LetsEncrypt Failure To Cert - OracleCloud - Nginx

My domain is: panel.carrotmc.com
I ran this command: certbot certonly -d panel.carrotmc.com
It produced this output: https://jasmeow.pics/R4J2iX.png
My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: OracleCloud
I can login to a root shell on my machine (yes or no, or I don't know): Yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Self hosted Pterodactyl panel. I can assure you it works on all other systems using the same configuration, but something on OracleCloud is blocking the cert generation.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Oracle Cloud doesn't even exist in the supported/unsupported providers, so I am extremely lost on how to get this working: https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920

Attempting to generate certificate for panel.carrotmc.com. Ports are open on the subnet on Oracle Cloud, shown below:


If I delete port 22 from these ingress rules, I cannot SSH in, and adding it back I can, so I know the rules actually do something. Sadly I have never used Oracle Cloud so having a spot of bother. Some assistance would be amazing.

Please let me know what i can do to resolve this problem. If I boot up my own VM on another hosting provider, no issues whatsoever, such as https://panel.nebulahost.net, which is my company. I support my clients installing Ptero panels for them, it's a Gameserver panel.

1 Like

Hi @JasmeowTheCat and welcome to the LE community :slight_smile:

From your first picture, I can see that certbot is being run in standalone mode.
This makes is a bit more difficult to troubleshoot; as there is no active HTTP server regularly running.

Your second picture:

returns "403 Forbidden".
So we can't see which ports have been opened - please ensure port 80 is being allowed through.
I get this immediate response now:

curl -Ii http://panel.carrotmc.com/
curl: (56) Recv failure: Connection reset by peer

Which appears to be a firewall blocking HTTP.


Haha the one time my file uploader breaks so I can't show you open ports! God dammit! My extreme apologies:


1 Like

OK that parts seems to be correctly allowing the necessary ports.
But I think your OS might also have a firewall blocking port 80.

sudo ufw status



UFW was disabled, so it wasn't that. I then had a thought... hmmm... IP tables? Yep, it was. My client is a donut and added this rule:


Albeit good, but that's unfortunately his fault for adding that, not me! Thank you so much for trigging my brain to think outside the box RG lol.


Quote of the day!:



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.