SSL Certificate Not Working

Hopefully this does the trick

(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --add-port=80/tcp --permanent 
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --add-port=443/tcp --permanent 
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --add-port=8000/tcp --permanent 
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$ 

Nope. You might be better off disabling that until you get HTTP requests working

Right now port 80 fails

curl -i http://harmonyapp.org
curl: (7) Failed to connect to harmonyapp.org port 80 after 2 ms: 
No route to host

Really, is there some reason you think you need that on top of EC2 Security Group and VPC options?

No not really, how do I disable these ports?

nvm I figured it out

(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --remove-port=443/tcp --permanent 
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --remove-port=80/tcp --permanent 
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$  sudo firewall-cmd --remove-port=8000/tcp --permanent 
Warning: NOT_ENABLED: 8000:tcp
success
(thought_sync_django-channels) [ec2-user@ip-172-31-38-94 thought_sync_django-channels]$ 

Not so sure. Let's Debug still fails HTTP (port 80)

I was getting a timeout, then and now. A 'no route to host' would be kinda weird, as in, usually this means something responds with an ICMP packet? Did you get this error all the time?

Never. I just changed the security group to accept each of the ports individually. What should I do/try next?

Yes, for port 80 to this domain I have only ever seen "No Route to Host". I can reach port 22 and for 8001 I have always gotten "Connection Refused". The Let's Debug test from its own server gets same No Route error (while Staging reports something different).

I still see these same responses now.

Does this mean I have to go to the AWS Route tab and edit the Route table?

Have you tried disabling that firewall-cmd system completely? If so and your EC2 Security Group is correct then check your AWS VPC

This is sort of routine comms config and not related to Let's Encrypt directly. Anyone trying to connect to your domain would fail. We often help with these basics but you may need to consult with AWS support. Or, whoever provided the instructions you are following.

Use https://letsdebug.net to test your connection. Or even a machine other than that EC2 instance (so not curl from ssh). Like try a mobile phone with wifi disabled to use your carrier network (or even with wifi on for that matter since we're testing a connection to AWS)

How do I uninstall the firewall-cmd package? Or do I have to do something else to remove it?

That means you should consult with AWS support or whoever has provided your config instructions We sort of cross-posted. We're not an all-purpose support site.

Thank you for your time! The AWS discord servers never respond in a timely manner, or at all. Recommendations on how to get reliable AWS support?

AWS is a complex service which can have a steep learning curve. Their docs are often helpful. Perhaps it is not the right service for you. There are many hosting options. Perhaps choose one that provides exactly what you need "out of the box" rather than having to DIY every bit.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.