I want to setup a cert on port 443

When I installed it yesterday I ran it with my normal user account.

Right, so if you install it with a normal user account you can’t run it as root (or rather, you can, but you need to do a bit more work to set it up). The easy way is to install it as root, then run it as root - as shown in the example I gave above.

1 Like

So I just follow the example above and it should work?
Do I have to remove it to or just the above?

Well, I hope it should just work :slight_smile:

You don’t have to remove the original copy, but I would anyway, to avoid future confusion (unless of course you’ve already obtained certificates successfully with it, in which case you’ll want to keep it around so they get auto-renewed).

To remove the certificate I just go to etc/letsencrypt/live/panel.raidhosting.nl/
And remove fullchain.pem and pricked.pem right?

Thanks for all the help :smile:

certbot delete --cert-name example.com

If you already have a certificate there, you don’t need to remove it. (I guess you got that previously, with certbot?) Just get a new one with acme.sh, install it somewhere (instructions here) and update your nginx configuration to point to it. Then, if you like, you can delete the old certificate from certbot as @rg305 showed (but don’t do that until you’ve got the new one set up, or you won’t be able to restart nginx).

NGINX is already unable to start :frowning:

Ah, I missed that bit… so probably the cert was already deleted? Still, I think the best course of action is to proceed to obtain and install a certificate with acme.sh and update the nginx config to point at it.

This whole “event” is far from any best course of action.
But maybe it’s not too late to start!

It seems he was running with a non-root user, so I doubt the openssl server was able to start to listen at port 443.

I also suggest the same as @jmorahan said. sudo -i to install acme.sh under root user, and then run the command as root user.

From the whole disscussions, I could notice that the users nginx conf may be already broken. I would suggest him to fix the conf without ssl first.

1 Like

This is my nginx.conf file:
https://hastebin.com/ifucotovoj.nginx

And if i do the commands @jmorahan mentioned above i get this:

root@pterodactyl:~# acme.sh --issue --alpn --pre-hook “systemctl stop nginx” --post-hook “systemctl start nginx” -d panel.raidhosting.nl
[Fri Oct 11 08:21:26 CEST 2019] Run pre hook:‘systemctl stop nginx’
[Fri Oct 11 08:21:26 CEST 2019] Standalone alpn mode.
[Fri Oct 11 08:21:26 CEST 2019] Single domain=‘panel.raidhosting.nl’
[Fri Oct 11 08:21:26 CEST 2019] Getting domain auth token for each domain
[Fri Oct 11 08:21:28 CEST 2019] Getting webroot for domain=‘panel.raidhosting.nl’
[Fri Oct 11 08:21:28 CEST 2019] Verifying: panel.raidhosting.nl
[Fri Oct 11 08:21:28 CEST 2019] Starting tls server.
[Fri Oct 11 08:21:33 CEST 2019] Pending
[Fri Oct 11 08:21:35 CEST 2019] panel.raidhosting.nl:Verify error:Error getting validation data
/root/.acme.sh/acme.sh: line 3048: 19712 Terminated $__S_OPENSSL > /dev/null 2>&1
[Fri Oct 11 08:21:36 CEST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Fri Oct 11 08:21:36 CEST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Oct 11 08:21:36 CEST 2019] Run post hook:‘systemctl start nginx’
Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.
[Fri Oct 11 08:21:36 CEST 2019] Error when run post hook.

nginx’s configuration is split across many files. But there is an easy way to identify errors, and that’s to run (as root):

nginx -t

If you run that and report back, things should be a bit easier to fix.

I get this when running your command:

root@pterodactyl:~# nginx -t
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Sorry, I should have read the earlier posts. The problem has already been revealed to you - nginx won’t start because you deleted a certificate it depended on.

Can I ask, what ports is your server accessible on? Because both 80 and 443 appear to time out from the internet.

If we want the acme.sh --alpn or acme.sh --standalone command to succeed, at least one of those ports must be exposed to the internet.

This is the error that Let’s Encrypt is returning when it tries to connect to your server on port 443 to perform the ALPN challenge.

The “Error getting validation error” is basically a fallback error message. If often crops up as a result of “no route to host” conditions:

$ nc -vvv panel.raidhosting.nl 443
nc: connect to panel.raidhosting.nl port 443 (tcp) failed: No route to host

Are you 100% sure that everything is port forwarded correctly?

Yes port 443 should be available on this host.
But I can’t create a new certificate with the command.
That’s now my problem.