CertBot tool unable to access, web server problems
I am trying to set up CertBot as a step in setting up a mail service.
A debugging tool from CertBot's help area attempted to log into my web service but got the following error, showing that it could not bring up my website.
AAAANotWorking
Error
adonax.com has an AAAA (IPv6) record (2600:3c01::f03c:92ff:fe93:5fa0) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.
A timeout was experienced while communicating with adonax.com/2600:3c01::f03c:92ff:fe93:5fa0: Get http://adonax.com/.well-known/acme-challenge/letsdebug-test: dial tcp [2600:3c01::f03c:92ff:fe93:5fa0]:80: i/o timeoutTrace:
@0ms: Making a request to http://adonax.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2600:3c01::f03c:92ff:fe93:5fa0)
@0ms: Dialing 2600:3c01::f03c:92ff:fe93:5fa0
@10000ms: Experienced error: dial tcp [2600:3c01::f03c:92ff:fe93:5fa0]:80: i/o timeout
What can I do to troubleshoot this?
Checking the hosts file:
XXXXXXX@adonax:/opt/web/AdonaxBase/logs$ cat /etc/hosts
127.0.0.1 localhost
45.33.104.6 adonax.com adonax
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
2600:3c01::f03c:92ff:fe93:5fa0 adonax.com adonax
Checking DNS -- AAAA record, also matches.
Slight doubt: the domain field of the AAAA record remains blank in my LinodeManager GUI. I'm thinking this is normal due to my only having one domain. Yes? Also, I initially put in the wrong IPv4 and IPv6, but have since corrected them (hours ago, and the TTL with Linode is set to 10 minutes).
The software that is being used for the web server is Jetty (a java-based server). The commands "service jetty status" show that it is running.
● jetty.service - LSB: Jetty start script.
Loaded: loaded (/etc/init.d/jetty; generated)
Active: active (running) since Thu 2019-10-24 14:38:18 PDT; 45min ago
Docs: man:systemd-sysv-generator(8)
Process: 2963 ExecStart=/etc/init.d/jetty start (code=exited, status=0/SUCCESS)
Tasks: 25 (limit: 1109)
CGroup: /system.slice/jetty.service
└─3000 /usr/bin/java -Djetty.home=/opt/jetty […more]
The command "netstat -nlp | grep 80 " gives:
tcp6 0 0 :::80 :::* LISTEN 3000/java
The command "sudo lsof -i :80" gives:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 3000 root 38u IPv6 4748281 0t0 TCP *:http (LISTEN)
I changed the nameservers on my old ISP to point to linode yesterday.
A ping from my laptop succeeds.
C:\Users\XXXXXXX>ping 2600:3c01::f03c:92ff:fe93:5fa0
Pinging 2600:3c01::f03c:92ff:fe93:5fa0 with 32 bytes of data:
Reply from 2600:3c01::f03c:92ff:fe93:5fa0: time=28ms
Reply from 2600:3c01::f03c:92ff:fe93:5fa0: time=26ms
Reply from 2600:3c01::f03c:92ff:fe93:5fa0: time=77ms
Reply from 2600:3c01::f03c:92ff:fe93:5fa0: time=74msPing statistics for 2600:3c01::f03c:92ff:fe93:5fa0:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 77ms, Average = 51ms
A couple days ago I WAS able to access my website with the Jetty service via IPv4 and port :8080. But during the course of prepping for adding an email service, this capability was lost. I've since changed the output port setting to :80 in Jetty's "html.ini" file being loaded as part of the service.
I don't know when I lost the ability to get a website up.
Any suggestions as to what to check?
An odd thing: nginx was using port 80, blocking Jetty's start earlier today. I uninstalled nginx (I'm planning to use DoveCot, I don't recall ever installing nginx) and was able to start the Jetty service after that.
1 Reply
I've lost track of how this got resolved. I suspect that the issue involved my not properly managing the port permissions. These can be checked with the tool UFW.
Good guide for that: How to Configure a firewall with UFW
Another issue that might have been involved in this problem would have been specific to the webserver I installed, Jetty. There were steps required to configure the use of a tool called AUTHBIND which allowed Jetty to use port 80 despite not having root privileges.