Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ofplayers.net
I ran this command: I ran it through a docker container of Nginx proxy manager
It produced this output:
3/24/2024] [2:53:31 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[3/24/2024] [2:53:31 AM] [Nginx ] › info Reloading Nginx
[3/24/2024] [2:53:31 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
[3/24/2024] [2:53:36 AM] [SSL ] › info Requesting Let'sEncrypt certificates for Cert #11: blog.ofplayers.net
[3/24/2024] [2:53:36 AM] [SSL ] › info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "ofplayers@proton.me " --preferred-challenges "dns,http" --domains "blog.ofplayers.net "
[3/24/2024] [2:53:36 AM] [Global ] › ⬤ debug CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "ofplayers@proton.me " --preferred-challenges "dns,http" --domains "blog.ofplayers.net "
[3/24/2024] [2:53:38 AM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_11.conf
[3/24/2024] [2:53:38 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[3/24/2024] [2:53:38 AM] [Nginx ] › info Reloading Nginx
[3/24/2024] [2:53:38 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
[3/24/2024] [2:53:38 AM] [Express ] › warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org . See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Linode VPS (least expensive option)
The operating system my web server runs on is (include version): Ubuntu 23.10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Nginx proxy manager 2.11.1
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 2.9.0
This worked on my base domain and I can’t get the log file for some reason
Your base domain has both A and AAAA records in your DNS but the blog subdomain does not have either one. You have requested to use the --webroot method to authenticate and you need at least one of these records so the Let's Encrypt servers can find your IP to make the HTTP challenge request.
2 Likes
I added both and it gives the same error, I’ll wait like 20 minutes and update if it happens again or not
rg305
March 24, 2024, 3:24am
4
Do the authoritative DNS servers show the added IPs?
If so, then you can start testing.
Note: Testing is best performed on the LE staging environment [not the LE production environment].
If not, then where did you add those IPs?
2 Likes
Do you mean linode’s domain page?
rg305
March 24, 2024, 3:33am
7
I wouldn't know where you need to go to add DNS entries into your domain.
I do see that Porkbun
DNS servers are being used by your domain:
nslookup -q=ns ofplayers.net
ofplayers.net nameserver = fortaleza.ns.porkbun.com
ofplayers.net nameserver = maceio.ns.porkbun.com
ofplayers.net nameserver = salvador.ns.porkbun.com
ofplayers.net nameserver = curitiba.ns.porkbun.com
But none of those servers know anything about the blog
subdomain.
Nor do they know anything about your base domain either.
try:
nslookup www.ofplayers.net salvador.ns.porkbun.com
nslookup ofplayers.net salvador.ns.porkbun.com
2 Likes
I added linode nameservers like an hour or 2 ago, I’m guessing it may take time to register everywhere else but I’ll try adding it in porkbun too if it lets me
rg305
March 24, 2024, 3:37am
9
That would be very strange.
A long time ago it used to be that way [up to 24 hours, etc.] - but not in 2024.
1 Like
I think that worked, I have it up there now
rg305
March 24, 2024, 3:42am
11
I think I see the "problem" now...
Even though the registrar now has all these nameservers:
The two systems know nothing about each other:
System #1 only knows about itself:
nslookup -q=ns ofplayers.net salvador.ns.porkbun.com
ofplayers.net nameserver = curitiba.ns.porkbun.com
ofplayers.net nameserver = fortaleza.ns.porkbun.com
ofplayers.net nameserver = maceio.ns.porkbun.com
ofplayers.net nameserver = salvador.ns.porkbun.com
System #2 only knows about itself:
nslookup -q=ns ofplayers.net ns1.linode.com
ofplayers.net nameserver = ns2.linode.com
ofplayers.net nameserver = ns4.linode.com
ofplayers.net nameserver = ns1.linode.com
ofplayers.net nameserver = ns3.linode.com
ofplayers.net nameserver = ns5.linode.com
So, I have to ask: Do you know how to configure DNS across two providers?
3 Likes
No, I just added the A/AAAA records manually on both of them
rg305
March 24, 2024, 4:19am
13
That is far from ideal.
You really should delegate that to someone familiar with the whole DNS process.
That said, it should no longer stand in the way of you getting a cert.
Unless...
Both systems don't resolve the names equally.
I now see one system does [Linode
]:
nslookup ofplayers.net ns1.linode.com
Name: ofplayers.net
Addresses: 2600:3c03::f03c:94ff:fe15:bc82
97.107.131.38
nslookup www.ofplayers.net ns1.linode.com
Name: www.ofplayers.net
Addresses: 2600:3c03::f03c:94ff:fe15:bc82
97.107.131.38
But the other still does not [Porkbun
]:
nslookup ofplayers.net maceio.ns.porkbun.com
Server: UnKnown
Address: 162.159.11.180
Name: ofplayers.net
nslookup www.ofplayers.net maceio.ns.porkbun.com
Server: UnKnown
Address: 162.159.11.180
*** UnKnown can't find www.ofplayers.net: Non-existent domain
3 Likes
According to porkbun’s web ui I have to remove the linode name servers to be able to add dns records on porkbun, that’s probably why it’s like that
rg305
March 24, 2024, 4:34am
15
OR
You could remove the Porkbun
nameservers from your registrar.
There are many solutions to this problem .
You need to find one that works for you - all the time - not just part of the time OR only when I do this but, immediately afterwards, I need to do these two other things...
DNS is a set it and forget it thing - when designed and implemented correctly.
4 Likes
I removed the pork bun nameservers
This is unrelated but now I can’t use the base ofplayers.net page, I think this is because I used the same gateway ip on both of the proxy hosts (same docker network) but I don’t know how I’d fix that
Since I’m not really active on the blog (I’ve posted 4 times on it over a year) I’ll probably just close the ghost container and work on using some static site generator thing instead
Edit: I removed the blog’s dns records, cert and proxy entry, the main page still isn’t working
Edit 2: I restarted the server and the main page works now (www still leads to a error though)
system
Closed
April 23, 2024, 4:46am
17
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.