- changed status to closed
ACME SSL certs behind proxy with ssl do not work
Issue #232
closed
If I run poste behind a reverse proxy that already terminate SSL then ACME certs don't work:
[2017-10-12 03:06:33] LEScript.INFO: Account already registered. Continuing.
[2017-10-12 03:06:33] LEScript.INFO: Starting certificate generation process for domains
[2017-10-12 03:06:33] LEScript.INFO: Requesting challenge for mail.mills.io
[2017-10-12 03:06:33] LEScript.INFO: Sending signed request to /acme/new-authz
[2017-10-12 03:06:34] LEScript.INFO: Got challenge token for mail.mills.io
[2017-10-12 03:06:34] LEScript.INFO: Token for mail.mills.io saved at /opt/www//.well-known/acme-challenge/FWn15nepTTu59MyYnIWPQDDun_YxBtOcCG8GcTwt9Ow and should be available at http://mail.mills.io/.well-known/acme-challenge/FWn15nepTTu59MyYnIWPQDDun_YxBtOcCG8GcTwt9Ow
[2017-10-12 03:06:34] LEScript.ERROR: Please check http://mail.mills.io/.well-known/acme-challenge/FWn15nepTTu59MyYnIWPQDDun_YxBtOcCG8GcTwt9Ow - token not available
[2017-10-12 03:06:34] LEScript.ERROR: #0 /opt/admin/src/Analogic/LetsEncryptBundle/Handler/LeHandler.php(55): Analogic\ACME\Lescript->signDomains(Array)
[2017-10-12 03:06:34] LEScript.ERROR: #1 /opt/admin/src/Analogic/LetsEncryptBundle/Controller/LeController.php(74): Analogic\LetsEncryptBundle\Handler\LeHandler->renew(true)
[2017-10-12 03:06:34] LEScript.ERROR: #2 [internal function]: Analogic\LetsEncryptBundle\Controller\LeController->issueAction(Object(Symfony\Component\HttpFoundation\Request))
[2017-10-12 03:06:34] LEScript.ERROR: #3 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(153): call_user_func_array(Array, Array)
[2017-10-12 03:06:34] LEScript.ERROR: #4 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
[2017-10-12 03:06:34] LEScript.ERROR: #5 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(171): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
[2017-10-12 03:06:34] LEScript.ERROR: #6 /opt/admin/web/app.php(22): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
[2017-10-12 03:06:34] LEScript.ERROR: #7 {main}
It would be nice to be able to get certs for IMAPS/POP3S/SMTPS this way but as my instance is already behind a reverse proxy with SSL this doesn't work so well. See the URL it exposes?
Comments (2)
-
repo owner
-
I am reopening this as i have this exact issue but the RP is on another devices is there a solution for this ?
Would adding dns verification be a solution ? - Log in to comment
Please see working docker-compose with reverse proxy
https://gist.githubusercontent.com/analogic/51fbe91b580d7913b72320f89bf994cc/raw/7dc4f4d413f5d3de314558de9c987fb022d6df1a/docker-compose.yml
(I am closing this because its old ticket, please reopen if you want...)