I would like to know the status of chez.com

I would like to know status of chez.com
Thanks for any help.

List of issued certificates crt.sh | chez.com, all seem expired. the latest one being 2018-10-17.

$ nmap chez.com
Starting Nmap 7.80 ( https://nmap.org ) at 2022-11-25 21:23 UTC
Nmap scan report for chez.com (212.27.63.127)
Host is up (0.16s latency).
rDNS record for 212.27.63.127: perso127-g5.free.fr
Not shown: 991 closed ports
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
25/tcp   filtered smtp
80/tcp   open     http
111/tcp  filtered rpcbind
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
2049/tcp filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 12.96 seconds
3 Likes

I presume this means letsencrypt is not usable...
:frowning_face:

Based on what?

If port 80 is open to the Internet, you should be able to get a certificate [quite easily].

5 Likes

Why do you presume this? And what are you actually asking? "The status of chez.com" really isn't a very clear question.

5 Likes

Based on what?
On my ignorance...

What are you actually asking?
I have a site at chez.com (http://busmuli.chez.com) and I want to use pictures on other sites but many https sites refuse to use data coming from a http sites, that is why I would like to turn the http in https.

Thank you for your attention.

1 Like

That makes for a much clearer question. If you'd started this as a new topic in this category, you would have been presented with the following questions. Please answer them to the best of your ability to help us help you:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

5 Likes

My domain is:
http://busmuli.chez.com, DNS is 192.168.0.254 if it can help.

I ran this command:
None.

It produced this output:
None.

My web server is (include version):
I don't know, probably Apache.

The operating system my web server runs on is (include version):
I don't know, probably a Linux.

My hosting provider, if applicable, is:
?

I can login to a root shell on my machine (yes or no, or I don't know):
I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No. I don't know if it exist.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Firefox --102.5.0esr
Under Mageia linux, updated version.

I don't understand most of the questions and don't know how to find the informations.

I am aware that my answers are not very useful but i am ready to try everything you tell me to do.

Are you hosting your own website? If so, how do you not know which operating system you're using to do so? If not, how do you not know who is?

6 Likes

That is a problem.
You must use a routable IP address.
See: RFC 1918: Address Allocation for Private Internets (rfc-editor.org)

In short: You must have a working HTTP site before you can secure it using HTTP-01 authentication. [The Internet can't reach your IP address]

5 Likes

...except that it isn't; public DNS returns a public IP for that FQDN:

 dan@Dan-Mac-Mini-2  ~  dig busmuli.chez.com

; <<>> DiG 9.10.6 <<>> busmuli.chez.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40943
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;busmuli.chez.com.		IN	A

;; ANSWER SECTION:
busmuli.chez.com.	3579	IN	A	212.27.63.127

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Nov 28 05:48:47 EST 2022
;; MSG SIZE  rcvd: 61
6 Likes

Then 212.27.63.127 must be made to be NATed to reach 192.168.0.254 [on port 80].
But there has been no mention of any of that...

5 Likes

I see:

curl -Ii busmuli.chez.com/.well-known/acm-challenge/Test_File-1234
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 28 Nov 2022 10:51:23 GMT
Server: lighttpd

lighttpd

5 Likes

Maybe, or any of a dozen or more other arrangements which may or may not involve a RFC1918 IP address.

6 Likes

I don't understand...
Those are the only two IPs mentioned in this post.

Maybe "NAT" is too specific...
Let me rephrase as:
Then 212.27.63.127 must be made to reach 192.168.0.254 [on port 80].

5 Likes

Are you hosting your own website?
No.

If not, how do you not know who is?
The owner of this server is free.fr.

That is a problem.
You must use a routable IP address.
This is the address my computer use.

lighttpd
Thankyou. One step forward.

1 Like

Then you should ask them about setting up HTTPS for your domain.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.