Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: rshii.com (domain.google.com forwarded to subdomain server.rshii.com which is my web server)
I ran this command: certbot --staging --nginx
certbot --staging --authenticator webroot --installer nginx -d admin.rshii.com
certbot --staging --authenticator standalone --installer nginx -d admin.rshii.com --pre-hook “systemctl stop nginx” --post-hook “systemctl start nginx”
It produced this output: All of them result in:
Failed authorization procedure. admin.rshii.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain
My web server is (include version): nginx version: nginx/1.12.1 (Ubuntu) (running as a reverse proxy for apache in backend)
Server version: Apache/2.4.27 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 17.10
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
Additional Information:
I previously only had my webserver set up as server.rshii.com and was successful in obtaining a certificate, however I set up a secondary subdomain to admin.rshii.com for a few other web applications. When running the certbot and including both domains server.rshii.com passes with tls but I still fail on admin.rshii.com for http-01. Also, I have installed certbot from the ppa which is version 0.19 and also in the development version 0.22, both of which return the same results.
Nginx configuration:
server {
listen 80;
listen [::]:80;
root /usr/share/nginx/html/;
index index.php index.html index.htm;
server_name server.rshii.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ .php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server.rshii.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/server.rshii.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
root /usr/share/nginx/management/;
index index.php index.html index.htm;
server_name admin.rshii.com;
location ~ /.well-known {
root /usr/share/nginx/management/;
allow all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ .php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
}
location ~ /.ht {
deny all;
}
}
My Apache2 configuration:
<VirtualHost 127.0.0.1:8080>
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/nginx/html/
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost 127.0.0.1:8081>
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/nginx/management/
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/management/error.log
CustomLog ${APACHE_LOG_DIR}/management/access.log combined
Not sure what else to include that can be of assistance at this moment. I’m using ddclient in a crontab for ensuring the admin.rshii.com and server.rshii.com are my current ip address (which they are)