Renewing certificate behind https


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hyperimes.com

I ran this command: usr/bin/certbot renew

It produced this output: Attempting to renew cert (hyperimes.com) from /etc/letsencrypt/renewal/hyperimes.com.conf produced an unexpected error: Failed authorization procedure. hyperimes.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://hyperimes.com/.well-known/acme-challenge/blHjAPfq7M2ecnfk1F7jR3WThcYPt-GiqIPCTZLpN7s: Timeout. Skipping.

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

https://hyperimes.com/.well-known/acme-challenge/test.txt is reachable. But still having problems with renewing the certificate.

I am running nginx with http to https rewrite, is this the problem ?


#2

The rewrite shouldn’t be an issue, as Let’s Encrypt follows up to several redirects. Could you post the relevant vhost configuration and Let’s Encrypt log files? At a glance I don’t see any reason this wouldn’t be working.


#3

Hi @doludizgin,

I can’t reach your http site too:

$ curl -IkL http://hyperimes.com
curl: (7) Failed to connect to hyperimes.com port 80: Connection timed out

but I can reach your https site:

$ curl -IL https://hyperimes.com
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 13 Sep 2017 16:41:23 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 08 Jul 2017 10:36:58 GMT
Connection: keep-alive
ETag: "5960b5ca-264"
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

So seems a firewall blocking port 80 or something not properly configured in your nginx conf :slight_smile:

Cheers,
sahsanu


#4

@doludizgin , If you are using proper rewrite rule , when we hit http://hyperimes.com it should redirect to https://hyperimes.com . can you post your config here.

or

make site available in http and https by removing rewrite rule .so that it can reach your site .


#5

Oh stupid me, blocked port 80…

it worked.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.