Errors creating a certificate

I followed Jacob's video "HLS Streaming Server with NGINX" and was able to get a live stream running when the HTML viewer file is local, but hit the same problem Jacob did in the video with HTTPS when trying to view the live stream from my website.

While following Jacob's SSL certificate instructions I get stuck. I've tried various ways with no success (two follow). I wondered if the problem is that I'm using my own local Ubuntu 18.04 as the server, rather than using a remote serve like Jacob did?

First method:
tim@TBR2-ACER:~$ sudo certbot –nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): livestream.theboxroom.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for livestream.theboxroom.com
nginx: [error] invalid PID number "" in "/run/nginx.pid"
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. livestream.theboxroom.com (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for livestream.theboxroom.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: livestream.theboxroom.com
   Type:   None
   Detail: No valid IP addresses found for livestream.theboxroom.com


Second method:
tim@TBR2-ACER:/opt/letsencrypt$ ./letsencrypt-auto certonly –standalone
Requesting to rerun ./letsencrypt-auto with root privileges…
[sudo] password for tim:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): livestream.theboxroom.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for livestream.theboxroom.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.


I don't understand, because I can successfully connect to it:
tim@TBR2-ACER:~$ ping livestream.theboxroom.com
PING livestream.theboxroom.com (192.168.0.14) 56(84) bytes of data.
64 bytes from TBR2-ACER (192.168.0.14): icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from TBR2-ACER (192.168.0.14): icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from TBR2-ACER (192.168.0.14): icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from TBR2-ACER (192.168.0.14): icmp_seq=4 ttl=64 time=0.036 ms
^C
— livestream.theboxroom.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3031ms
rtt min/avg/max/mdev = 0.026/0.035/0.046/0.009 ms

I'd greatly appreciate any help I can get.

Thanks a lot,

t!m

The IP address you've used for livestream.theboxroom.com is 192.168.0.14

That IP address is your local IP address, which has been assigned to your computer (TBR2-ACER) by your router via DHCP.

Any IP address that starts with 192.* is a local network IP address and is not routable on the public internet.

You need to be using your public IP address for the livestream.theboxroom.com DNS A record (which can be found at a site like

What Is My IP? See My IP Address and My IP Location

What Is My IP? See My IP Address and My IP Location /*! This file is auto-generated */ !function(c,l){"use strict";var e=!1,o=!1;if(l.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},c.wp.receiveEmbedMessage);else if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(!t);else if(!(t.secret||t.message||t.value));else if(/[^a-zA-Z0-9]/.test(t.secret));else{for(var r,s,a,i=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=0;o

View

or search for 'my public ip v4').

After you update your DNS A record for livestream.theboxroom.com to your public IP, you'll need to forward the ports used by letsencrypt to verify your request and issue your certificate.

You should log into your router and forward ports 80 and 443 for the HTTP/HTTPS server to 192.168.0.14.

If you plan on using other servers for streaming, you will also need to forward those ports to 192.168.0.14.

Thanks a lot for answering, Nanch, I really appreciate it!

I also appreciate, after reading your answer, that I'm not quite ready for this yet :-) I've got a little more to learn.

Thanks again!
 

My pleasure.

The best way to learn is to do!

Hosting things behind your router firewall adds complexity. You could always sign up for a $5/month Digital Ocean droplet and play around with a server with a publicly routed IP address without a firewall. If you delete your droplet, you only pay for the time you use.

Best of luck

I've commented on the video location. Once again thank you Jacob!

I explained on the video page that I have set everything as directed and I have streams over http. However over https I have no streams.

The fault I receive is:
Chrome: This site can’t provide a secure connectionssltest.wirewax.cyou sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

Firefox developer: Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Anyone able to shed any light on this?

Digital Ocean Droplet with ubuntu and nginx.

Xolphin ssl check says " The certificate could be verified and is installed properly. "

**********
UPDATE
**********
Watching your video again I've carefully went over the steps and the debugging protocols you use.

My server video is showing a 404 error but attributed to nginx 1.14, which I know is the Digital Ocean version, which I've never installed but somehow its in there. Note that my http stream works.

I ran your commands, found around 25 minutes in, to purge python-certbox-nginx:

root@200630-hls-restream-nohttps-s-1vcpu-2gb-lon1-01:~# sudo apt purge python-certbox-nginx
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to locate package python-certbox-nginx
root@200630-hls-restream-nohttps-s-1vcpu-2gb-lon1-01:~# sudo apt remove nginx*
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to locate package nginx-1.19.0
E: Couldn't find any package by glob 'nginx-1.19.0'
E: Couldn't find any package by regex 'nginx-1.19.0'
E: Unable to locate package nginx-rtmp-module

I can restart nginx and can send a stream to it, but again I have this nginx 1.14 404 error.

Your video goes too quick for me to see how to remove nginx1.14 and I'm now scared to touch anything :-D

**************************************
2nd UPDATE
**************************************

I uninstalled nginx (sudo apt-get purge nginx nginx-common)

The .conf file remained in place.

I reinstalled nginx-1.17.10. Once again I can stream to it and the SSL is recognised by SSL Check.

I can also identify in "console" that a connection is now being made. Everything is blue and recognises nginx-1.17.10, but it still won't play the stream. JW PLayer shows a generic 232011 error.


Can someone advise how to clear this error and move this forward?







 

I started again, with Jacob's video, from the very beginning and I am pleased to say it is now working. Woohoo! I reckon I tried to fix the nginx-14 issue by breaking something else.

Starting again was cathartic and very benefical. I've now became reasonably good at getting these up and running quickly. To reiterate what was said above, the best way top learn is to do. Sometimes it really is a mindfield out there trying to find good advice. This place rocks.