auto-ssl
The requested URL returned error: 500 Internal Server Error
Hi,
I can't get ssl work. The issue seems to be with reachability of the internal server at 127.0.0.1:8999. Below is the error logs:
2019/04/17 16:22:15 [error] 17#17: *8 [lua] hook.lua:15: server(): auto-ssl: failed to parse POST args: request body in temp file not supported, client: 127.0.0.1, server: , request: "POST /deploy-challenge HTTP/1.1", host: "127.0.0.1:8999" {"remote_addr":"127.0.0.1","remote_user":"","time_local":"17/Apr/2019:16:22:15 +0000","request_time":"0.000","request_body_file":"/usr/local/openresty/nginx/client_body_temp/0000000001","request":"POST /deploy-challenge HTTP/1.1","status":"500","body_bytes_sent":"186","req_hdr":"","resp_hdr":"","upstream_addr":"","upstream_header_time":"","upstream_connect_time":"","upstream_response_time":"","resp_body":""} 2019/04/17 16:22:15 [error] 17#17: *6 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=234d7c5695b45b2fd0b91ae761fddc9fcf982f8cff1fe0d913fb95ed5a070865 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain venfour.dydx.io --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
- Generating account key...
- Registering account key with ACME server... Processing venfour.dydx.io
- Signing domains...
- Creating new directory /etc/resty-auto-ssl/letsencrypt/certs/venfour.dydx.io ...
- Creating chain cache directory /etc/resty-auto-ssl/letsencrypt/chains
- Generating private key...
- Generating signing request...
- Requesting authorization for venfour.dydx.io...
- 1 pending challenge(s)
- Deploying challenge tokens... err: curl: (22) The requested URL returned error: 500 Internal Server Error hook request (deploy_challenge) failed , context: ssl_certificate_by_lua*, client: 10.60.1.1, server: 0.0.0.0:443 2019/04/17 16:22:15 [error] 17#17: 6 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua, client: 10.60.1.1, server: 0.0.0.0:443
And here's my Docker file:
FROM openresty/openresty:bionic
ARG USER=www-data ARG GROUP=www-data
RUN mkdir -p /etc/letsencrypt &&
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509
-subj '/CN=sni-support-required-for-valid-ssl'
-keyout /etc/ssl/resty-auto-ssl-fallback.key
-out /etc/ssl/resty-auto-ssl-fallback.crt
RUN luarocks install lua-resty-auto-ssl &&
mkdir /etc/resty-auto-ssl/ &&
chown -R $USER:$GROUP /etc/resty-auto-ssl/
RUN rm -f /usr/local/openresty/nginx/conf/*
RUN mkdir -p /var/log/nginx &&
touch /var/log/nginx/access.log &&
touch /var/log/nginx/error.log
RUN ln -sf /dev/stdout /var/log/nginx/access.log &&
ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80 EXPOSE 443
COPY ./configs /usr/local/openresty/nginx/conf
CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]
What am I missing?
@fewzee: Based on the failed to parse POST args: request body in temp file not supported in your error logs, are you perhaps missing the client_body_buffer_size and client_max_body_size settings? From https://github.com/GUI/lua-resty-auto-ssl#installation make sure your hook server has these settings set:
# Internal server running on port 8999 for handling certificate tasks.
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
If you do have those settings set, please post your nginx config, and we can debug further.
