Page Not Accessible after Installing letsencrypt with Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
tubnet-bw.cf

I ran this command:
certbot

It produced this output:
Congratulations! You have successfully enabled https://tubnet-bw.cf

You should test your configuration at:

My web server is (include version):
nginx/bionic-updates,bionic-security,now 1.14.0-0ubuntu1.7 all [installed]

The operating system my web server runs on is (include version):
Ubuntu 18.04 (5.4.0-1025-oracle)

My hosting provider, if applicable, is:
Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

P.S. I have tried helping myself but I am stuck. If it helps I have already run a scan at:
https://check-your-website.server-daten.de/?i=17dc68e7-3efc-4228-9724-7c9afe10654f
but I don't know how to interpret what I am seeing.

Most likely you need to open port 443 (TCP) on your firewall.

HTTPS runs on a different port to HTTP, so when you enable it, you need to make sure to allow traffic on the new port.

1 Like

Thanks @_az. ufw status shows HTTPS FULL so http and https should be ok. Even with that set I did have to still specifically allow port 80 with:

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT sudo netfilter-persistent save

Should I do this for 443?

1 Like

It's worth a try. Maybe run it without the save first and see whether it makes any difference.

At the moment, connections to 443 are being rejected:

$ nc -v tubnet-bw.cf 443
nc: connect to tubnet-bw.cf port 443 (tcp) failed: No route to host
2 Likes

@_az Thank you so much! A+ from ssllabs! I have been battling with this all weekend. Thanks again. I have been going between different guides trying to get my web app up, then get nginx to proxy it and finally to letsencrypt it. None of them mentioned that even with ufw disabled you still need to explicitly allow ports 80 and 443, or at least that's how it is for Ubuntu 18.04 on Oracle Always Free Tier. A new check with https://check-your-website.server-daten.de/?i=53da0d6c-c64b-4d84-b2e3-4b74f2a5be0c shows grade E though. Should I be concerned?

1 Like

I think the Grade E is complaining about the fact that http://www.tubnet-bw.cf redirects to https://tubnet-bw.cf rather than keeping the www.

One might argue this is a matter of taste - your SSL setup seems good.

I don't think that's normal. It's definitely a peculiarity of whatever you have installed on your OS (or what Oracle ships in their VM images).

@_az I will ignore it and go with the A+. Thanks again.

@_az I was even beginning to think they were blocking port 80 from external requests but when I googled I found someone that mentioned port 80 might need to be explicitly opened, but even then it didn't dawn on me that I needed to open 443 too. Well I learned in my failure so I guess it balances out. I just hope anybody using Oracle's Always Free Tier and having this issue will find the solution.

2 Likes