SSL Error after Installation

Installation Issues
1

Checklist
[X ] I have read intro post:
[X ] I have read the tutorials, help and searched for similar issues
[ X] I provide relevant information about my server (component names and versions, etc.)
[X ] I provide a copy of my logs and healthcheck
[X ] I describe the steps I have taken to trouble shoot the problem
[ X] I describe the steps on how to reproduce the issue

Hi Guys,
I have tried to set up my Passbolt server with the installer. My server runs on Debian 12 with a Xeon processor. But it fails because of nginx and the SSL validation. I always get an error (this is at the bottom.)

So I can’t access the site because it is redirected to https directly / the fullchain is broken. so I can’t get my passwords. Can anyone help me with this?

root@24fire:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/password.24 lino.de.conf

Renewing an existing certificate for XXX

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: XXX
Type: connection
Detail: 2.56.244.103: Fetching http://passwort.24lino.de/.well-known/acme-challenge/tBo7BPV5PVRT169zC3L1Jvr-TydElS0aHd9JrDQ7SnY: Connection reset by peer

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate passwort.24lino.de with error: Some challenges have failed.

  • All renewals failed. The following certificates could not be renewed:
    /etc/letsencrypt/live/passwort.24lino.de/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

2

Hi Lino,

It looks like you’ve got a Type: connection issue from the LetsEnrypt external service not being able to access your server and the challenge file.

Do you have a challenge folder?
/var/www/letsencrypt/.well-known/acme-challenge

If you create a test text file in that directory can you see it in your browser?
$ echo "test" > /var/www/letsencrypt/.well-known/acme-challenge/testfile

Have you got a section in your nginx.conf such as:

server {
    listen 80;
    server_name passwort.24lino.de;

    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
    }
}

It could be a firewall issue?

It might even be a redirect issue. Which means you could try

certbot renew --nginx --no-redirect

--no-redirect

  • This prevents Certbot from automatically setting up an HTTP-to-HTTPS redirect in Nginx.
  • Useful if HTTPS redirection is causing issues during renewal, especially when Let’s Encrypt needs HTTP access to /.well-known/acme-challenge/.

If that fails you might also try:

systemctl stop nginx
certbot renew --standalone
systemctl start nginx

The --standalone option in Certbot tells it to act as a temporary web server to handle the domain verification process, instead of relying on an existing web server like Nginx or Apache.

I hope this helps.
Let us know how you go!

cheers
gareth