I have port 80, 443, OpenSSH, and Nginx FULL via ufw
My domain is: ignacio.tk
I ran this command: sudo certbot --nginx -d ignacio.tk -d www.ignacio.tk
It produced this output: root@ignacio-VirtualBox:~# sudo certbot --nginx -d ignacio.tk -d www.ignacio.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ignacio.tk
http-01 challenge for www.ignacio.tk
Waiting for verification…
Challenge failed for domain ignacio.tk
Challenge failed for domain www.ignacio.tk
http-01 challenge for ignacio.tk
http-01 challenge for www.ignacio.tk
Cleaning up challenges
Some challenges have failed.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided
My web server is (include version):
The operating system my web server runs on is (include version): ubuntu 20.04 (nginx)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ubuntu 20.04 terminal (nginx)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.40.0-1
I’m very new to domains. How do I find the correct ip to use from Ubuntu. I used the icanhazip for the public IP and I also linked the static IP to the domain
You can check your IP from your command line by making requests to external checking websites, such as ifconfig.co or whatismyip.akamai.com.
Run curl -4 ifconfig.co or curl -4 whatismyip.akamai.com for your IPv4 address.
Run curl -6 ifconfig.co or curl -6 whatismyip.akamai.com for your IPv6 address.
P.S. You may not have a IPv6 or IPv4 address, it’s entirely possible. (coming from your ISP)
Thank you, I linked that to the domain but still no connection. I’m not sure why I can’t connect. I keep hearing it’s port 80 but I have it open using ufw
This means you have more than 1 address on the same hostname.
You only need 174.24.20.243. Please remove the three other IPs as they are internal IP.
You also need to make sure you are allowing the IP on your local route (or ethernet gateway) since you are using CentryLink as your hosting and the IP looks like residential.
We should probably also advise you to use a dynamic dns service. @all What’s this community recommendation as to the best one? (edit: a quick search gave me this script that can update your ip address without an external service: https://github.com/mkorthof/freenom-script)
An then you should check port forwarding, make sure that ports 80 and 443 on your router’s external interface get forwarded to your server.
I’m not too certain about overall differences in DDNS services.
To me they are pretty much equal.
In the best case (most secure) scenario:
You use a real domain name, CNAME that to a DDNS name.
[The DDNS name merely functions to resolve the name to its’ current IP.]
You connect to the current IP and securely communicate with the real domain name.
[you also use methods to secure the use of certs from your real domain]
But in this particular case, the domain in use is a free domain from the TLD .TK
This step in and of itself is already insecure, so this setup will never be truly 100% secure (IMHO).
The difference goes down to the same difference DNS services have: who has the least buggy authoritative nameservers? (and, specific to ddns: who has the least painful ip update process?)
Well that leaves much to the user experience (Windows, Linux, MAC).
I can see that there may be global DNS performance/availability/reliability differences.
However, for those that are set on choosing only FREE services, such a difference may not be a deal breaker.
In the end we are talking about cases where the user can't have, or afford, a static IP in the first place.
I cleared the extra DNS addresses from both ignacioi.tk and www.ignacio.tk, I am having trouble figuring out how to allow the IP on my local route. I am using ubuntu on a VirtualBox when using certbot for SSL certification. Any extra help would be greatly appreciated.
I think this strongly depends on your router, and it might be better to look up your router model on Google with "your_router_model port forwarding".
You might just need port forwarding, you might have more things to do, it just depends on how exactly you've set up the services/webserver. There's just too many ways to do this.
I realized how much of an issue this is when I bought a VPS that didn't have a full ipv4 (it shared, 20 ports each) but had an /80 subnet in ipv6 (yeah, it's small -- but my machine also has 128MB of ram and costs $2/year).
ipv4s are freaking expensive, the biggest part in the price of a cheap vps.
The worst part of not having an IPv4 address is that the Internet is not fully functional via IPv6 only.
It is mid 2020 and we are still reliant on IPv4 to do some of the simplest/most basic things on the Internet.
For example, by that I mean if you create a simple Windows 10 client PC system and only use IPv6, it won’t even be able to do Windows Updates.
If you tried to reach some large sites (like: IBM, FORD, GE) you would get redirected to BING.
And only if you added “www.” to them would you actually then reach a site.
And don’t get me started on why browsers still default to HTTP rather than HTTPS…
The world seems to turn soooo very slowly these days
