Internal Error on Nginx and LetsEncrypt Error

My domain is:aitd.duckdns.org

I ran this command:
I tried to create SSL for my DDNS domain but got an internal error

It produced this output:

On Nginx ---->Internal Error

,
[12/2/2021] [7:43:37 AM] [Nginx ] › :information_source: info Reloading Nginx,
[12/2/2021] [7:43:37 AM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates for Cert #6: aitd.duckdns.org,
[12/2/2021] [7:43:37 AM] [SSL ] › :information_source: info Command: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "carnbyds@gmail.com" --preferred-challenges "dns,http" --domains "aitd.duckdns.org" ,
[12/2/2021] [7:43:53 AM] [Nginx ] › :information_source: info Reloading Nginx,
[12/2/2021] [7:43:53 AM] [Express ] › :warning: warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-6" --agree-tos --authenticator webroot --email "carnbyds@gmail.com" --preferred-challenges "dns,http" --domains "aitd.duckdns.org" ,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Some challenges have failed.,
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.,

The operating system my web server runs on is (include version): raspi os

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hi @carnby77 and welcome to the LE community forum :slight_smile:

We will need some more information to better assist you.
Please fill out this form:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


As well as showing the output of the following:
openssl version
ls -l /etc/ssl/certs/ca-cert*

2 Likes

My domain is:aitd.ddns.net

I ran this command: did not run any coomand

It produced this output:N/A

My web server is (include version): Raspberry Pi 11.1

The operating system my web server runs on is (include version):Raspberry Pi OS Lite Latest

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, OMV Docker and Portainer

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

As well as showing the output of the following:
openssl version = OpenSSL 1.1.1k 25 Mar 2021

ls -l /etc/ssl/certs/ca-cert* = -rw-r--r-- 1 root root 200313 Dec 2 04:56 /etc/ssl/certs/ca-certificates.crt
[/quote]

1 Like

Sorry, but im still a noob on this..just been a couple of weeks i started working on pi3B+ with OMV6, Docker and Portainer installed

1 Like

Ok. Well, you have a wide variety of issues related to the basics of setting up connectivity. I am not familiar enough with rasp pi to assist but maybe someone else will help. But, you may find better help at a forum for beginning rasp pi setups in general. This site mostly focuses on getting the certs once a server is running.

I will point out that:

Your DNS for aitd.ddns.net points to 192.168.1.119 which is not a publicly addressable IP. That domain was what you were using in the command to request a cert but that IP cannot be reached from the public internet (only your internal network). The DNS needs correction.

Your DNS for aitd.duckdns.org points to 14.192.216.174. But, I cannot reach this IP with something like curl -I aitd.duckdns.org. You should look at how your router and ports are configured for your server. You should check that this is the correct IP. You must have a working http site before being able to get a cert using the http challenge. You can use a site like Lets Debug to help with this.

2 Likes

Hi,
This is the error i get on lets debug

1 Like

That says that it can't reach your HTTP server (at IP 14.192.216.174).

You will need a working HTTP site before you can secure it (via HTTP authentication).

I get:

curl -Ii http://carnby77.ddns.net/
curl: (56) Recv failure: Connection reset by peer
1 Like

how do do that on raspberry pi running docker and portainer. Do i install HTTPD?

1 Like

Your posts seem to indicate that you have already installed nginx.
But it can't be reached from the Internet.

1 Like

Yes, but i need a solution. But Plex seems to work without any reverse proxy...

1 Like

You may have a design problem OR have not correctly implemented the design.
In either case, this is not the forum to request help for such problems.

1 Like

@rg305 Honestly I wouldn't bother helping @carnby77. They don't listen to reason. They don't actually want to do any of the work themselves. They spent a week in my discord blowing it up and being rude to people who told them things they didn't want to hear. For instance, when they were told they did something incorrectly, they got nasty and rude. When I called them on their nonsense, they were verbally abusive until I banned them. I'm willing to bet that their issue here is a port forwarding issue, but they won't accept that since Plext worked without port forwarding, but not understanding that not all apps are like that.

3 Likes

In fact, you can see this behavior has been going on since at least 2007 where they just expect people to do things for them rather than making any effort for themselves.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.