Let's Encrypt "simple self check" fails behind reverse proxy
I run the mail server behind nginx-proxy and I found that the simple self check (Lescript.php line 150) fails when you’re behind a reverse proxy. Because the self-check fails, LE certificates are never issued. I had to comment out the self-check in order to be able to get LE certificates. I’d like to request an option for disabling the self-check altogether.
Comments (6)
-
reporter -
Did you resolve this issue? Were you able to have the LE certificates issued. I am having a similar problem using poste.io over Caprover. Please let me know. Thanks in advance. Ciao!
-
reporter I have a simple solution. See my pull request.
-
I have only very little experience coding and zero with github. That is why I ended up using caprover and their poste.io one-click app installation. (Obviously Caprover can also do advanced stuff). Would you mind explaining if you have some time in a step by step manner? (I might be asking too much). Should I just replace the lescript.php file from poste.io docker with the one that you made? Is that all I have to do? Thank you
-
reporter You can try the following.
Create a Dockerfile:
FROM analogic/poste.io # Disable the simple self check for LE certificate renewal. WORKDIR /opt/admin/vendor/analogic/lescript/ COPY Lescript.php.patch . RUN patch Lescript.php Lescript.php.patch
Create a patch file Lescript.php.patch:
151,153c151,153 < if ($payload !== trim(@file_get_contents($uri))) { < throw new RuntimeException("Please check $uri - token not available"); < } --- > //if ($payload !== trim(@file_get_contents($uri))) { > // throw new RuntimeException("Please check $uri - token not available"); > //}
Build and run the image:
docker build -f Dockerfile -t mail-server . docker run -d mail-server
-
reporter Simply replacing the
Lescript.php
should work as well, but you will lose that change every time you rebuild your Docker container. The above solution should work better, as it will update the script as part of the Docker image build process. - Log in to comment
I created a pull request:
https://github.com/analogic/lescript/pull/42