Let' Encrypt : The client lacks sufficient authorization

Actually they were both enabled (with a2ensite)
You should get rid of the symbolic link first with:
sudo a2dissite /etc/nginx/sites-enabled/landwtools.com
Oh dang!
a2dissite will try to automatically append .conf to the name given.
Which would make then “look” exactly the same … no telling what it will do exactly then [which will get deleted or both?].
I think you will have to remove the unused one “by hand”.
sudo unlink /etc/nginx/sites-enabled/landwtools.com
then
ls -l /etc/nginx/sites-enabled/

thanks, now I understand.

after execute :
$sudo unlink /etc/nginx/sites-enabled/landwtools.com

now I check again :
$ls -l /etc/nginx/sites-enabled/

it shows :
total 0
lrwxrwxrwx 1 root root 34 Sep 14 00:03 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 46 Sep 14 00:27 landwtools.com.conf -> /etc/nginx/sites-available/landwtools.com.conf

now it seems Okay

then I restart Nginx
$sudo systemctl restart nginx

then I execute
$sudo certbot certonly --agree-tos --email admin@landwtools.com --webroot -w /var/lib/letsencrypt/ -d landwtools.com -d www.landwtools.com

it shows :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for landwtools.com
http-01 challenge for www.landwtools.com
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.landwtools.com/.well-known/acme-challenge/dnI3Bd3qpzf_VCu554kTBnR0fnx-9opN9eDV536tY-U: Timeout during connect (likely firewall problem), landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://landwtools.com/.well-known/acme-challenge/KNOcFaUKLhjvopmkVOpGOeZOm_fvO_hsVZtwBCKWZ2o: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

I close all of my firewall

but still can not reach http://landwtools.com, whose error is :
ERR_CONNECTION_TIMED_OUT

Now you believe all the setup in Nginx side are Okay, and I should check the outside friewall things ?

Please advice

Yes, it seems there may be a firewall issue.

First let’s check that your web service is running:
sudo netstat -pant | grep -i listen

Hi, good morning, and first, thanks for all your helps yesterday.

now, after execute $sudo netstat -pant | grep -i listen

it shows:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 759/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1072/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1054/postgres
tcp 0 0 0.0.0.0:8069 0.0.0.0:* LISTEN 1331/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1041/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1072/sshd
tcp6 0 0 :::80 :::* LISTEN 1041/nginx: master

1 Like

Hi, anthor question :

1
when check :

$ls -l /etc/nginx/sites-enabled
it shows :
total 0
lrwxrwxrwx 1 root root 34 Sep 14 00:03 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 46 Sep 14 00:27 landwtools.com.conf -> /etc/nginx/sites-available/landwtools.com.conf

this is the fix result yesterday, it is okay

then I check :

$ls -l /etc/nginx/sites-available

it shows:

total 12
-rw-r–r-- 1 root root 2416 Apr 6 2018 default
-rw-r–r-- 1 root root 341 Sep 14 00:21 landwtools.com
-rw-r–r-- 1 root root 111 Sep 14 00:27 landwtools.com.conf

my question is : whether I also need to delete the 2nd one :
-rw-r–r-- 1 root root 341 Sep 14 00:21 landwtools.com

OK that looks good.

Now please show this:

You don’t HAVE to.
Things in /sites-available/ are only AVAILABLE for use (but not forced to be used).
Things in /sites-enabled/ are ALL USED.

after I quit my firewall, I login http://landwtools.com
it still failed with showing :

This site can’t be reached

landwtools.com took too long to respond.

Try:

ERR_CONNECTION_TIMED_OUT

meanwhile, I check again :

$sudo nginx -T | grep -i ‘server_name|landwtools|virtual|root|listen’

it returns :
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Command ‘listen’’ not found, did you mean:

command ‘listen’ from deb ruby-listen

Try: sudo apt install

Command ‘root’ not found, did you mean:

command ‘toot’ from snap toot (0.27.0)
command ‘roo’ from snap roo (2.0.3)
command ‘rootv’ from deb xawtv
command ‘proot’ from deb proot
command ‘rott’ from deb rott

See 'snap info ’ for additional versions.

Command ‘virtual’ not found, did you mean:

command ‘virtaal’ from deb virtaal

Try: sudo apt install

what those mean?
if I need to sudo apt install , which is the deb name? Is it the Odoo deb package name?

That means the copy/paste or the site has failed you.
What you pasted was changed from what I typed ( ’ ‘ ).
A subtle difference to the eye, but a huge one to the operating system.
Try it again and replace them both with the single quote (next to the enter key).

Can you explain how you did this?

Wa, thanks for this knowledge

I only have 360safe firewall in my computer
I move to the 360safe icon, then righ key my mouse to show the menu, then I choose exit

Or please, there are other more professional ways?

In case the font was too small (and for all other readers to see):
Original:


Your command:

Ok, I don’t know about that firewall.

Do you have another system local to that server (on the same network)?
[so we can test access from there]

Sorry, I see you are using AWS EC2.
I think our wires got crossed.
The firewall is not the one on your computer.
The firewall is the one on the server.
And also in AWS settings.

yes, I am using AWS EC2

I think I only use aws ec2 instance security group as my firewall.

I can not find my ec2 instance firewall from AWS setting, and can you show me more?

thanks

and now I can target my security group under my aws ec2 instance, whose details as below :

image

and do you also need my source information?

whether I can to add http here ?

now, it is okay, after add http. Now I can understand. thanks

1 Like