I can't reach the HTTP site via a "normal" browser.
4 Likes
Hi, I can confirm you have fixed the https connection for your server - I can access it normally now if I ignore the self signed cert.
I can also confirm http over port 80 (in a browser or otherwise) still isn't working, no idea why it works for you and nobody else, you won't get http validation to work if you don't fix that. Obviously if it works for you I can understand that you don't see the problem, however the problem does indeed exist. Automatic upgrade from http to https only works if your http works and it's not getting that far.
If you are unable to reproduce and solve the http problem, you will be unable to use http validation. To be very clear, no matter how well it works for you, http does not work for people accessing your system - this is a you problem. Currently you are working under the assumption that you're right and we're wrong - this will not help you achieve your desired outcome.
Alternatives include DNS validation and tls-alp-01.
3 Likes
I'm sorry if I gave the impression that my attitude was "I'm right you're wrong". That wasn't my intention/thinking at all. When I tested it off-site it's possible that I neglected to specify the http. I'll check again when I can. I sure appreciate your help.
Brian
3 Likes
Thanks Brian, sorry I hope I wasn't being mean - I was just trying to impress upon you that there is a genuine problem.
The only real difference with http is the port number and the answering service, so double check you are forwarding port 80 to the right place and that whatever answers that is handling http normally and is not just a listener that does nothing.
2 Likes
It's all good. I checked netstat and indeed nothing was listening on 80 really. So I must not have explicitly tested http off-site.
I'm still learning NixOS and some things are a bit different. I was able to explicitly open 80.
It's neither here nor there at this point because I got a cert from my domain provider. Just a few bucks with whois protection which I wanted anyway.
But I really appreciate the letsencrypt project and will try again next domain I set up.
Thanks to you and the others who pitched in.
Brian
2 Likes
Ok, glad you got a solution. who-is privacy is standard on most registrars and is unrelated to your certificates, so if you use a registrar like cloudflare etc the also give you free who-is privacy and free certs etc. Their DNS is also easily automated for things like DNS validation.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.