Please help: Ensure the listed domains point to this nginx server and that it is accessible from the internet

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mrpinoy.cf

I ran this command: sudo certbot --nginx -d mrpinoy.cf -d www.mrpinoy.cf

It produced this output:

aving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mrpinoy.cf and www.mrpinoy.cf

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mrpinoy.cf
Type: connection
Detail: Fetching http://mrpinoy.cf/.well-known/acme-challenge/uOch7mqR-JapyslwAAym7Afw-Bqb_4eCeX20xSzkPa8: Timeout during connect (likely firewall problem)

Domain: www.mrpinoy.cf
Type: connection
Detail: Fetching http://www.mrpinoy.cf/.well-known/acme-challenge/b9OYODoJ7FE_eQiwdOvZe-FOjlTY1CieOblU78OEvOc: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): Nginx

The operating system my web server runs on is (include version): macOS Catalina 10.15.7

My hosting provider, if applicable, is: freedom.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Welcome to the community @lyle.slover

Your title asks to help verify your DNS and access to your server.

Your DNS points to an IP 3.135.98.127. There is no way for us to know if that is correct but you can confirm this yourself. A command of curl ifconfig.co from your server will return your IP. Many other ways to confirm but this is easy way.

This site can help you test connection to your site.
https://letsdebug.net/

Right now that site shows the same error you show from Certbot.

You said your hosting service is freedom.com but when I go to that website it redirects me to freedommortgage.com. Who is your hosting service? Or, are you self-hosting?

Also, are you running the Homebrew MacOS?

2 Likes

Hello and thanks for the quick reply.

This is output of ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.45.224 netmask 255.255.240.0 broadcast 172.31.47.255
inet6 fe80::8a0:a0ff:fe28:a4b8 prefixlen 64 scopeid 0x20
ether 0a:a0:a0:28:a4:b8 txqueuelen 1000 (Ethernet)
RX packets 171472 bytes 233086689 (233.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25243 bytes 2976320 (2.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 446 bytes 43888 (43.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 446 bytes 43888 (43.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Can you show

curl ifconfig.co
2 Likes

I already fixed this issue and pointed my domain to 172.31.45.224, but the error still occur.

I am sorry. If you do not want to take my advice I will not help anymore. (that 172 ip may not be the public ip)

2 Likes

If 3.135.98.127 is your EC2 elastic IP address, then the problem may be that you need to open port 80/tcp and port 443/tcp in your EC2 Security Group.

2 Likes

Just fyi, EC2 can have a public IP address without needing it to be an Elastic IP. But, agreed the Security Group may need adjusting. I see how you got that from the IP. Was not clear from the posts AWS was involved at all.

1 Like

That IP is in the RFC 1918 range 172.16/12.
[non-routable directly via the Internet]

You need a working HTTP site before you can secure it (via HTTP authentication).

3 Likes

curl ifconfig.co
105.156.27.48

1 Like

That is your public IP and what should be in your DNS.

Right now you do not have any DNS records for your domain name. You had them before. This is an intro to domain names and DNS perhaps this helps.

I cannot reach your nginx server using that IP address. If you are still on AWS you should review your Security Groups.

Note: That was not the IP you had in DNS at first. You should know that if you are not using an Elastic IP with EC2 that each time you stop and start the EC2 Instance you will get assigned a new IP and you must update the DNS. I do not know this is why you have a new IP - I am just noting it.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.