1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

Letsencrypt failed if ngnix is in front of poste

Issue #271 resolved
Andreas created an issue

I'm running an nginx reverse proxy Docker in front of poste. See the setup here: https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion

If I generate the ssl certificate for poste from the UI it failed as is was already requested but is not reachable correctly.

Also there is a duplicated slash within 

/opt/www//.well-known

Shown within the logs as displayed below:

[2018-03-14 20:29:47] LEScript.INFO: Account already registered. Continuing.
[2018-03-14 20:29:47] LEScript.INFO: Starting certificate generation process for domains
[2018-03-14 20:29:47] LEScript.INFO: Requesting challenge for mail.myTLD.com
[2018-03-14 20:29:48] LEScript.INFO: Sending signed request to /acme/new-authz
[2018-03-14 20:29:48] LEScript.INFO: Got challenge token for mail.myTLD.com
[2018-03-14 20:29:48] LEScript.INFO: Token for mail.myTLD.com saved at /opt/www//.well-known/acme-challenge/uDgPYn##############################2dnxS3gI and should be available at http://mail.myTLD.com/.well-known/acme-challenge/uDgPYn##############################2dnxS3gI
[2018-03-14 20:29:48] LEScript.ERROR: Please check http://mail.myTLD.com/.well-known/acme-challenge/uDgPYn##############################2dnxS3gI - token not available

I assume I simply create a link from the docker volume of poste to the volume that stores my original letsencrypt certificate, right?

Comments (9)

  1. Andreas reporter

    A workaround would be mount the reverse proxy certs via 

    -v /path/to/certs/key.pem:/data/.../ca.crt:ro

    and so on. I assume this would be the same as upload the three files using the UI and should work, shouldn't it?

  3. Andreas reporter

    Hi, Thanks for the fast repley. I totally agree, mounting the known hosts from the reverse to the mail server seems to be a pretty smart solution. I simply missed that point within your docu. Thank you for thenhints.

    Best regards, Andreas

  4. Andreas reporter

    Hi @analogic ,

    I've mounted the volume as documented and double checked the content which is equals for the docker Host and within the Poste container. But unfortunately, there is still an error shown within the admin backend:

    [2018-03-16 16:17:21] LEScript.INFO: Account already registered. Continuing.
[2018-03-16 16:17:21] LEScript.INFO: Starting certificate generation process for domains
[2018-03-16 16:17:21] LEScript.INFO: Requesting challenge for mail.my-tld.com
[2018-03-16 16:17:21] LEScript.INFO: Sending signed request to /acme/new-authz
[2018-03-16 16:17:22] LEScript.INFO: Got challenge token for mail.my-tld.com
[2018-03-16 16:17:22] LEScript.INFO: Token for mail.my-tld.com saved at /opt/www//.well-known/acme-challenge/uDgPYnra*************************64k2dnxS3gI and should be available at http://mail.my-tld.com/.well-known/acme-challenge/uDgPYnra*************************64k2dnxS3gI
[2018-03-16 16:17:22] LEScript.ERROR: Please check http://mail.my-tld.com/.well-known/acme-challenge/uDgPYnra*************************64k2dnxS3gI - token not available
[2018-03-16 16:17:22] LEScript.ERROR: #0 /opt/admin/src/Analogic/LetsEncryptBundle/Handler/LeHandler.php(55): Analogic\ACME\Lescript->signDomains(Array)
[2018-03-16 16:17:22] LEScript.ERROR: #1 /opt/admin/src/Analogic/LetsEncryptBundle/Controller/LeController.php(74): Analogic\LetsEncryptBundle\Handler\LeHandler->renew(true)
[2018-03-16 16:17:22] LEScript.ERROR: #2 [internal function]: Analogic\LetsEncryptBundle\Controller\LeController->issueAction(Object(Symfony\Component\HttpFoundation\Request))
[2018-03-16 16:17:22] LEScript.ERROR: #3 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(153): call_user_func_array(Array, Array)
[2018-03-16 16:17:22] LEScript.ERROR: #4 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
[2018-03-16 16:17:22] LEScript.ERROR: #5 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(171): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
[2018-03-16 16:17:22] LEScript.ERROR: #6 /opt/admin/web/app.php(22): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
[2018-03-16 16:17:22] LEScript.ERROR: #7 {main}

    poste-ssl-issue.png

    Are there any additional steps required, to get it working again? Do I have to reset some configurations?

    Best regards and Thanks in advance Andreas

  6. Peter Franken

    [2018-03-16 16:17:22] LEScript.ERROR: Please check http://mail.my-tld.com/.well-known/acme-challenge/uDgPYnra*************************64k2dnxS3gI - token not available

    Is this mail.mytld.com domain added to any container's VIRTUAL_HOST env var? In other words, does your reverse proxy actually know where to lead requests to this domain?

    If so, it could be a permissions problem on the .well-known dir which prevents Poste from creating the challenge.

  7. Andreas reporter

    Hi @pcjmfranken,

    yes. I've used the same url for the Poste container it self.

    I've added a new DNS Record next to mail... to the container, which didn't have certificate before.. now it works just fine:

    [2018-03-23 17:54:46] LEScript.INFO: Saving fullchain.pem
[2018-03-23 17:54:46] LEScript.INFO: Saving cert.pem
[2018-03-23 17:54:46] LEScript.INFO: Saving chain.pem
[2018-03-23 17:54:46] LEScript.INFO: Done !!§§!

    So thank you guys.

  10. Log in to comment
Assignee
Type
task
Priority
minor
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!