Need help with https using let's encrypt

So I have made a basic website for a domain and I'm able to run it with http just fine (when I disable http redirection to https and give it the root to my site). However, I tried setting up https with Let's Encrypt and I am unable to make it work so far.

Here's what I used to run certbot:

sudo certbot --nginx

I then left the answer blank when it asked me which url I want to apply it for, or, so it should be applied to both.

I had already tried it with Apache, but encountered a similar error, so I renewed that when switching to Nginx.

The commands do not give any sort of an error.

I have everything necessary allowed in my cloud provider and am running another site under the same subnet, which uses let's encrypt and works perfectly fine.

Firewall-wise, I have allowed ports 80 and 443 in iptables and ufw is disabled. I used the commands:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

I have tried running the site in Let's Debug and get the following:

I can make it so that the http site does not redirect and loads the site root, which removes that error, but https still fails to work (and I want to redirect to https).

Here's my Nginx config:

My domain is:

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

I have, in addition, tried it with Caddy, which automatically does the https stuff, and face the same issue. The Caddyfile used there is as follows: {
	# Set this path to your site's directory.
	root * /var/www/error502

	# Enable the static file server.

Also If I run:

sudo netstat -anne | grep 443

I get:

tcp        0      0   *               LISTEN      0          84742     
tcp6       0      0 :::443                  :::*                    LISTEN      0          84741  

So the server is listening for the https port.

Please post the entire output of the Certbot command anyway.

Also, I can connect to your port 80, but not to your port 443: it's timing out.

1 Like

The certbot command output is here:

Other than I don't understand why you would choose "Renew & replace the certificate" when you already have a perfectly fine certificate from the looks of it, it indeed looks good.

Then it's just the fact that port 443 is not open and/or port mapped correctly.


It seems you are correct. I seem to have mistaken some firewall rules. Now it works.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.