My LetsEncrypt certificate is invalid!


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

beacologin2.ddns.net

I ran this command:

specifically this command: certbot --nginx

It produced this output:

it was successful after completion.

My web server is (include version):

express node version 11
nginx version 1.14

The operating system my web server runs on is (include version):

ubuntu 18.04 Desktop

My hosting provider, if applicable, is:

My ISP is vodafone

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

0.28.0

Side note:
Previously, the first time I used certbot, I tried using it with just a node app (using the npm https module). That worked!

I then thought it would be a better design choice to use a proxy server for SSL rather than embed SSL directly into the node app. When running certbot --nginx, because a certificate was already installed, certbox asked me whether I wanted to reinstall the certificate. I said yes.

Could this be a reason? I see no other reason why it would cause an error? I’ve also disabled ufw incase that was the cause, but that did nothing.


#2

I can’t connect to your server on HTTPS - I get a network timeout. Do you definitely have port 443 forwarded and open on the firewall?

What’s the output of:

certbot certificates

and

grep -REi ssl_certificate /etc/nginx

#3

for certbot certificates:

Found the following certs:
  Certificate Name: beacologin2.ddns.net
    Domains: beacologin2.ddns.net
    Expiry Date: 2019-05-20 23:26:26+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/beacologin2.ddns.net/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/beacologin2.ddns.net/privkey.pem

for the grep command:
/etc/nginx/conf.d/sysmon.conf: ssl_certificate /etc/letsencrypt/live/beacologin2.ddns.net/fullchain.pem; # managed by Certbot
/etc/nginx/conf.d/sysmon.conf: ssl_certificate_key /etc/letsencrypt/live/beacologin2.ddns.net/privkey.pem; # managed by Certbot
/etc/nginx/snippets/snakeoil.conf:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
/etc/nginx/snippets/snakeoil.conf:ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;


#4

ahhh my ISP provider just replied to me in an email saying normally the router blocks ports 80 and 443 even if you port forward them. He just enabled it for my system and now it seems to be working.


#5

Yes, I can connect too, now.

Your certificate seems fine and valid from here. If it’s not valid on your browser, make sure you’ve closed and re-opened the browser tab, that can sometimes keep the invalid certificate error around for no reason.


#6

thanks! :sunglasses:


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.