Git Product home page Git Product logo

Comments (11)

josegonzalez avatar josegonzalez commented on May 24, 2024

Can you upgrade to the latest version of Dokku? Also, is this app using a custom nginx.conf.sigil? It seems there was a 503 in attempting to get a certificate, which implies there might be some other error here (usually it would be a 404 or similar).

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

I try to update, however, even using Debian version 11.6, it returns that it was not possible to update.

ifms@srv-na ~> apt list --upgradable
Listing... Done
dokku/bullseye 0.30.2 amd64 [upgradable from: 0.27.10]
N: There are 38 additional versions. Please use the '-a' switch to see them.

Return

ifms@srv-na ~ [100]> sudo dokku-update run
-----> Updating Dokku
E: Unable to correct problems, you have held broken packages.

from dokku-letsencrypt.

josegonzalez avatar josegonzalez commented on May 24, 2024

Mind running:

apt install dokku

That should hopefully output a bit more about what packages are broken on your system.

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

I updated dokku to 0.30.2 using this issue #5711. But, the error persist.

=====> Enabling letsencrypt for sigoe
-----> Enabling ACME proxy for sigoe...
       Reloading nginx: nginx.
-----> Getting letsencrypt certificate for sigoe via HTTP-01
        - Domain 'sigoe.na.ifms.edu.br'
2023/04/11 17:19:52 [INFO] [sigoe.na.ifms.edu.br] acme: Obtaining bundled SAN certificate
2023/04/11 17:19:53 [INFO] [sigoe.na.ifms.edu.br] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/218595747697
2023/04/11 17:19:53 [INFO] [sigoe.na.ifms.edu.br] acme: Could not find solver for: tls-alpn-01
2023/04/11 17:19:53 [INFO] [sigoe.na.ifms.edu.br] acme: use http-01 solver
2023/04/11 17:19:53 [INFO] [sigoe.na.ifms.edu.br] acme: Trying to solve HTTP-01
2023/04/11 17:19:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/218595747697
2023/04/11 17:19:57 Could not obtain certificates:
	error: one or more domains had a problem:
[sigoe.na.ifms.edu.br] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 200.19.32.67: Invalid response from http://sigoe.na.ifms.edu.br/.well-known/acme-challenge/XPFpRR6sjrcE2UI_ewpF1gjB2SAAH0aYw4IMcv9BryA: 503
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for sigoe...
       Reloading nginx: nginx.
 !     Failed to setup letsencrypt
 !     Check log output for further information on failure

from dokku-letsencrypt.

josegonzalez avatar josegonzalez commented on May 24, 2024

What happens when you run:

# validate
sudo nginx -t

# reload
sudo service nginx reload ; echo $?

# restart (only if the config is valid and a reload returns 1
sudo service nginx restart

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

Result

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# sudo service nginx reload ; echo $?
Reloading nginx: nginx.
0

I don't have the .weel-know directory. However, even before not having it, the certificate was generated without errors

from dokku-letsencrypt.

josegonzalez avatar josegonzalez commented on May 24, 2024

Can you restart nginx as well? Once you do that, retry the letsencrypt setup.

You might hit rate limits, so it may be best to switch the server to the staging one while you debug this issue.

Random question: is this dokku server behind a load balancer or cloudflare or something?

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

Same error 😒

=====> Enabling letsencrypt for sigoe
-----> Enabling ACME proxy for sigoe...
       Reloading nginx: nginx.
-----> Getting letsencrypt certificate for sigoe via HTTP-01
        - Domain 'sigoe.na.ifms.edu.br'
2023/04/12 00:46:27 No key found for account [email protected]. Generating a P256 key.
2023/04/12 00:46:27 Saved key to /certs/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2023/04/12 00:46:27 [INFO] acme: Registering account for [email protected]
2023/04/12 00:46:28 [INFO] [sigoe.na.ifms.edu.br] acme: Obtaining bundled SAN certificate
       !!!! HEADS UP !!!!

       Your account credentials have been saved in your Let's Encrypt
       configuration directory at "/certs/accounts".

       You should make a secure backup of this folder now. This
       configuration directory will also contain certificates and
       private keys obtained from Let's Encrypt so making regular
       backups of this folder is ideal.
2023/04/12 00:46:28 [INFO] [sigoe.na.ifms.edu.br] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6086569214
2023/04/12 00:46:28 [INFO] [sigoe.na.ifms.edu.br] acme: Could not find solver for: tls-alpn-01
2023/04/12 00:46:28 [INFO] [sigoe.na.ifms.edu.br] acme: use http-01 solver
2023/04/12 00:46:28 [INFO] [sigoe.na.ifms.edu.br] acme: Trying to solve HTTP-01
2023/04/12 00:46:32 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6086569214
2023/04/12 00:46:32 Could not obtain certificates:
	error: one or more domains had a problem:
[sigoe.na.ifms.edu.br] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 200.19.32.67: Invalid response from http://sigoe.na.ifms.edu.br/.well-known/acme-challenge/WLPr_2RjRWpTeHEXaXTRNwirNSMBG8Vx5pwiG3iAmDM: 503
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for sigoe...
       Reloading nginx: nginx.
 !     Failed to setup letsencrypt
 !     Check log output for further information on failure

I'm not using anything other than Dokku and IP targeting

from dokku-letsencrypt.

josegonzalez avatar josegonzalez commented on May 24, 2024

Do you mind jumping on our Slack or Discord? I feel like this is the sort of thing we might need to debug together.

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

πŸ‘πŸΌ

from dokku-letsencrypt.

luizpicolo avatar luizpicolo commented on May 24, 2024

Dear, I just added the certificate manually. I believe it's really a blockade, and because I don't have access to the release, the manual certificate was the most correct choice. Close this.

from dokku-letsencrypt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.