Need help with https using let's encrypt

ottop · August 5, 2023, 7:50am

So I have made a basic website for a domain and I'm able to run it with http just fine (when I disable http redirection to https and give it the root to my site). However, I tried setting up https with Let's Encrypt and I am unable to make it work so far.

Here's what I used to run certbot:

sudo certbot --nginx

I then left the answer blank when it asked me which url I want to apply it for, www.error502.com or error502.com, so it should be applied to both.

I had already tried it with Apache, but encountered a similar error, so I renewed that when switching to Nginx.

The commands do not give any sort of an error.

I have everything necessary allowed in my cloud provider and am running another site under the same subnet, which uses let's encrypt and works perfectly fine.

Firewall-wise, I have allowed ports 80 and 443 in iptables and ufw is disabled. I used the commands:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

I have tried running the site in Let's Debug and get the following:
https://pastebin.com/xxfaTkDX

I can make it so that the http site does not redirect and loads the site root, which removes that error, but https still fails to work (and I want to redirect to https).

Here's my Nginx config:
https://pastebin.com/JubMe1P0

My domain is: error502.com

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

I have, in addition, tried it with Caddy, which automatically does the https stuff, and face the same issue. The Caddyfile used there is as follows:

error502.com {
	# Set this path to your site's directory.
	root * /var/www/error502

	# Enable the static file server.
	file_server
}

Also If I run:

sudo netstat -anne | grep 443

I get:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          84742     
tcp6       0      0 :::443                  :::*                    LISTEN      0          84741

So the server is listening for the https port.

Osiris · August 5, 2023, 8:34am

Please post the entire output of the Certbot command anyway.

Also, I can connect to your port 80, but not to your port 443: it's timing out.

ottop · August 5, 2023, 9:56am

The certbot command output is here:

Osiris · August 5, 2023, 9:58am

Other than I don't understand why you would choose "Renew & replace the certificate" when you already have a perfectly fine certificate from the looks of it, it indeed looks good.

Then it's just the fact that port 443 is not open and/or port mapped correctly.

ottop · August 5, 2023, 10:02am

It seems you are correct. I seem to have mistaken some firewall rules. Now it works.

system · September 4, 2023, 10:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot - HTTP Challenge with NGINX and HTTP to HTTPS Redirects Help	4	4950	June 21, 2017
Can't get redirection to https working after setup with Certbot Server	9	11974	February 10, 2017
Help with Let's Encrypt Help	2	481	July 2, 2019
Domain doesn't work after Lets Encrypt Help	7	1581	February 17, 2020
Connection Refused when trying validate domain Help	6	724	January 29, 2022

Need help with https using let's encrypt

Related topics