Setting up a certificate for DigitalOcean/Mastodon 1-Click?

My domain is: kobolds.space

I ran this command: certbot --nginx -d kobolds.space --staging

It produced this output: Timeout during connect (likely firewall problem)

My web server is (include version): Not sure

The operating system my web server runs on is (include version): Ubuntu?

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know): Can SSH to droplet

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, DigitalOCean

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.27.0

I'm tearing my hair out over this.

Trying to set up a Mastodon instance using the 1-click app on DigitalOcean.

Have it on a droplet, have a mail service for SMTP, everything else is fine up until the certification step.

I've tried using ufw to open ports 80 and 443, and have a firewall set up on DO's control panel doing the same.

A checkyourwebsite test is showing:

domain.name A has the IP and details, but AAAA is blank

www.domain.name has a Name Error

*.domain.name has Name Errors for A, AAAA and CNAME

All have is Auth = yes.

1 Like

I can't connect on ports 22, 80, or 443.

Are you sure you didn't setup any firewall rules so that only you can connect to your server?

Could you take a screenshot of your DigitalOcean firewall page, ufw status verbose and also ip a?

1 Like

[quote="ClipClopBoom, post:1, topic:135685"]
certbot --nginx -d kobolds.space --staging
[/quote]ufw

I tried a clean droplet and deleted the DO firewall now I'm happy ufw is showing the same.

(Only allowed one image per post)

Your domain name currently resolves to 159.65.86.22.

According to that screenshot, your droplet's IP address is something else entirely.

You need to update your domain's DNS to the new IP address of the droplet. If you have already done that, you may need to wait up to an hour, as annoyingly, DigitalOcean have introduced some DNS caching on their side which sticks around for the TTL (1 hour in your case).

1 Like

Ah, thanks.

The first deployment had a fatal error of some kind, looks like the DNS didn't update.

This is why I'm normally a hardware person...

Really appreciate the assist

2 Likes