazonaws.com
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
(Notice https connects to bryceai domain work fine)
curl -I https://bryceai.com
HTTP/2 200
server: cloudflare
Supplemental information, this is what I presently see:
$ nmap -Pn api.bryceai.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-13 16:57 UTC
Nmap scan report for api.bryceai.com (3.21.192.3)
Host is up (0.083s latency).
rDNS record for 3.21.192.3: ec2-3-21-192-3.us-east-2.compute.amazonaws.com
Not shown: 995 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp closed https
3000/tcp closed ppp
7000/tcp closed afs3-fileserver
Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds
note HTTPS Port 443 is closed above
$ curl -Ii http://api.bryceai.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: nginx/1.22.0
Date: Mon, 13 Feb 2023 16:59:04 GMT
Content-Type: text/html
Content-Length: 1400
Connection: keep-alive
ETag: "63e3c8a1-578"
$ curl -Ii http://api.bryceai.com/.well-known/acme-challenge/sometestfile -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 404 Not Found
Server: nginx/1.22.0
Date: Mon, 13 Feb 2023 16:59:24 GMT
Content-Type: text/html
Content-Length: 1400
Connection: keep-alive
ETag: "63e3c8a1-578"
$ nmap -Pn bryceai.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-13 16:59 UTC
Nmap scan report for bryceai.com (172.67.215.131)
Host is up (0.010s latency).
Other addresses for bryceai.com (not scanned): 104.21.37.240 2606:4700:3036::6815:25f0 2606:4700:3033::ac43:d783
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 4.84 seconds
What does your nginx config look like on your EC2 instance? Because nginx is responding to http (port 80) but still nothing on https (port 443).
Can you show result of sudo nginx -T command? It is upper case T and omit sudo if don't need it. Please add 3 backticks before and after output like:
```
output of: nginx -T
```
No, just uncommenting that is not enough. You need to reference the Let's Encrypt certs among other things.
See Mozilla site for guidelines. Also make sure you have a server block with a server_name for each domain and each port. You are just using default names.
In short, you haven't configured anything yet. See below and nginx.org