Screwed up installation of certificate

I have a server running several LXD containers providing various services. I have a NGinx Proxy Manager in place and it is managing all the LE certificates. Working fine.
I've just install NextCloud from a script into an LXD container and it is all up and running fine on http://organiser.petterson.network. When I got to the LE certbot section to put https in place I didn't want to use certbot in the LXD but use the NPM already handling the rest of the certificates. So I set up a NPM host organiser.petterson.network pointing through to my IP and requested a LE certificate. It gave me a certificate OK but it wouldn't forward on https: it said
Secure Connection Failed
An error occurred during a connection to organiser.petterson.network. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG'
So I assumed that it was because NGinx was forwarding to Apache which handled its own SSL so I turned off SSL in NPM and then tried to finish the instructions which installed Certbot and requested a certificate. It failed the request with the message below.
Current situation is NextCloud working OK on HTTP but failure on HTTPS: Obviously I'd like it working on HTTPS before I go live with it. Pref using NPM so I can keep all the certs in one place. Anyone any ideas. I'm guessing it is because I'd already set it up in NPM?

My domain is:
organiser.petterson.network
I ran this command:
sudo certbot --apache
It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: organiser.petterson.network
Type: unauthorized
Detail: 82.25.172.13: Invalid response from http://organiser.petterson.network/.well-known/acme-challenge/mApQtnX8l2EFeS48ZqO3twK_vqXXN6jyJDVmD2P9h00: 404
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.32.2

Hi @Dave_P, and welcome to the LE community forum :slight_smile:

Don't get sidetracked by unrelated possibilities.
The error is clear:

That is an HTTP error/failure [there is NO HTTPS involved (yet)].
You need to follow the packet.

Name:    organiser.petterson.network
Address: 82.25.172.13

Is that the correct IP?
If not, update DNS and start over [and test using the staging environment].
If yes, then what is listening on port 80 [HTTP]?
You write:

Add I see:

curl -Ii organiser.petterson.network
HTTP/1.1 404 Not Found
Server: openresty

So... I'm a bit confused.

6 Likes

That is the IP I see. 80 and 443 are open.
@Dave_P lets go with the flow. !

5 Likes

OK. That IP is correct.
What I believed was listening on Port 80 is the NPM.
The reasoning being is NPM is the only thing that knows to route the HTTP through to the IP for the NextCloud. So as HTTP: works it is NPM that is the first port of call. It then forwards the request through to the internal IP on Port 80 and that works fine. So I brought down NPM to test that theory and it still worked. I then went to the PfSense router and checked there. That pointed the domain directly to the NextCloud server bypassing NPM. I changed PfSense to point to NPM and both HTTP and HTTPS worked for access but without the lock. I then enabled force SSL in NPM and it came up with the padlock and a statement that 'Your connection with this site is not private and information you share with the site could be used by others. I'm going to check the build script as I stopped when I couldn't get LE to load. Perhaps there is more there. Looks +ve though. :slight_smile:

OK. From what I can see the LE component is complete and I need to make sure that NextCloud is configured correctly. I don't quite understand how that when it was pointing directly at NextCloud it failed to generate a cert but such is the woes of Linux when there are so many ways to do everything. Maybe it had to do with the fact I already had a cert through NPM.
Thank you all for your help. It was very much appreciated.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.