Let's Encrypt certificates not renewing
Issue #815
closed
After struggling to get poste.io to generate Let’s Encrypt certificates I’ve encountered a new error (hint: if the container cannot resolve the common / alternative names it gives an error about the acme challenge not being accessible. It means not accessible locally, it hasn’t tried LE yet.).
After the certificates are renewed, the system continues to use the old ones.
Comments (3)
-
repo owner
-
repo owner
- changed status to closed
-
reporter
Externally the DNS resolves correctly, which is how Let’s Encrypt issues certificates. But the Docker DNS server wasn’t resolving correctly.
But there are actually two separate issues here. 1) was the misconfigured internal DNS causing the script to halt unnecessarily. Let’s encrypt can still issue certificates as long as names resolve correctly externally… it doesn’t matter if the container’s resolution is messed up.
And 2) upon renewal it continues to use the old certificates and doesn’t switch to the new one.
- Log in to comment
Hello,
“if the container cannot resolve the common / alternative names it gives”… seems strange to me. Let’s encrypt certificates must have resolvable domains. It’s not gonna work otherwise.