nginx-certbot
nginx-certbot copied to clipboard
wmnnd
Some challenges have failed / SSL routines:SSL_CTX_use_certificate:ee key too small / nginx 1.19
I could not get the script to work with NGINX 1.19.1 Always received an error like this:
Requesting Let's Encrypt certificate for mydomain.tld ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for mydomain.tld Using the webroot path /var/www/certbot for all unmatched domains. Waiting for verification... Challenge failed for domain mydomain.tld http-01 challenge for mydomain.tld Cleaning up challenges Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: mydomain.tld Type: connection Detail: Fetching http://mydomain.tld/.well-known/acme-challenge/randomstringXKHJKAHKHJ: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Reloading nginx ...
ERROR: No container found for nginx_1
So I checked the NGINX Error Log and found this
ERROR: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
The Solution for me was to enlarge the "dummy" key, therefore I changed the line:
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
to this
openssl req -x509 -nodes -newkey rsa:4096 -days 1\
Maybe this will also Help someone else 👋
Had the same problem. First thought was that DNS isn't quite updated yet (but I got an other error before this one). Thanks for the solution. It worked for me.
In case this helps anyone passing through -- I fixed this bug by adding the AAAA DNS record (IPv6) and editing the docker-compose commands inside init-letsencrypt.sh to use sudo. Apparently, nginx had been running into issues accessing the contents within the ssl cert file.
In case this helps anyone passing through -- I fixed this bug by adding the AAAA DNS record (IPv6) and editing the docker-compose commands inside init-letsencrypt.sh to use sudo. Apparently, nginx had been running into issues accessing the contents within the ssl cert file.
It is rarely a good idea to have sudo inside scripts. Instead, remove the sudo from the script and run the script itself with sudo (like stated in the guidelines)
