Question

Connection refused to NodeJs/GraphQL App (droplet) and unable to renew Letsencrypt certificates

Posted September 17, 2021 132 views
NginxNode.jsLet's EncryptGraphQLDigitalOcean Droplets

I received this email from Let’s Encrypt Team:

*“Your certificate (or certificates) for the names listed below will expire in 0 days (on 15 Sep 21 13:50 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

eloo-api.hoofdindewolken.nl
eloo.hoofdindewolken.nl”*

I tried to renew the SSL certificates, but there are errors:

*root@dokku-ubuntu-s-1vcpu-1gb-ams3-01:~# dokku letsencrypt:auto-renew eloo-backend
eloo-backend
=====> Auto-renew eloo-backend…
=====> Enabling letsencrypt for eloo-backend
—–> Enabling ACME proxy for eloo-backend…
Reloading nginx configuration (via systemctl): nginx.service.
—–> Getting letsencrypt certificate for eloo-backend…
- Domain ‘eloo.hoofdindewolken.nl’
- Domain 'eloo-api.hoofdindewolken.nl’
2021/09/15 19:05:41 No key found for account richard@hoofdindewolken.nl. Generating a P256 key.
2021/09/15 19:05:41 Saved key to /certs/accounts/acme-v02.api.letsencrypt.org/richard@hoofdindewolken.nl/keys/richard@hoofdindewolken.nl.key
2021/09/15 19:05:42 [INFO] acme: Registering account for richard@hoofdindewolken.nl
!!!! HEADS UP !!!!

   Your account credentials have been saved in your Let's Encrypt
   configuration directory at "/certs/accounts".

   You should make a secure backup of this folder now. This
   configuration directory will also contain certificates and
   private keys obtained from Let's Encrypt so making regular
   backups of this folder is ideal.
   2021/09/15 19:05:42 [INFO] [eloo.hoofdindewolken.nl, eloo-api.hoofdindewolken.nl] acme: Obtaining bundled SAN certificate
   2021/09/15 19:05:43 [INFO] [eloo-api.hoofdindewolken.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31309342400
   2021/09/15 19:05:43 [INFO] [eloo.hoofdindewolken.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31309342410
   2021/09/15 19:05:43 [INFO] [eloo-api.hoofdindewolken.nl] acme: Could not find solver for: tls-alpn-01
   2021/09/15 19:05:43 [INFO] [eloo-api.hoofdindewolken.nl] acme: use http-01 solver
   2021/09/15 19:05:43 [INFO] [eloo.hoofdindewolken.nl] acme: Could not find solver for: tls-alpn-01
   2021/09/15 19:05:43 [INFO] [eloo.hoofdindewolken.nl] acme: use http-01 solver
   2021/09/15 19:05:43 [INFO] [eloo-api.hoofdindewolken.nl] acme: Trying to solve HTTP-01
   2021/09/15 19:05:43 [INFO] [eloo-api.hoofdindewolken.nl] Served key authentication
   2021/09/15 19:05:44 [INFO] [eloo-api.hoofdindewolken.nl] Served key authentication
   2021/09/15 19:05:44 [INFO] [eloo-api.hoofdindewolken.nl] Served key authentication
   2021/09/15 19:05:45 [INFO] [eloo-api.hoofdindewolken.nl] Served key authentication
   2021/09/15 19:05:49 [INFO] [eloo-api.hoofdindewolken.nl] The server validated our request
   2021/09/15 19:05:49 [INFO] [eloo.hoofdindewolken.nl] acme: Trying to solve HTTP-01
   2021/09/15 19:05:57 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31309342400
   2021/09/15 19:05:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31309342410
   2021/09/15 19:05:57 Could not obtain certificates:
       error: one or more domains had a problem:
   [eloo.hoofdindewolken.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://eloo.hoofdindewolken.nl/.well-known/acme-challenge/LnZdHab96VAV4fvIhnNBicce7rKPH7IVXjvTT5-mjms [76.76.21.21]: 404

—–> Certificate retrieval failed!
—–> Disabling ACME proxy for eloo-backend…
Reloading nginx configuration (via systemctl): nginx.service.
! Failed to setup letsencrypt
Check log output for further information on failure*

As a result

https://eloo.hoofdindewolken.nl/ can’t be loaded because
POST https://eloo-api.hoofdindewolken.nl/api/graphql gives net::ERRCERTDATE_INVALID.

I tried some things, and as a result the error at https://eloo.hoofdindewolken.nl/ changed to net::ERRCONNECTIONREFUSED.
Still, I am unable to renew the certificates.

Also status nginx gives:

*● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-06-09 15:24:54 UTC; 3 months 8 days ago
Docs: man:nginx(8)
Process: 192440 ExecReload=/usr/sbin/nginx -g daemon on; masterprocess on; -s reload (code=exited, status=0/SUCCESS)
Main PID: 1705882 (nginx)
Tasks: 2 (limit: 1137)
Memory: 5.9M
CGroup: /system.slice/nginx.service
├─ 192441 nginx: worker process
└─1705882 nginx: master process /usr/sbin/nginx -g daemon on; master
process on;

Sep 16 08:12:20 dokku-ubuntu-s-1vcpu-1gb-ams3-01 nginx[192062]: nginx: [warn] conflicting server name “eloo.hoofdindewolken.nl” on 0.0.0.0:80, ignored
Sep 16 08:12:20 dokku-ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Sep 16 08:12:43 dokku-ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Sep 16 08:12:43 dokku-ubuntu-s-1vcpu-1gb-ams3-01 nginx[192241]: nginx: [warn] conflicting server name “eloo.hoofdindewolken.nl” on [::]:80, ignored
Sep 16 08:12:43 dokku-ubuntu-s-1vcpu-1gb-ams3-01 nginx[192241]: nginx: [warn] conflicting server name “eloo.hoofdindewolken.nl” on 0.0.0.0:80, ignored
Sep 16 08:12:43 dokku-ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Sep 16 08:12:59 dokku-ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Sep 16 08:12:59 dokku-ubuntu-s-1vcpu-1gb-ams3-01 nginx[192440]: nginx: [warn] conflicting server name “eloo.hoofdindewolken.nl” on [::]:80, ignored
Sep 16 08:12:59 dokku-ubuntu-s-1vcpu-1gb-ams3-01 nginx[192440]: nginx: [warn] conflicting server name “eloo.hoofdindewolken.nl” on 0.0.0.0:80, ignored
Sep 16 08:12:59 dokku-ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
*

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!