1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

Let's Encrypt "simple self check" fails behind reverse proxy

Issue #835 new
Serrano Pereira created an issue

I run the mail server behind nginx-proxy and I found that the simple self check (Lescript.php line 150) fails when you’re behind a reverse proxy. Because the self-check fails, LE certificates are never issued. I had to comment out the self-check in order to be able to get LE certificates. I’d like to request an option for disabling the self-check altogether.

Comments (6)

  2. AMDG per Mariam

    Did you resolve this issue? Were you able to have the LE certificates issued. I am having a similar problem using poste.io over Caprover. Please let me know. Thanks in advance. Ciao!

  4. AMDG per Mariam

    I have only very little experience coding and zero with github. That is why I ended up using caprover and their poste.io one-click app installation. (Obviously Caprover can also do advanced stuff). Would you mind explaining if you have some time in a step by step manner? (I might be asking too much). Should I just replace the lescript.php file from poste.io docker with the one that you made? Is that all I have to do? Thank you

  5. Serrano Pereira reporter

    You can try the following.

    Create a Dockerfile:

    FROM analogic/poste.io

# Disable the simple self check for LE certificate renewal.
WORKDIR /opt/admin/vendor/analogic/lescript/
COPY Lescript.php.patch .
RUN patch Lescript.php Lescript.php.patch

    Create a patch file Lescript.php.patch:

    151,153c151,153
<             if ($payload !== trim(@file_get_contents($uri))) {
<                 throw new RuntimeException("Please check $uri - token not available");
<             }
---
>             //if ($payload !== trim(@file_get_contents($uri))) {
>             //    throw new RuntimeException("Please check $uri - token not available");
>             //}

    Build and run the image:

    docker build -f Dockerfile -t mail-server .
docker run -d mail-server

  6. Serrano Pereira reporter

    Simply replacing the Lescript.php should work as well, but you will lose that change every time you rebuild your Docker container. The above solution should work better, as it will update the script as part of the Docker image build process.

  7. Log in to comment
Assignee
Type
bug
Priority
minor
Status
new
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!