"/usr/local/etc/letsencrypt/live/cloud.faimanworld.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:systemlibrary:fopen:No such file or directory

goxgrue · May 7, 2023, 3:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.faimanworld.com

I ran this command: certbot --nginx -d cloud.faimanworld.com

It produced this output:

successfulroot@nextcloud:~ # certbot --nginx -d cloud.faimanworld.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for cloud.faimanworld.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: cloud.faimanworld.com
Type: connection
Detail: 223.177.178.7: Fetching http://cloud.faimanworld.com/.well-known/acme-
challenge/_PhZNLiRwl6vPWdQ8JyW2GrvYbyMSVkvEPB-d0eGKRE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): TrueNAS-13.0-U4

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.4.0

I have my ports 80 and 443 open
aslo I can access cloud.faimanworld.com over internet and it lands me at my nextcloud login page, so according to me everything is working fine I just want to enable SSL and https for my nextcloud page

Bruce5051 · May 7, 2023, 5:57pm

Hello @goxgrue, welcome to the Let's Encrypt community.

I see Port 80 is filtered

$ nmap -Pn -p80,443 cloud.faimanworld.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-07 17:55 UTC
Nmap scan report for cloud.faimanworld.com (223.177.178.7)
Host is up (0.31s latency).

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp open     https

Nmap done: 1 IP address (1 host up) scanned in 4.51 seconds

The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires Port 80 access.
Best Practice - Keep Port 80 Open

goxgrue · May 8, 2023, 8:37am

Hi, what does it mean that port 80 is filtered, As I said I have port 80 allowed on my router but still I cannot access http://cloud.faimanworld.com, and due to that the ACME Challenge HTTP01 fails everytime.

How do I solve this issue of port 80 filtered ?

rg305 · May 8, 2023, 11:20am

filtered = closed

Open port 80.

Bruce5051 · May 8, 2023, 3:54pm

As @rg305 has indicated Port 80 needs to Open and Accessible to the Public Internet (including Let's Encrypt validation servers). Open and Accessible means the whole path including your server, local routers & firewalls, ISP, etc.

We really cannot help often with local routers & firewalls, ISP, etc. (sometimes we can).

Since you have stated:

I suggest checking your local routers & firewalls; also has your ISP changed or have they changed their blockage of ports?

system · June 7, 2023, 3:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.