matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

Problem getting Lets Encrypt certificates to be created

Open keda82 opened this issue 3 years ago • 1 comments

Selfsigned certificates works but not "public" Lets encrypt certificates. My guess is that my DNS/Domainprovider(Loopia) requires authentication via API to allow for generation of certificates. Is it possible to add this to the config somewhere? Or can I do it manually?

  • My domainname resolves to the correct external IP
  • Running this on a Virtualbox image with bridged network
  • Port 80,443 and 8080 is opened in FW and forwarded to bridged network adress (virtual box)
  • When I ran selfsigned certificates I was able to get resolve the matrix.domain.name and element.domain.name

TASK [matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (directly)] ******************************************************************************************************************************

fatal: [matrix.domain.name]: FAILED! => changed=true cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=997:1001 --cap-drop=ALL -p 80:8080 --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.21.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080 --standalone --preferred-challenges http --agree-tos [email protected] -d matrix.domain.name delta: '0:00:36.708705' end: '2022-01-04 17:09:28.625200' msg: non-zero return code rc: 1 start: '2022-01-04 17:08:51.916495' stderr: |- Saving debug log to /var/log/letsencrypt/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. stderr_lines: stdout: |- Requesting a certificate for matrix.domain.name

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: matrix.domain.name
  Type:   dns
  Detail: DNS problem: query timed out looking up CAA for matrix.domain.name

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 8080. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

stdout_lines: ...ignoring

keda82 avatar Jan 04 '22 17:01 keda82

I have noticed that my host OS(ubuntu) is on 192.x.x.x and I have port forwarded 80 and 443 to the host adress. Could the issue be that 192.x.x.x:80 is not forwarded to 172.x.x.x(docker container)?

keda82 avatar Jan 04 '22 19:01 keda82