letsencrypt-siteextension
letsencrypt-siteextension copied to clipboard
sjkp
The Lets Encrypt ACME server was probably unable to reach
Hi @sjkp
Firstly thanks for such a great service and tool. So appreciate it.
We are running into the "The Lets Encrypt ACME server was probably unable to reach" issue on the renewal job. I know why it is, because letsencrypt is trying to reach our server on HTTP but obviously we already have a valid certificate on there which means HTTP is not available.
We have a load-balanced setup on parserr dot com and api dot parserr dot com. How do we allow this job to run successfully to update certificates?
If you want to use HTTP acknowledge flow, you have to allow http access to the /.well-known/acme-challenge path. So you could make a rule that allows that. Otherwise you can use DNS acknowledge but then you shouldn't be using the site-extension but instead https://github.com/sjkp/letsencrypt-azure.
To deal with the load balanced nature, you have to configure a blob storage account that can contain the challenge file, so that it can be availalbe from all load balanced web sites. You can read a bit about it here, how to set it up depends on your which framework you are using https://github.com/sjkp/letsencrypt-siteextension/wiki/Azure-Function,-Multi-Region,-Local-Cache-support (the load balanced complexity is also removed if you use a dns challenge)
