cemodi
March 15, 2024, 2:28pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:sudo certbot --nginx -d
It produced this output:
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
The operating system my web server runs on is (include version):ubuntu 22.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): using version: certbot 1.21.0
I even testet by manually creating a testfile which worked accessing via browser but everytime i try to set up ssl it is not. Here is my config:
index index.html;
location ~ /.well-known/acme-challenge {
root /var/www/html;
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
rg305
March 15, 2024, 3:05pm
2
Hi @cemodi , and welcome to the LE community forum
Please replace that old apt version of certbot with their latest version: 2.9.0Certbot Instructions | Certbot (eff.org)
And please show the full nginx config, with:
nginx -T
2 Likes
cemodi
March 15, 2024, 10:59pm
3
Hi thank you i installed certbot with snap but having still the same issue. Here is my nginx -T:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 16384;
use epoll; # Efficient network I/O on Linux
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off; # Consider turning on access logs for debugging purposes
error_log /var/log/nginx/error.log crit; # Adjust the logging level as necessary
sendfile on; # Enable high-performance file transfer
tcp_nopush on; # Send headers in one piece
tcp_nodelay on; # Disable Nagle's algorithm for better throughput
keepalive_timeout 20; # Keep connections open
keepalive_requests 1000; # Number of requests per connection, increase as needed
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 3;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Proxy settings for Solana RPC Node - HTTP
server {
listen 80;
server_name
location / {
deny all; # Deny access for all other IP addresses
proxy_pass http://localhost:8899; # Proxy pass to Solana RPC node
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_buffering off; # Turn off buffering for real-time response
}
}
# Proxy settings for WebSocket - Port 81
server {
listen 8900;
server_name
location / {
deny all;
proxy_pass http://localhost:8898; # Proxy pass to WebSocket service
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_buffering off; # Turn off buffering for real-time response
proxy_read_timeout 6000s; # Increase if WebSocket connections drop prematurely
proxy_send_timeout 6000s;
proxy_buffers 8 32k; # Adjust based on your application's requirements
proxy_buffer_size 64k;
}
}
# Include directives for virtual host configurations
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip2.conf:
load_module modules/ngx_http_geoip2_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf:
load_module modules/ngx_stream_geoip2_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# HTTP configuration for domain verification
server {
listen 80;
listen [::]:80;
server_nam
index index.html;
location ~ /.well-known/acme-challenge {
root /var/www/html;
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
You have two server blocks with same name. I am surprised though that requests to that domain are not rejected with a 403 due to the deny all in the first one.
In any case, start by merging those two into one or removing the first if you don't need it.
2 Likes
cemodi
March 15, 2024, 11:55pm
5
Awesome it worked thank you !
3 Likes
system
April 14, 2024, 11:55pm
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
