My domain is: status.monetagosolutions.com

I ran this command: sudo certbot --nginx

It produced this output:

2019-09-06 05:53:11,336:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: status.monetagosolutions.com
Type: connection
Detail: Fetching http://status.monetagosolutions.com/.well-known/acme-challenge/Vr00gbpNrsuRqyVTjBxXn2dgX-PtvQvFeFipSnzdll4: Timeout during connect (likely firewall problem)

2019-09-06 05:54:51,749:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 06 Sep 2019 05:54:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 Sep 2019 05:54:51 GMT
Connection: keep-alive

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
}
2019-09-06 05:54:53,919:INFO:certbot.main:Obtaining a new certificate
2019-09-06 05:54:53,959:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
2019-09-06 05:54:53,962:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem
2019-09-06 05:54:53,962:DEBUG:acme.client:Requesting fresh nonce
2019-09-06 05:54:53,962:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-09-06 05:54:54,012:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-09-06 05:54:54,013:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101kMvatW1Td6dfjsJ8ALFg8U1ztEPOpRagOU6YxY5dTMc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Fri, 06 Sep 2019 05:54:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 06 Sep 2019 05:54:54 GMT
Connection: keep-alive

My web server is (include version):
NAME=“Ubuntu”
VERSION=“18.04.2 LTS (Bionic Beaver)”

The operating system my web server runs on is (include version):
NAME=“Ubuntu”
VERSION=“18.04.2 LTS (Bionic Beaver)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 18.04.2 LTS”
VERSION_ID=“18.04”

My hosting provider, if applicable, is:
Azure

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

I have tried allowing all traffic on port 80 and then running the command " sudo certbot --nginx" but i get the same error. Can you help me fix this please

Thanks

Are you sure it was exactly the same error the last time you tried, including the Timeout during connect part?

From what I can tell, right now Let's Encrypt has no issues connecting to your server.

Hi @Eva

your server answers ( https://check-your-website.server-daten.de/?q=status.monetagosolutions.com ):

That looks good, checking /.well-known/acme-challenge/random-filename has the expected result http status 404 - Not Found.

Did you change something?

PS: There is no older Letsencrypt certificate.

I’m trying to install the cert for the first time now.

To add to, i was following the steps mentioned here - https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx

Try it one time again:

sudo certbot --nginx -d status.monetagosolutions.com

There is no timeout visible.

http://status.monetagosolutions.com/.well-known/acme-challenge/1234

answers, so --nginx should work or should show another error message.

If that doesn't work, add -vvv to the command and share the output. Perhaps via pastebin.

Hi Juergen
I tried sudo certbot --nginx -d status.monetagosolutions.com and a cert got installed with no errors but my site is now inaccessible now. Wondering what is causing the issue

This is how my nginx config looks like :

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.

from here

server {
server_name mydomain; # Or whatever you want to use
root /var/www/html/Cachet/public;
index index.php;

location / {
    add_header Strict-Transport-Security max-age=15768000;
    try_files $uri /index.php$is_args$args;
}
location ~ \.php$ {
            include fastcgi_params;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_index index.php;
            fastcgi_keep_conn on;
            add_header Strict-Transport-Security max-age=15768000;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot

server_name  mydomain;
listen 80 default;
return 404; # managed by Certbot

}}

=============================

Rechecked your domain via https://check-your-website.server-daten.de/?q=status.monetagosolutions.com - now you have a (good) redirect http -> https:

And a new certificate:

So the certificate creation has worked.

Is there again a firewall? You have to allow https.

Does your port 443 work internal?

curl https://status.monetagosolutions.com/

My bad, i had not allowed traffic on port 443. Did it now and is working as expected. Thanks for your help Juergen!

Regards!

Yep, now it works. But it's a public website, so port 80 should answer. There is a timeout.

If not, the next renew doesn't work, Letsencrypt certificates are only 90 days valid. Next renew should start in 60 days, Certbot creates a cron job.

Read

I have now opened port 80 too. Thanks for the info

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.