If I am wrong, please correct me.
Yes, you will need to allow HTTP (to pass HTTP validation and get a cert)
and also HTTPS (if that is where you are going to use the cert)
when I login my website at http://landwtools.com, it can only shows :
but it still can not show as below which it should be :
which means my Nginx is still with problem, isnât it?
So when I move forward to Letâs Encrypt, and execute the command
$sudo certbot certonly --agree-tos --email admin@landwtools.com --webroot -w /var/lib/letsencrypt/ -d landwtools.com -d www.landwtools.com
it still not shows success :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for landwtools.com
http-01 challenge for www.landwtools.com
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verificationâŚ
Cleaning up challenges
Failed authorization procedure. landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://landwtools.com/.well-known/acme-challenge/mZw-Kfo-ZMeUlzV7IzfgqCgmrY2b7xdJkKuGzDjBpq8: Timeout during connect (likely firewall problem), www.landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.landwtools.com/.well-known/acme-challenge/JRKFsmBRvjECJ0F5dTUYLJHcaz9pPgzg8nly6DLQgS4: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: landwtools.com
Type: connection
Detail: Fetching
http://landwtools.com/.well-known/acme-challenge/mZw-Kfo-ZMeUlzV7IzfgqCgmrY2b7xdJkKuGzDjBpq8:
Timeout during connect (likely firewall problem)Domain: www.landwtools.com
Type: connection
Detail: Fetching
http://www.landwtools.com/.well-known/acme-challenge/JRKFsmBRvjECJ0F5dTUYLJHcaz9pPgzg8nly6DLQgS4:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youâre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Firewall seems still be with problem, and do you have more other suggestions ?
Plenty.
Starting with:
You need to get your site working correctly before you continue trying to get a cert for it.
What content is it supposed to be showing (from which folder/path) ?
and you have yet to show this output:
You are aking for a lot of help (mostly with things that have little to do with certbot/LE) and you are providing almost no answers to any questionsâŚ
Aa, finally get the dream âcongratulationâ
It is due to newly added http which should be with custom IP in 0.0.0.0/0 instead previously incorrected automatic populated IP while select MY IP
Anyway, I will continue for the rest step, and while have new problems, I will ask you.
Thanks, and nice day
Only if they are related to certbot or LetsEncrypt.
Okay, I can fully respect now. Anyway, thanks for your helps.
One question about Certbo, please
execute
$sudo nginx -T | grep -i âserver_name|landwtools|virtual|root|listenâ
it shows
nginx: [warn] conflicting server name âlandwtools.comâ on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name âwww.landwtools.comâ on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name âwww.landwtools.comâ on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name âlandwtools.comâ on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
then I fix as below
first check
$ls -l /etc/nginx/sites-available
it shows
total 12
-rw-râr-- 1 root root 2416 Apr 6 2018 default
-rw-râr-- 1 root root 341 Sep 14 00:21 landwtools.com
-rw-râr-- 1 root root 960 Sep 15 17:36 landwtools.com.conf
Aa, the famous landwtools.com comes again
so I execute again
$sudo unlink /etc/nginx/sites-enabled/landwtools.com
then it shows
total 0
lrwxrwxrwx 1 root root 34 Sep 14 00:03 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 46 Sep 14 00:27 landwtools.com.conf -> /etc/nginx/sites-available/landwtools.com.conf
which means okay now
but what I am just doing is by hand to unlink
so I try execute
$sudo a2dissite /etc/nginx/sites-enabled/landwtools.com
but it returns
sudo: a2dissite: command not found
my question is
whether I need to install this a2dissite package, which seems an âautomaticâ gay
to execute
$ sudo a2dissite /etc/nginx/sites-enabled/landwtools.com
and then I will do not need hand to unlink this kind of problem?
That is NOT good.
Sorry, I gave you the wrong command ("a2" is for Apache2 - you are running NGINX)
If you don't need the second file, just delete it:
rm /etc/nginx/sites-available/landwtools.com
Hi, thanks for feedback
may I ask for another question :
when I stop my current aws ec2 instance, and then I change my aws instance type ( increase from t2.small to t2.medium ), and then I restart my aws ec2 instance, to my surprise, and when I login landwtools.com, it failed with following displaying :
then I check myself as below :
$ls -l /etc/nginx/sites-available
it returns Ok
$ls -l /etc/nginx/sites-enabled
it returns Ok
So what's this problem from? and Why I can not reach my landwtools.com after I change my aws ec2 instance type only ? Can you give me some advice. Thanks
How are those OK?
Where did the enabled config file go?
Yes, that should be OK.
But I also see the âWelcome to nginx!â default page.
Your system is difficult to troubleshoot.
It doesnât even produce the expected nginx -T
output.
I donât know how to help you with this.
[and the current problem is way outside the realm of this forum]
Otherwise, everything cert related, seems to be working:
- valid cert [expires Mon, 14 Dec 2020 16:26:05 UTC (in 2 months and 26 days)]
- http to https redirection
- https redirects to remove www
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.