Site can't be reached after certbot certificate installation

Hi all. Greetings!

I’m getting this error after installing a Let’s Encrypt certificate using certbot:
image
I have installed certbot using snap (https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx) and have tried both of these methods:

  1. sudo certbot --nginx (and let certbot update the frappe-bench.conf nginx config file)
  2. Do 1, then add the following in the site_config.json:

    (per: Let's Encrypt setup problem "No site named..." error)
    Then run bench setup nginx to “reset” the nginx config file and let bench update it instead of certbot.
  3. Get a certificate using sudo certbot certonly --nginx and setup nginx with bench setup nginx after adding the ssl_certificate and ssl_certificate keys in the site_config.json.

I noticed that methods 1 and (2, 3) outputs a slightly different frappe-bench.conf file and so I tried both.

There seems to be no problem with the config file as nginx runs fine with methods 1 and (2, 3):


The 443 port is allowed:
image

System runs on Ubuntu 20.04. Frappe, ERPNext, bench versions are:
image

Last year, I have successfully enabled Let’s Encrypt Certificate in ERPNext using the command bench setup lets-encrypt in Ubuntu 18.04 but I’m at Ubuntu 20.04 now and certbot-auto seems to be deprecated already.

I have run out of ideas. Has anyone here experienced the same? I may have just missed something trivial. Is there anything else I could try?

Thank you in so much! Keep safe everyone.

Asking for confirmation because it was not mentioned… did you run

sudo service nginx reload

after?

I’ve been doing this for multiple sites today this is the way I did it:

sudo certbot certonly --nginx

Then

add to the ssl paths to the site_config.json

Then run

bench setup nginx

Then

sudo service nginx reload

Just as a side note: Don’t run sudo certbot --nginx because it creates it own configuration (as you noticed) which is not the configuration needed. If you do run it… run bench setup nginx followed by sudo service nginx reload to undo it.

sudo service nginx reload
Will try again and run this in the end. Thanks for the tip!

I do remember I’ve tried these commands in my attempts:
sudo service nginx reload
sudo service nginx restart
sudo service nginx stop; sudo service nginx start;
I’ll try again. Thanks!

Btw, not sure if it matters but are you also running on the same Ubuntu version?

Yes please I’m using Ubuntu 20.04. Is there a reason you haven’t updated frappe?

My current versions are

image

Try updating. See if that helps.

No reason, just that this is an old installation that I have just picked up. I would update it but I will have to check first how that would impact the current environment.

I see so I should be able to do it too granting we have the same specs. Updating is something I could try next. Thanks!

Btw, the reload does not work for me :frowning: I’m guessing there may be traces of certbot configs or files from my attempts to install the cert that should not be in the server.

I tried to clean up everything by running sudo certbot delete to delete the cert and uninstalled certbot through snap sudo snap remove certbot and manually deleted the letsencrypt files and folders.

And then again installed certbot and the cert/config nginx, but still no luck. Have I cleaned up the certbot files properly?

Should I resort to backup and restore the database in a newly set up ERPNext instance from a clean OS instead? :sweat_smile: :confused: :slightly_frowning_face:

Thanks again for sharing your knowledge!

Are you getting an error when you try to reload?

If reload isn’t working it’s probably an issue with nginx. (I’m no expert so bare with me lol but we will fix this!)

Ok, Here is what I do with the “snapd” version of running certbot. I will start with the process I use to install the snapd and finish with how I get my cert. BTW… This process automatically sets up the site_config.json to work properly and no additional edits are needed.

Here is the process (from one of my Tutorials):

  • Now it is time to work on the SSL certificate. First we need to make sure that ‘certbot’ is not already installed, so we will attempt to remove it just in case
    sudo apt-get remove certbot

  • Now we are going to install the package bundle provider and make sure it is all up-to-date with the latest release of ‘snapd’ and let it handle the certbot for us
    sudo apt install snapd
    sudo snap install core
    sudo snap refresh core

  • Now we use ‘snap’ service to automatically install and configure certbot to work perfectly with your new ERPNext server
    sudo snap install --classic certbot
    sudo ln -s /snap/bin/certbot /usr/bin/certbot

  • Now we can safely use the pre-configured certbot to install your SSL certificate
    sudo certbot --nginx
    (The system will pause at some point and ask you to select the site name you wish to install the certificate from a list of names it found. Be sure to select the URL you used and not ‘site1.local’ at this point)

I have been using this method now for about 3 months and I have done over 20 sites with it. I did one just this morning with v13.8.0 erpnext 13.8.1 frappe.

The only prerequisite is to have already run the “bench config dns_multitenant on” command before attemtping to install a SSL Cert.

Hope this helps.

BKM

2 Likes

I doesn’t return an error so it reads the config file successfully. sudo nginx -t also works. So maybe I’m just unlucky :sweat_smile: I appreciate the support! :slightly_smiling_face:

Thanks for sharing these! I’ll try to set up everything from scratch one of these days using this process.

Any luck with this?

Hi @karrycreativ. I’ve attempted to set up everything from scratch and followed your instructions and got the same result (site cannot be reached). Then I realized that there is another layer of firewall that I had to set up to allow inbound connection to the https port 443.

So I’m marking your answer as the solution. Thank you so much!

1 Like

Awesome! Glad you got it sorted!

1 Like