Self-hosting what exactly? The webserver? Or did you indeed actually mean you've also set up your own instance of acme-dns, and with that I don't mean the acme-dns-auth.py script used as a hook for Certbot.
The general concept of acme-dns is explained here: GitHub - joohoi/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
Supposedly the py script generated the cname value which I inserted into the domain provider. Yes I see that this is probably not self hosting. So this comes to the knowledge part again. I do not know if I host it and where.
Thanks for the link I will check it rn
Did you test at all?
That should be within the DNS zone.
But I can't find any such CNAME entry there:
nslookup -q=cname _acme-challenge.agoratsp.com ns1.contabo.net
I am seeing this
$ nslookup -q=a _acme-challenge.agoratsp.com ns1.contabo.net.
Server: ns1.contabo.net.
Address: 79.143.182.242#53
Name: _acme-challenge.agoratsp.com
Address: 38.242.206.228
The above is DNS A Record UNEXPECTED!
$ nslookup -q=cname _acme-challenge.agoratsp.com ns1.contabo.net.
Server: ns1.contabo.net.
Address: 79.143.182.242#53
*** Can't find _acme-challenge.agoratsp.com: No answer
$ nslookup -q=txt _acme-challenge.agoratsp.com ns1.contabo.net.
Server: ns1.contabo.net.
Address: 79.143.182.242#53
*** Can't find _acme-challenge.agoratsp.com: No answer
One expects to find a DNS TXT or CNAME Record, neither were found.
Don't -q=a to anything like: _acme-challenge.*
There should never be an IP there.
Correct, but I check for things that shouldn't happen. I am odd that way.
Ok, but report on it when it returns something unexpected.
Otherwise, it may just clutter the rest of the more relevant information being provided.
If we checked for all things that shouldn't be there and reported on them when we don't find them...
There wouldn't be enough disk space to hold all that we don't find.
[Although, I'm sure YouTube would give us a run for our money!]
I did an edit, hopefully that helps a little bit.
OK, yes, that is very unexpected.
[I though it had returned NXD]
I now see what you mean.
mea culpa
I should have paid less attention to the squirrels ...
I do not know how you mean test but I succesfully managed to run certbot and get a succesful result. The issue was that the CNAME record I updated was on the domain provider side and not on the dns provider(hosting provider). My issue now is that https is still not working but I suppose there is a problem with my nginx configuration. Should I sent it over?
Sure.
Show:
certbot certificates
and the secure vhost block configuration.
Certbot certificates
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: agoratsp.com
Serial Number: 4a40b59469afbebef0dbc419cebdfda8d9c
Key Type: RSA
Domains: agoratsp.com
Expiry Date: 2023-05-09 04:56:59+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/agoratsp.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/agoratsp.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/etc/nginx/agoratsp.conf:
server {
listen 80;
listen [::]:80;
server_name agoratsp.com www.agoratsp.com;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
location / {
# reverse proxy for next server
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
return 301 https://www.agoratsp.com/$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/html;
}
}
/etc/nginx/nginx.conf:
events { worker_connections 1024; }
http {
server {
listen 80;
server_name localhost;
root agora-next;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
There is no secure vhost block shown.
Please show:
nginx -T
This is trying to do two opposing things:
It can't do both.
Pick one and remove the other.
nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
configuration file /etc/nginx/nginx.conf:
events { worker_connections 1024; }
http {
server {
listen 80;
server_name localhost;
root agora-next;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
This file isn't being used:
Nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
events { worker_connections 1024; }
http {
server {
listen 80;
server_name [redacted];
root agora-next;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
How can I use it?
# configuration file /etc/nginx/nginx.conf:
events { worker_connections 1024; }
http {
server {
listen 80;
server_name [redacted];
root agora-next;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
include /etc/nginx/agoratsp.conf; ### ADD THIS LINE
}