Comments (20)
Hi @piranha and sorry about the trouble - I've been swamped with work and was not able to upgrade dokku to 0.5.3 on my development server. Please check out #38 and #40 - after updating the plugin, things should work better now!
from dokku-letsencrypt.
So #40 actually fixes problem with DOMAINS
, but it's still not working for me... Not even sure that's dokku-letsencrypt problem rather than this simp_le docker image it uses. :\
For the record, dokku certs myapp
just prints quite a bit of errors. :)
from dokku-letsencrypt.
Please check out the discussion in #43 and let me know if 15d4a7f fixes your problems!
What errors does dokku certs myapp
give you (that is not a valid command on my installation - Did you mean dokku cert:info myapp
)?
from dokku-letsencrypt.
So my certs information is:
~> dokku certs:info solovyov.net
-----> Fetching SSL Endpoint info for solovyov.net...
-----> Certificate details:
=====> Common Name(s):
Error opening Certificate /home/dokku/solovyov.net/tls/server.crt
140369229256352:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/dokku/solovyov.net/tls/server.crt','r')
140369229256352:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
That fix doesn't really help, because somehow darkhttpd is not serving .well-known
(if I enable trace, it complains about that file under .well-known
being 404).
~> dokku letsencrypt solovyov.net
=====> Let's Encrypt solovyov.net...
-----> Updating letsencrypt docker image...
latest: Pulling from m3adow/letsencrypt-simp_le
420890c9e918: Already exists
acbaf1e6012f: Already exists
5f71a1a2d3dc: Already exists
Digest: sha256:be1d7aca214d5277af18d7bf75a2bc78afa5a1eabf98aaa8a606c4ca2a7fdeb5
Status: Image is up to date for m3adow/letsencrypt-simp_le:latest
done
-----> Enabling ACME proxy for solovyov.net...
-----> Getting letsencrypt certificate for solovyov.net...
- Domain 'solovyov.net'
darkhttpd/1.11, copyright (c) 2003-2015 Emil Mikulic.
listening on: http://0.0.0.0:80/
2016-04-06 14:12:00,789:INFO:__main__:1202: Generating new account key
2016-04-06 14:12:01,081:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:01,571:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:01,817:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:02,359:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): letsencrypt.org
2016-04-06 14:12:03,156:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:03,475:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:03,782:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): solovyov.net
2016-04-06 14:12:03,832:WARNING:__main__:1292: solovyov.net was not successfully self-verified. CA is likely to fail as well!
2016-04-06 14:12:03,856:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:04,111:INFO:__main__:1302: Generating new certificate private key
2016-04-06 14:12:04,877:INFO:requests.packages.urllib3.connectionpool:758: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-06 14:12:05,111:ERROR:__main__:1260: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/2T5UNw26qk_DiKcuElp5Lav3T5bXJ2VQ64k7nd9nvRU
from dokku-letsencrypt.
Your two logs in the last comment seem to point to two separate issues.
-
The file that cannot be found should be a symbolic link to
/home/dokku/solovyov.net/letsencrypt/certs/current/fullchain.pem
with/home/dokku/solovyov.net/letsencrypt/certs/current
being a symlink to a folder of the format/home/dokku/solovyov.net/letsencrypt/certs/current/[SHA-1 hash]
. Can you tell me the output ofls -l /home/dokku/solovyov.net/tls/server.crt
? What happens if you dodokku certs:remove solovyov.net
and then re-rundokku letsencrypt solovyov.net
? -
Is
http://solovyov.net
one of the URLs that your dokku app is currently served under? You can check this by runningdokku urls solovyov.net
. You can also check the nginx config file under/home/dokku/solovyov.net/nginx.conf
and that the reverse proxy config for the let's encrypt plugin at/home/dokku/solovyov.net/nginx.conf.d/letsencrypt.conf
is created during the letsencrypt process.
It would also be helpful if you can enable the trace mode for dokku and post a gist of the whole dokku letsencrypt
run.
from dokku-letsencrypt.
letsencrypt.conf
does indeed appear in nginx.conf.d
, but running nginx -t
says:
nginx: [emerg] "location" directive is not allowed here in /home/dokku/solovyov.net/nginx.conf.d/letsencrypt.conf:1
So I guess that's the problem! :)
from dokku-letsencrypt.
Ok, so in my main nginx.conf
for solovyov.net
I had include .../nginx.conf.d/*.conf
right after the server rather than inside of it.
That seems like a new addition in dokku 0.5?
from dokku-letsencrypt.
I had the same problem :) There was a bug in dokku 0.5.3 that is fixed in 0.5.4 -- try upgrading and let's see what will happen then
from dokku-letsencrypt.
Heh, didn't notice 0.5.4 was out already! One moment...
from dokku-letsencrypt.
Maybe it's worth it adding nginx -t
in nginx_reload
function? Just to check it's ok? :)
from dokku-letsencrypt.
Cool, it works now! Thank you!
from dokku-letsencrypt.
Glad to hear it works 👍 ! One of the refactors I want to do is to remove the nginx reloading code from the plugin and use the official functions instead. These also contain a validation function.
from dokku-letsencrypt.
Not sure what's next: I've received certificates but it's still not listening to port 443. I think last time I've installed it happened automatically, and I'm unsure what to do now. :)
from dokku-letsencrypt.
Are you doing a Heroku-style deploy or a Dockerfile deploy? Does dokku urls solovyov.net
contain another port number?
from dokku-letsencrypt.
Dockerfile deploy, it does not contain another port number.
from dokku-letsencrypt.
I'm having similar problems with a piwik Dockerfile deploy since upgrading to 0.5 and haven't figured out what to do about this yet. I'd be very glad to exchange notes on the debugging though!
For me, the nginx upstream in ~dokku/myapp/nginx.conf
does not have the correct port for the Dockerfile detected. If I manually add a port by doing dokku config:set DOKKU_DOCKERFILE_PORTS=xxxx
, that port gets added both to the upstream and the listen port of the nginx server 😞 . Curiously I also have a Ghost blog deployed as a Dockerfile that works OK and I can't make out a difference between how the two are set up.
from dokku-letsencrypt.
I forgot to ask, do you get a certificate in dokku certs:info solovyov.net
? Does dokku urls solovyov.net
show a HTTPS URL?
from dokku-letsencrypt.
I do get certificate, but there is no https url in dokku urls
.
from dokku-letsencrypt.
I see this during running letsencrypt:
-----> Certificate retrieved successfully.
-----> Symlinking let's encrypt certificates
-----> Configuring solovyov.net...(using built-in template)
-----> Creating https nginx.conf
-----> Running nginx-pre-reload
Reloading nginx
What's this built-in template?
from dokku-letsencrypt.
The built-in template means that you haven't provided an app-specific nginx configuration template so the templates in /var/lib/dokku/plugins/available/nginx-vhosts/templates
will be used.
For reference, here is the code deciding the app URLs - there might be a problem there that explains why SSL doesn't get enabled.
from dokku-letsencrypt.
Related Issues (20)
- Is it possible to use a DNS-01 challenge for a non-wildcard domain? HOT 1
- Renewal fails with "Letsencrypt not enabled for app" HOT 10
- Error enable or update SSL HOT 11
- letsencrypt:report doesn’t show the dns-provider-* options
- Broken as of dokku 0.30.0 HOT 4
- Skip domain `_` (Nginx default domain name)
- Cloudflare DNS-01 howto HOT 2
- letsencrypt:cron-job --add does not add cronjob HOT 1
- Invalid response from acme-challenge HOT 16
- Cloudflare DNS: Failed to find zone HOT 1
- Can't Renew Ceritificate, returns Error: manifest for dokku/letsencrypt:0.1.0 not found: HOT 4
- Can't Renew SSL using dokku-letsencrypt: Manifest Unkown HOT 7
- set email for app is not possible HOT 1
- letsencrypt/internal-functions: line 84: syntax error near unexpected token `fi' HOT 6
- Running on old dokku installation HOT 1
- Unable to set email address HOT 2
- feature: Make it possible to enable letsencrypt by default HOT 1
- get_available_port: command not found HOT 1
- Wildcard SSL and Non-wildcard SSL for the same Dokku app HOT 1
- Certs will expire before renewal HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dokku-letsencrypt.