Migrating from AWS to Vultr - Unable to install the certificate

So I was setting up my certificate for a project, which I’m moving over to Vultr from AWS. However this time I was writing a bash script while I was installing all the software necessary, to automate this process in the future and practice bash scripting. I am not sure if this has anything to with the issue I am having, however I felt it was worth mentioning. I was trying automate the prompt message responses. Still trying to figure out how to automate all the responses, this is what ended up entering before I answered the prompts manual:

yes A | sudo certbot --nginx -d band-manager.ca -m wesley.coderre@gmail.com

certbot didn’t like, so I abandoned the automation to answer multiple prompts for now. Now I’m getting this message when I try to set up my certificate.

**IMPORTANT NOTES:**
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/band-manager.ca/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/band-manager.ca/privkey.pem
   Your cert will expire on 2020-01-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

Also certbot is not writting any configuration in my /etc/nginx/sites-available/default file.

So I copy the config from my Amazon Ec2 instance which had the same domain name. And I still cannot see my nginx server when I go to the domain after setting up my google domains dns with the new public IP.

here’s my nginx config:

server {
    server_name band-manager.ca www.band-manager.ca;
    location / {
        proxy_pass http://localhost:5050;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/band-manager.ca/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/band-manager.ca/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = band-manager.ca) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name band-manager.ca www.band-manager.ca;
    return 404; # managed by Certbot


}

What’s happening here? Is the certbot certificate the reason I cannot see my nginx server?

My domain is:

band-manager.ca

I ran this command:

It produced this output:

My web server is (include version):

Nginx

The operating system my web server runs on is (include version):

ubuntu 18.04

My hosting provider, if applicable, is:

Vultr

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.0

curl -Iki https://band-manager.ca/
curl: (7) Failed to connect to band-manager.ca port 443: Connection refused

curl -Iki http://band-manager.ca/
curl: (7) Failed to connect to band-manager.ca port 80: Connection refused

1 Like

Rather than feeding yes into certbot, you can run Certbot non-interactively with --non-interactive / -n.

You might need a few more flags like --agree-tos, but you'll get there with some trial and error.

Need the full log file from /var/log/letsencrypt/letsencrypt.log.

1 Like

Hey thanks for the tips, I tried to post that file however its a bit messy from when I tried to automate the prompt responses. I got this message from the form when I tried to post it:

Body is limited to 32000 characters; you entered 1007852.
Sorry, new users can only put 20 links in a post.

I’ll post the last bit of the log file.

Here:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1126, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 760, in _install_cert
    path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 516, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 191, in deploy_cert
    vhosts = self.choose_vhosts(domain, create_if_no_match=True)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 301, in choose_vhosts
    str(self.config.tls_sni_01_port))]
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 349, in _vhost_from_duplicated_default
    default_vhost = self._get_default_vhost(domain, allow_port_mismatch, port)
  File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 387, in _get_default_vhost
    " block for %s. Set the `server_name` directive to use the Nginx installer." % domain)
certbot.errors.MisconfigurationError: Could not automatically find a matching server block for band-manager.ca. Set the `server_name` directive to use the Nginx installer.
2019-11-02 19:41:34,872:DEBUG:certbot.main:certbot version: 0.31.0
2019-11-02 19:41:34,872:DEBUG:certbot.main:Arguments: ['-v']
2019-11-02 19:41:34,873:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-11-02 19:41:34,882:DEBUG:certbot.log:Root logging level set at 10
2019-11-02 19:41:34,883:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-11-02 19:41:34,884:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2019-11-02 19:41:35,011:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f8c8b6bfd30>
Prep: True
2019-11-02 19:41:35,013:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f8c8b6bfd30> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f8c8b6bfd30>
2019-11-02 19:41:35,013:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2019-11-02 19:41:35,021:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/70862682', new_authzr_uri=None, terms_of_service=None), f9dbc1fbcb6f7c2f0a71fc537172cd3f, Meta(creation_dt=datetime.datetime(2019, 11, 2, 8, 1, 12, tzinfo=<UTC>), creation_host='vultr.guest'))>
2019-11-02 19:41:35,023:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-11-02 19:41:35,026:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-11-02 19:41:35,222:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2019-11-02 19:41:35,223:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 02 Nov 2019 19:41:35 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "zNkKZkS29Ks": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2019-11-02 19:42:01,809:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1113, in run
    domains, certname = _find_domains_or_certname(config, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 425, in _find_domains_or_certname
    raise errors.Error("Please specify --domains, or --installer that "
certbot.errors.Error: Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

Try adding:
-d band-manager.ca -d www.band-manager.ca

I remove www.band-manager.co from my nginx config because the domain never worked even with my AWS server. Got certbot to run threw with one command:

sudo certbot --nginx -d band-manager.ca -m wesley.coderre@gmail.com --agree-tos -n

still getting the same message back however I’m noticing this now:

Could not automatically find a matching server block for band-manager.ca. Set the server_name directive to use the Nginx installer.

before the IMPORTANT NOTES block.

Hi @coder

what says

nginx -T

Name: band-manager.ca
Address: 96.30.199.6

Name: www.band-manager.ca
Address: [Non-existent domain]

If you add an A record (or CNAME) in the dns zone you can use the www name.

Thank means you haven't properly configured your server [blocks].

here's the output of nginx -T :

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

Thanks for the tip on setting up my dns, I had band-manager.ca working and was wondering how to get it working with www. as well.

Hmm… I’am using the same configuration for my server block as I was using on my Amazon EC2 instance. I wonder what I’ve missed.

here’s the current config again a little tidier than my last post with this in it. :

server {
    server_name band-manager.ca;
    location / {
        proxy_pass http://localhost:5050;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/band-manager.ca/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/band-manager.ca/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = band-manager.ca) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name band-manager.ca;
    return 404; # managed by Certbot


}

note: I copy and pasted this config directly from my Amazon server. certbot was failing to add the additional lines for SSL as it had on my previous servers.

There you see the problem.

No port 80 server block.

Add one, so Certbot is able to use the port 80 block as template to create a port 443 block.

Yikes.. I gotta make sure not to miss that next time.

So I've reconfigured the /etc/nginx/sites-available/default including listen 80:

server {
    listen 80;
    server_name band-manager.ca;
    location / {
        proxy_pass http://localhost:5050;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

reloaded nginx sudo systemctl reload nginx

And ran certbot again:

sudo certbot --nginx -d band-manager.ca -m wesley.coderre@gmail.com --agree-tos -n

However certbot is still returning this message and not updating my nginx config :frowning:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal
Keeping the existing certificate
Could not automatically find a matching server block for band-manager.ca. Set the `server_name` directive to use the Nginx installer.

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/band-manager.ca/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/band-manager.ca/privkey.pem
   Your cert will expire on 2020-01-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

I'm thinking at this point I should wipe the server, spin up a new cloud instance and start from scratch, at least I'll have my bash script to automate most of the install. Though I'd much rather solve the problem and figure out what was going on here.

Please save your certificate and re-use it.

There is a rate limit:

If you delete the certificate and you have created too much certificates, you have to wait.

Will wiping the Vultr instance destroy my certificate? I have this same certificate (well what I think is the same Certificate) on an Amazon server. Which I was going to wipe as well, as soon as I set up my App on Vultr.

I don't know what you are doing. But there are some users, they recreate instances again and again - in the end, they have hitted the rate limit.

Im moving a site from Amazon EC2 to Vultr. I’ve use certbot a few times in the past. Once for my project that I am moving from Amazon. The other time for my portfolio DNS wescoderre.dev. which I’ve run certbot two time on. In different clouds finally settling on Digital Ocean. Where certbot worked perfectly. Now the task is putting up SSL on my site band-manager.ca on a Vultr Cloud instance.

So in total I have two Domain Names using certbot. band-manager.ca and wescoderre.dev.

I’m not sure if that means I have Two certificates. Or if I’ve created more than two from doing the following.

  1. Amazon EC2 ran certbot for DNS band-manager.ca
  2. Amazon EC2 ran certbot for DNS wescoderre.dev for deployment demo, then wiped/terminated the instance
  3. Digital Ocean Droplet ran certbot for DNS wescoderre.dev
  4. Vultr Cloud Instance ran certbot for band-manager.ca : currently having problems and that’s why I’m here

Checking your domain there is no answer - https://check-your-website.server-daten.de/?q=band-manager.ca

The ip is a vultr:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
band-manager.ca A 96.30.199.6 Atlanta/Georgia/United States (US) - Choopa Hostname: 96.30.199.6.vultr.com yes 1 0
AAAA yes

But no connection works:

Domainname Http-Status redirect Sec. G
http://band-manager.ca/
96.30.199.6 -2 1.390 V
ConnectFailure - Unable to connect to the remote server
https://band-manager.ca/
96.30.199.6 -2 1.390 V
ConnectFailure - Unable to connect to the remote server
http://band-manager.ca/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
96.30.199.6 -2 1.390 V
ConnectFailure - Unable to connect to the remote server

Looks like some basics are missing, a running port 80 is required.

If there is such a picture, Certbot can’t work. First fix the basics.

1 Like

Okay, I think I understand now… Tho I’ve never had to manual openned port 80 or got port 80 running in the past. At least not on Digital Ocean, it may be open by default. I think I’ve set it up on the amazon ec2 console before. However never manual on a server.

I’m guessing adding listen 80 in the nginx file is not all I have to do here to open that port. This is gonna take me some digging around for me to figure it out.

Just tried opening port 80 and 433 manual and reloading nginx with the server block listening it port 80.

here’s the steps I took.

sudo ufw enable
sudo ufw allow 80/tcp
sudo ufw allow 433/tcp
sudo ufw status

output:

Status: active

To                         Action      From
--                         ------      ----
Nginx Full                 ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
433/tcp                    ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
433/tcp (v6)               ALLOW       Anywhere (v6)             

sudo certbot --nginx -d band-manager.ca -m wesley.coderre@gmail.com --agree-tos -n

output: same message as I previously listed in the passed messages.

sudo systemctl reload nginx

sudo certbot --nginx : manually entered the things, got the same output as before.

sudo nginx -t

output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

sudo systemctl status nginx

output:

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-11-03 21:20:47 UTC; 11s ago
     Docs: man:nginx(8)
  Process: 32567 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 32331 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
  Process: 32592 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 32582 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 32596 (nginx)
    Tasks: 2 (limit: 504)
   CGroup: /system.slice/nginx.service
           ├─32596 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─32599 nginx: worker process

Nov 03 21:20:47 vultr.guest systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 03 21:20:47 vultr.guest systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Nov 03 21:20:47 vultr.guest systemd[1]: Started A high performance web server and a reverse proxy server.

netstat -ntlp | grep LISTEN

output:

tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      3095/redis-server 1 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      490/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      605/sshd            
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      598/postgres        
tcp        0      0 127.0.0.1:5050          0.0.0.0:*               LISTEN      9278/node /var/www/ 
tcp6       0      0 ::1:6379                :::*                    LISTEN      3095/redis-server 1 
tcp6       0      0 :::22                   :::*                    LISTEN      605/sshd            
tcp6       0      0 ::1:5432                :::*                    LISTEN      598/postgres        

Looks like nginx isn’t running or listening. And certbot failed to update the server block listening to port 80 again. Vultr so far has been a pain to setup up certbot on. Hope this information can help us solve this issue.

Same question again. What says nginx -T? If that doesn't listen a server block with the correct name, that isn't active.

sites-available

Is the site enabled?

And it's port 443, not 433. But let Certbot create the vHost.

If an online tool can't see your port 80, Certbot can't work. So use online tools first to check if your port 80 works.

1 Like