I set up nginx with a VPN and reverse proxy years ago using info here (thanks a ton for that!) but a few months ago several things stopped working. I've had a terrible time trying to figure out why, and I think I finally narrowed it down to the SSL cert or something in that area.
I'm running Ubuntu 20.04. I used to use Couchpotato but I thought that might have been my issue so I tried to set up Radarr with Jackett and had the same issues.
Other things that might be causing my issue but I think are set up properly: I did replace my router, and my ip address changed. I made sure to change the ip in the reverse proxy config, and I'm forwarding all the necessary ports in my router.
After seeing in the logs that it was unable to connect to https sites, I decided to just redo my certificate and that doesn't seem to take either. I used the info here: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx to try to reinstall or renew the certificate.
When I try to do that, I get the following error:
What else I know: I can successfully reach my website via https, and it says the certificate is valid, although it looks weird. It says the CA is G3, when I would think it would say lets encrypt. Also, here is the error log in Jackett:
Any advice is apprecaited.
I'm running Ubuntu 20.04. I used to use Couchpotato but I thought that might have been my issue so I tried to set up Radarr with Jackett and had the same issues.
Other things that might be causing my issue but I think are set up properly: I did replace my router, and my ip address changed. I made sure to change the ip in the reverse proxy config, and I'm forwarding all the necessary ports in my router.
After seeing in the logs that it was unable to connect to https sites, I decided to just redo my certificate and that doesn't seem to take either. I used the info here: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx to try to reinstall or renew the certificate.
When I try to do that, I get the following error:
Code:
Renewing an existing certificate for nevitt33.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: my-domain-name.com
Type: connection
Detail: Fetching http://my-domain-name.com/.well-known/acme-challenge/MH12---------------b1emACCvRd5sq8zN1RhDY: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Code:
2021-08-05 18:28:16.7613 Error Error checking for updates.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Exception: certificate validation failed: [Subject]
CN=*.github.com, O="GitHub, Inc.", L=San Francisco, S=California, C=US
[Issuer]
CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1, O="DigiCert, Inc.", C=US
[Serial Number]
0168D575F1CE8728AD95A8F11EF1598B
[Not Before]
3/24/2021 6:00:00 PM
[Not After]
3/30/2022 5:59:59 PM
[Thumbprint]
968407DF0B1CF65814DFD7333557519B154D8CE7
at Jackett.Common.Utils.Clients.HttpWebClient2.ValidateCertificate(HttpRequestMessage request, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) in /home/vsts/work/1/s/src/Jackett.Common/Utils/Clients/HttpWebClient2.cs:line 50
at System.Net.Http.ConnectHelper.<>c__DisplayClass3_0.b__0(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertificateValidationCallback remoteCertValidationCallback, ProtocolToken& alertToken, SslPolicyErrors& sslPolicyErrors, X509ChainStatusFlags& chainStatus)
at System.Net.Security.SslStream.CompleteHandshake(ProtocolToken& alertToken, SslPolicyErrors& sslPolicyErrors, X509ChainStatusFlags& chainStatus)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at FlareSolverrSharp.ClearanceHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at Jackett.Common.Utils.Clients.HttpWebClient2.Run(WebRequest webRequest) in /home/vsts/work/1/s/src/Jackett.Common/Utils/Clients/HttpWebClient2.cs:line 170
at Jackett.Common.Utils.Clients.WebClient.GetResultAsync(WebRequest request) in /home/vsts/work/1/s/src/Jackett.Common/Utils/Clients/WebClient.cs:line 185
at Jackett.Common.Services.UpdateService.CheckForUpdates() in /home/vsts/work/1/s/src/Jackett.Common/Services/UpdateService.cs:line 106
2021-08-06 18:28:16.7754 Info Checking for updates... Jackett variant: CoreLinuxAmdx64
2021-08-06 18:28:17.2294 Error Error checking for updates.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.