Certbot unauthorized and connection errors

Question

I have a spring boot application on Google Cloud, CentOS 7. I wish to install SSL certificate via Let's Encrypt and Certbot. When I use certbot --apache -d mydomain.zone command I receive an error:

My domain is registered on Namecheap. My A records on Google Cloud:

Also I provided google cloud nameservers in Namecheap like in this tutorial: https://www.wpmentor.com/setup-domain-google-cloud-platform/

Can you tell me where the issue is? I also wonder is there an issue with my java code in app. For example sometimes while accessing index page, error_page is called. When I have a method in my controller:

@RequestMapping(value = "/error_page", method = RequestMethod.GET)
public String homeError(Model model)
{
  return "/error_page";
}

I have a different certvbot error:

but when I comment/erase my controller method for error page I receive this error:

Can it be it's an application bug? Or issue with apache?

I tried to turn off Tomcat. Now I receive this error:

Note: My Apache forwards to 8080, I don't know will it make any issue?

iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port  8080

slightly_toasted · Accepted Answer · 2022-02-15T20:11:16.767

1

Let's Encrypt is attempting to verify your ownership of the server by spinning up a temporary web server and having the Let's Encrypt servers try to contact it.

You will need to:

Disable any currently running web servers
Make sure port 80 is accessible from the internet

You already took care of step 1 by stopping Apache, now you need to fix your iptables rule.

Looks like you're forwarding traffic from port 80 to port 8080, this is most likely why you're getting the Connection refused error, since the temporary web server's traffic is getting black-holed to port 8080. Disable/fix that rule and the verification should succeed.

edited Feb 15 '22 at 20:11

answered Feb 15 '22 at 19:57

slightly_toasted

804
5
14

It works! I have a few questions: 1. I will return my redirect to 8080, because Apache is on 80 and Apache Tomcat is on 8080 and I don't wish 8080 to be visible in the URL. Will this be an issue when the certificate needs to be renewed? 2. My https part is colored in red and it says it's not secure. Is this normal with Let's encrypt or I need to do additional configurations in Apache files? – LosmiNCL Feb 15 '22 at 21:12
@LosmiNCL It won't be a problem as long as you can temporarily make port 80 reachable from the internet like you just did. – slightly_toasted Feb 15 '22 at 21:19
@LosmiNCL If https is red then something is wrong with your web server config. Most likely Apache Tomcat isn't pointed to the files generated by certbot. – slightly_toasted Feb 15 '22 at 21:23
It's not red if I type https://mydomain, it's red only when it's https://ip_address so It's probably ok – LosmiNCL Feb 15 '22 at 21:24
@LosmiNCL yup you're all set – slightly_toasted Feb 15 '22 at 21:25

Certbot unauthorized and connection errors

1 Answers1