Let's Encrypt errors with Caprover
Issue #749
new
From the API log:
[2020-04-04 20:44:05] LEScript.INFO: Getting list of URLs for API
[2020-04-04 20:44:05] LEScript.INFO: Requesting new nonce for client communication
[2020-04-04 20:44:06] LEScript.INFO: Account already registered. Continuing.
[2020-04-04 20:44:06] LEScript.INFO: Sending registration to letsencrypt server
[2020-04-04 20:44:06] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
[2020-04-04 20:44:06] LEScript.INFO: Account: https://acme-v02.api.letsencrypt.org/acme/acct/76518002
[2020-04-04 20:44:06] LEScript.INFO: Starting certificate generation process for domains
[2020-04-04 20:44:06] LEScript.INFO: Requesting challenge for mail.nextblu.com, mailserver.nextblu.com
[2020-04-04 20:44:06] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
[2020-04-04 20:44:08] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3667867210
[2020-04-04 20:44:09] LEScript.INFO: Got challenge token for mail.nextblu.com
[2020-04-04 20:44:09] LEScript.INFO: Token for mail.nextblu.com saved at /opt/www//.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis and should be available at http://mail.nextblu.com/.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis
[2020-04-04 20:44:09] LEScript.ERROR: Please check http://mail.nextblu.com/.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis - token not available
[2020-04-04 20:44:09] LEScript.ERROR: #0 /opt/admin/src/AppBundle/Handler/LeHandler.php(62): Analogic\ACME\Lescript->signDomains(Array)
[2020-04-04 20:44:09] LEScript.ERROR: #1 /opt/admin/src/AppBundle/Controller/LeController.php(71): AppBundle\Handler\LeHandler->renew(true)
[2020-04-04 20:44:09] LEScript.ERROR: #2 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(151): AppBundle\Controller\LeController->issueAction(Object(Symfony\Component\HttpFoundation\Request))
[2020-04-04 20:44:09] LEScript.ERROR: #3 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
[2020-04-04 20:44:09] LEScript.ERROR: #4 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(200): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
[2020-04-04 20:44:09] LEScript.ERROR: #5 /opt/admin/web/app.php(16): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
[2020-04-04 20:44:09] LEScript.ERROR: #6 {main}
From the mail error message:
There was error when issuing new Let's encrypt certificate
[2020-04-04 20:44:05] LEScript.INFO: Getting list of URLs for API
[2020-04-04 20:44:05] LEScript.INFO: Requesting new nonce for client communication
[2020-04-04 20:44:06] LEScript.INFO: Account already registered. Continuing.
[2020-04-04 20:44:06] LEScript.INFO: Sending registration to letsencrypt server
[2020-04-04 20:44:06] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
[2020-04-04 20:44:06] LEScript.INFO: Account: https://acme-v02.api.letsencrypt.org/acme/acct/76518002
[2020-04-04 20:44:06] LEScript.INFO: Starting certificate generation process for domains
[2020-04-04 20:44:06] LEScript.INFO: Requesting challenge for mail.nextblu.com, mailserver.nextblu.com
[2020-04-04 20:44:06] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
[2020-04-04 20:44:08] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3667867210
[2020-04-04 20:44:09] LEScript.INFO: Got challenge token for mail.nextblu.com
[2020-04-04 20:44:09] LEScript.INFO: Token for mail.nextblu.com saved at /opt/www//.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis and should be available at http://mail.nextblu.com/.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis
[2020-04-04 20:44:09] LEScript.ERROR: Please check http://mail.nextblu.com/.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis - token not available
[2020-04-04 20:44:09] LEScript.ERROR: #0 /opt/admin/src/AppBundle/Handler/LeHandler.php(62): Analogic\ACME\Lescript->signDomains(Array)
[2020-04-04 20:44:09] LEScript.ERROR: #1 /opt/admin/src/AppBundle/Controller/LeController.php(71): AppBundle\Handler\LeHandler->renew(true)
[2020-04-04 20:44:09] LEScript.ERROR: #2 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(151): AppBundle\Controller\LeController->issueAction(Object(Symfony\Component\HttpFoundation\Request))
[2020-04-04 20:44:09] LEScript.ERROR: #3 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
[2020-04-04 20:44:09] LEScript.ERROR: #4 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(200): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
[2020-04-04 20:44:09] LEScript.ERROR: #5 /opt/admin/web/app.php(16): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
[2020-04-04 20:44:09] LEScript.ERROR: #6 {main}
Feel free to contact me if you need more informations: mattia[AT]nextblu.com or mattiafailla@hotmail.it
Comments (3)
-
-
Also having this issue due to HSTS - tbh turning HSTS off is not a sensible work around. Further ACME client options should be exposed to allow for alternate methods of certificate generation or a config file to change the desired certificate to user via the file system (i.e. I have a letsencrypt docker with a working certificate I have volume mounted to Poste - but there is no way to specify to use the certs from the file system.)
-
This error may also be caused by the container not being able to resolve its own hostname. I.e. this line:
Please check http://mail.nextblu.com/.well-known/acme-challenge/LhOoRQFo0dSV4ysgSWzHeZrjO9JqkSjNH69kfDQNhis - token not availableis saying the container cannot access the token. It is not saying LE threw an error when looking for the token. I was able to get certificates issued by adding --add-host=mail.domain.tld:ipaddress to my launch parameters.
Now however I cannot get poste.io to change to the new certificates. It seems to be stuck using the old ones.
- Log in to comment
same here. letsencrypt certificate expired and there is no option to force renew it. restarting the container doesn’t help
EDIT: my poste.io container is behind the host’s nginx webserver. the host’s SSL is a call to the internal container’s letsencrypt SSL file. for this to work and renew, make sure you disable HSTS if using cloudflare, because you won't be able to serve HTTP requests otherwise. letsencrypt renewal by poste.io is using the .well-known page and this requires being able to serve HTTP requests. add a location in the host’s nginx configuration to proxypass requests for /.well-known/ folder directly to the container’s port 5080 and disable HSTS if you activated it, and you will be good.