LE certificate issuing

Comments (14)

1. 

   Scott MacDonald

   Are you using version 2.0.8?

   • 2018-06-17T13:56:55+00:00
2. 

   Julius Eskola

   I'm not sure about the version, how do i check that? My image is the one that was latest a few months ago, i think.

   • 2018-06-17T15:35:09+00:00
3. 

   Scott MacDonald

   Just do a "sudo docker images" at your server's prompt and the tag will give you the version. Having said that, being your image is a month or so old.. it would be a good idea to update the image and stop and remove your container and run a new container from the latest image. (Version 2.0.8)

   • 2018-06-17T15:43:35+00:00
4. 

   Julius Eskola

   Now updated the image to version 2.0.8, i tried to renew the certificate. It doesn't inform me of any errors, just stops after the "token saved" message, i tried to reboot with no success. Should i remove the old certificate manually?

   • 2018-06-17T16:42:44+00:00
5. 

   Scott MacDonald

   Yes. Stop and remove your container. You can find and delete the LE cert account folder from your "data" folder. Then start up again.

   • 2018-06-17T17:03:53+00:00
6. 

   Julius Eskola

   Seems it for some reason cannot change the certificate that is in the ssl folder, i mean, i tried to delete everything and finally got the self-signed cert, but script would not replace it with the LE cert.

   • 2018-06-17T18:36:13+00:00
7. 

   Julius Eskola

   It completely fails to fetch the certificate, as i now reattempted, i checked the files and no new ones except _account was generated.

   • 2018-06-17T18:42:05+00:00
8. 

   Scott MacDonald

   You do have a properly configured DNS hostname? Meaning, if you PING the FQDN of your mail server it responds with the public IP address that your mail server uses?

   • 2018-06-17T18:57:53+00:00
9. 

   Julius Eskola

   Yes, sure. I've thought about permissions, is the ssl folder supposed to be owned by root? Docker created it as such.

   • 2018-06-17T19:02:21+00:00
10. 

    Scott MacDonald

    Yes, root will own the SSL folder, but then "mail" should own the folders created within.. There should be a "_account" and then a folder for your FQDN ("mail.myserver.ext").

    • 2018-06-17T19:09:42+00:00
11. 

    Julius Eskola

    I figured it out. My firewall was blocking it somehow, i was thinking that docker could bypass it as it does with mail etc. I should have tried disabling it before, i'm sorry that i wasted your time.

    • 2018-06-17T19:10:35+00:00
12. 

    Scott MacDonald

    Ha.. ufw?

    Been there, sorry I should have noticed -- lets-encrypt-certificate-error-existing

    • 2018-06-17T19:21:15+00:00
13. 

    Scott MacDonald

    This issue can be closed. This is a known issue with Poste.io and LE certs - that ports 80 and 443 must be opened thru any inbound firewall (software or hardware) otherwise the docker container is prevented from "looping back" on itself and thus fails in checking itself to see that the token is available.

    • 2018-06-20T13:46:45+00:00
14. 

    SH repo owner

    • changed status to resolved

    New version have LE token exchange test which should test non-redirected, non-blocked port 80 (ACME requirement)

    • 2018-07-11T08:38:12+00:00
15. Log in to comment