My bad, it’s that I’m running two servers (one with BigBlueButton which is for videoconferencing and another that I’m trying to put TURN on (because it helps the main server when people are behind restrictive firewalls)). The BBB server has Nginx 1.10.3 because BBB only works on Ubuntu Server 16.04.7, and my other server has 1.18. I’m trying to install Cerbot on the TURN which has the latest Ubuntu and Nginx.
As for the error msg.
It shows a failed HTTPS connection.
This means it was successful at HTTP (and got a redirection - as shown above).
Which means the HTTPS is likely misconfigured…
Just enough is shown to be certain that nginx is configured in a way that has confused certbot (and it hasn’t placed the response file in the proper location).
Please show the HTTPS vhost config for that FQDN.
I just put www.morocotagold.gq in my browser and it couldn’t connect, even though morocotagold.gq does. I thought that leaving the Freenom DNS record name blank and only keeping the type, TTL and target was necessary, because its docs say that leaving the ‘name’ field blank assigns the record to my whole domain, but I guess I need to put a www record too. Let me look for that file that another commenter requested.
Fixed. I feel a bit guilty to be asking these probably noob questions and should probably read a book about how to run servers, because I’m just improvising right now.
The HTTPS section is a bit cluttered and includes an undisclosed amount of additional code:
I think we re better off fixing this in HTTP.
That block is very simple (no complications):
server {
listen 80;
listen [::]:80;
server_name morocotagold.gq;
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}
Please adjust that as follows:
server {
listen 80;
listen [::]:80;
server_name morocotagold.gq;
location /.well-known/acme-challenge/ {
access_log off;
# send all challenge requests to a newly created/dedicated folder
root /ACMEchallenges/;
try_files $uri 405;
}#location
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}#server
Note that this method requires the creation of that dedicated challenge folder.
[feel free to change the location to anything you want - but for security, so long as it is only used for this purpose - not a common location]
Anywhere you want: mkdir /ACMEchallenges/ # this will create it at the root mkdir /etc/ACMEchallenges/ # this will create it within the /etc folder mkdir /var/IwantTouseAnotherNAME/ # this will create this “other name” at the /var folder
the location placement is not really an issue.
It will have very little information in it (files).
It will take up very little space.
But it MUST be unique - for security reasons.
It could even be /etc/1234567890/qwertyuiop/asdfghjkl/zxcvbnm
You choose and you don’t need to reveal it here.
So long as it is in there, certbot will see it and use it.
Furthermore we can use that location to test it even before running certbot
For that, place a test text file in that location:
With something like (adjust accordingly): echo "test file" >> /ACMEchallenges/test-file-1234
Then we should be able to see that file with: http://morocotagold.gq/.well-known/acme-challenge/test-file-1234
If so, then all will work - go ahead and run certbot
If that fails, then we must look into the reason(s) for that failure and correct it/them.