Staging work but production fails

My domain is: war.dayroxy.online/

I ran this command:
sudo certbot --nginx -d war.dayroxy.online -d www.war.dayroxy.online

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/war.dayroxy.online.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for war.dayroxy.online and www.war.dayroxy.online

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: war.dayroxy.online
  Type:   connection
  Detail: 87.237.52.121: Fetching http://war.dayroxy.online/.well-known/acme-challenge/B23lAEjI69FcAmz-kSiih8NvyQDi16oW-UJtcYs-yxI: Connection reset by peer

  Domain: www.war.dayroxy.online
  Type:   connection
  Detail: 87.237.52.121: Fetching http://www.war.dayroxy.online/.well-known/acme-challenge/Z3NP0slILkedK_HdMYyiAS8JOi6gLQMEUs87S1v-hx4: Connection reset by peer

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@vps-zap579597-2:~# nano /etc/nginx/
conf.d/            fastcgi_params     koi-win            modules-available/ nginx.conf         scgi_params        sites-enabled/     uwsgi_params
fastcgi.conf       koi-utf            mime.types         modules-enabled/   proxy_params       sites-available/   snippets/          win-utf

My web server is (include version):
nginx version: nginx/1.22.1

The operating system my web server runs on is (include version):
Debian GNU/Linux 12 (bookworm)

My hosting provider, if applicable, is:
https://zap-hosting.com/

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.1.0

Using staging works fine:

root@vps-zap579597-2:~# sudo certbot --nginx -d war.dayroxy.online -d www.war.dayroxy.online --staging
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for war.dayroxy.online and www.war.dayroxy.online

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/war.dayroxy.online/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/war.dayroxy.online/privkey.pem
This certificate expires on 2024-11-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for war.dayroxy.online to /etc/nginx/sites-enabled/war.conf
Successfully deployed certificate for www.war.dayroxy.online to /etc/nginx/sites-enabled/war.conf
Congratulations! You have successfully enabled HTTPS on https://war.dayroxy.online and https://www.war.dayroxy.online

and the nginx config "After the staging part"

  GNU nano 7.2                                                                  /etc/nginx/sites-enabled/war.conf *
server {
    server_name war.dayroxy.online www.war.dayroxy.online;
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/war.dayroxy.online/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/war.dayroxy.online/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = www.war.dayroxy.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = war.dayroxy.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name war.dayroxy.online www.war.dayroxy.online;
    return 404; # managed by Certbot
}

it is just the production that is not working

DNS: Cloudflare

A www.war.dayroxy.online -> 87.237.52.121
A war.dayroxy.online -> 87.237.52.121
No proxy TTL Auto

Please use --dry-run to test using staging, as using --serverwill re-use already valid authorizations without trying to validate again.--dry-run` will actively deactivate valid authz and will always try to re-authorize the hostnames.

2 Likes

Hey everyone! altho staging worked and production didn't i did some debugging with the hosting company turns out that the ip for production was blocked they provided me with a new ip and it worked thanks everyone! :slight_smile:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.