Error While Installing SSL Certificate in CHT 4.0.0 with Docker

raghav_karki · October 29, 2024, 5:07am

Hi everyone,
I’ve set up CHT 4.0 on a server and am trying to install an SSL certificate, but I’m encountering the following error:

Current UFW Status:-

cc @gaarimasharma @sanjay

mrjones · October 29, 2024, 5:15am

Hi @raghav_karki - welcome to the forums! Thanks so much for reaching out - let’s figure out how we can help you.

Can you start with the steps that you followed to set up certbot? It’s been a while since we’ve reviewed them, but maybe you followed our TLS Cert docs for Docker? I see the /home/ubuntu/cht/certbog/docker-compose.yml path in your screenshot, so it makes me think “yes”

As well, can you confirm you’re on CHT 4.0.0? If you’re looking to do a new deployment, we’d recommend going with 4.13.0

Finally, can you please confirm you have a both a static IP and a working DNS entry for that static IP, and the DNS entry is what you’re using in your cert? (eg DOMAIN=cht.example.com)

Thanks!

raghav_karki · October 29, 2024, 6:20am

Thanks @mrjones for your response .
the verison we are using is 4.11.0 and following the same documentation for itTLS doc . The instance is hosted in AWS and the domain name is pointed to the ip and i have used the same DNS entry in certbot .env file . The main problem is that its not responding the HTTP request but responding fine when using the HTTPS request .

so is it a problem form the server side or any problem with the config itself .

raghav_karki · October 29, 2024, 7:17am

@mrjones the issues has been solved . The problem was port 80 for the server side was disable. the process was successful but the SSL still was not applied

mrjones · October 29, 2024, 2:45pm

@raghav_karki - that’s great news that you’re making progress!

Two more points to follow up on which hopefully will unblock you:

I see you had STAGING=--staging in the .env file which means you will not get valid certificates. Can you confirm your made the certbot call with this env var empty? Here’s the relevant section from the docs:

If you’re unsure of how this works you can change STAGING= to STAGING=--staging in the /home/ubuntu/cht/certbot/.env file to do repeated tests. Be sure to change this back to STAGING= when you’re ready to create production certificates.
Can you double check you reloaded nginx? It’s step 6

mrjones · October 29, 2024, 9:39pm

@raghav_karki - Since it’d been a while since I’d tested those docs (I wrote them ~1.5 yrs ago!) - I spun an EC2 instance and followed the production steps and the followed the Certbot certificate and it all worked as expected.

We now just need to figure out how you ended up off the happy path! I’m hoping it just has to do with either the STAGING issue or needing to reload nginx. Let me know!