My domain is: war.dayroxy.online/
I ran this command:
sudo certbot --nginx -d war.dayroxy.online -d www.war.dayroxy.online
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/war.dayroxy.online.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for war.dayroxy.online and www.war.dayroxy.online
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: war.dayroxy.online
Type: connection
Detail: 87.237.52.121: Fetching http://war.dayroxy.online/.well-known/acme-challenge/B23lAEjI69FcAmz-kSiih8NvyQDi16oW-UJtcYs-yxI: Connection reset by peer
Domain: www.war.dayroxy.online
Type: connection
Detail: 87.237.52.121: Fetching http://www.war.dayroxy.online/.well-known/acme-challenge/Z3NP0slILkedK_HdMYyiAS8JOi6gLQMEUs87S1v-hx4: Connection reset by peer
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@vps-zap579597-2:~# nano /etc/nginx/
conf.d/ fastcgi_params koi-win modules-available/ nginx.conf scgi_params sites-enabled/ uwsgi_params
fastcgi.conf koi-utf mime.types modules-enabled/ proxy_params sites-available/ snippets/ win-utf
My web server is (include version):
nginx version: nginx/1.22.1
The operating system my web server runs on is (include version):
Debian GNU/Linux 12 (bookworm)
My hosting provider, if applicable, is:
https://zap-hosting.com/
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):certbot 2.1.0
Using staging works fine:
root@vps-zap579597-2:~# sudo certbot --nginx -d war.dayroxy.online -d www.war.dayroxy.online --staging
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for war.dayroxy.online and www.war.dayroxy.online
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/war.dayroxy.online/fullchain.pem
Key is saved at: /etc/letsencrypt/live/war.dayroxy.online/privkey.pem
This certificate expires on 2024-11-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for war.dayroxy.online to /etc/nginx/sites-enabled/war.conf
Successfully deployed certificate for www.war.dayroxy.online to /etc/nginx/sites-enabled/war.conf
Congratulations! You have successfully enabled HTTPS on https://war.dayroxy.online and https://www.war.dayroxy.online
and the nginx config "After the staging part"
GNU nano 7.2 /etc/nginx/sites-enabled/war.conf *
server {
server_name war.dayroxy.online www.war.dayroxy.online;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/war.dayroxy.online/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/war.dayroxy.online/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.war.dayroxy.online) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = war.dayroxy.online) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name war.dayroxy.online www.war.dayroxy.online;
return 404; # managed by Certbot
}
it is just the production that is not working
DNS: Cloudflare
A www.war.dayroxy.online -> 87.237.52.121
A war.dayroxy.online -> 87.237.52.121
No proxy TTL Auto