Let's encrypt and port 80 issue

My domain is: cloudimagewall.xyz

I ran this command: N/A

My web server is (include version): Ubuntu 16.04

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm following this tutorial using Docker Nginx Letsencrypt:

But i got the error when Requesting a certificate:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cloudimagewall.xyz
  Type:   connection
  Detail: Fetching http://cloudimagewall.xyz/.well-known/acme-challenge/-XVii9vyU_jR9xOgxhcate_e176tHZcYKCfIZqG2tXg: Connection refused

I test letsdebug.net website and i see this error:

ANotWorking
ERROR
cloudimagewall.xyz has an A (IPv4) record (139.59.240.138) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://cloudimagewall.xyz/.well-known/acme-challenge/letsdebug-test": dial tcp 139.59.240.138:80: connect: connection refused

Trace:
@0ms: Making a request to http://cloudimagewall.xyz/.well-known/acme-challenge/letsdebug-test (using initial IP 139.59.240.138)
@0ms: Dialing 139.59.240.138
@226ms: Experienced error: dial tcp 139.59.240.138:80: connect: connection refused

This is my ubuntu server firewall status

image982×311 7.89 KB

This is my nginx config:

server {
    listen 80;
    server_name cloudimagewall.xyz www.cloudimagewall.xyz;

    location / {
        return 301 https://$host$request_uri;
    }  

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}

server {
    listen 443 ssl;
    server_name cloudimagewall.xyz;

    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/cloudimagewall.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloudimagewall.xyz/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    location / {
        client_max_body_size 30M;

        proxy_set_header    Host               $http_host;
        proxy_set_header    X-Real-IP          $remote_addr;
        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;

        proxy_pass http://node-app:3000;
        # proxy_redirect off;

        # enable WebSockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
    }
}

I'm stucking in this for hours but cannot solve it, hope someone can help me.

You're missing the www in the secure vhost.

All four connections are being refused:

• http://cloudimagewall.xyz
• http://www.cloudimagewall.xyz
• https://cloudimagewall.xyz
• https://www.cloudimagewall.xyz

Are you sure you are at the right IP address?
From the server, please show the output of:
curl -4 ifconfig.co

the output is: 139.59.240.138

Well that does match DNS:

Name:    cloudimagewall.xyz
Address: 139.59.240.138
Aliases: www.cloudimagewall.xyz

Is there a NAT/PAT device involved?

Sorry I dont understand what NAT/PAT mean so maybe my answer is no

Is there a router involved?
If so, does it do any address, or port, translation?

Ok, where you ever able to reach the HTTP site?

You will need a functional HTTP site in order to secure it (via HTTP authentication method).

Uhm right now all I know is all my docker container running but my nginx container is down
My nginx container keep showing this error:

open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/default.conf:23

nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/default.conf:23

Ok, where you ever able to reach the HTTP site? yes

When i dont using letsencrypt and it working fine

I would start by editing out that part in this file:

[just to get nginx going again]

In my nginx logs it showing this:

cannot load certificate "/etc/letsencrypt/live/cloudimagewall.xyz/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/cloudimagewall.xyz/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

because when i request certificate certbox failed to authenticate:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cloudimagewall.xyz
  Type:   connection
  Detail: Fetching http://cloudimagewall.xyz/.well-known/acme-challenge/C0C2rqlciikQL7--qKVtYLnv4HqH6A2dK117bthJhq4: Connection refused

Can you disable that whole server section of the file?

Oh i just retry to request certificate when all my server container is running and it success

But my url is unsecured for some reason

image1347×737 38.8 KB

It isn't serving the correct certificate.

the url auto add a dash to https and said it unsecure

Now my nginx logs showing this new error:

[error] 15#15: *22 open() "/var/www/certbot/.well-known/acme-challenge/spaJ_9L6kICDfGdO3xJSkluqglyXMwhsySeYAI4ERSw" failed (2: No such file or directory), client: 18.236.228.243, server: cloudimagewall.xyz, request: "GET /.well-known/acme-challenge/spaJ_9L6kICDfGdO3xJSkluqglyXMwhsySeYAI4ERSw HTTP/1.1", host: "cloudimagewall.xyz"

Actually it is using a staging certificate.
Not a real production certificate:
See: SSL Server Test: cloudimagewall.xyz (Powered by Qualys SSL Labs)

Ah you're right I almost forgot the setting to real certificate

And thank you for using the staging environment while testing