Unable to establish HTTPS on root domain and other pointed domains.

[Coppertine]

IMPORTANT: This is a bug report. If you are having problem with deploying a particular app use the deployment issue type.

---

What is the problem?

• Unable to enable HTTPS on captain instance.
• One-click applications are never loaded.

I had issues trying to setup caprover for two instances (a javalin application and Wekan, both using ngnix reverse proxy).
I tried using both cli and website setup to establish the domain, but only worked when I included the "skipVerifyingDomains" json value into a spesific json file.

Here is the log file from the docker from the enable https function.
Error Message

Also, when I tried to add in the one-click application of ngnix, the only app that appeared was the template. So I had to use the template to paste in the yml info of ngnix reverse proxy to be able to create the application.

If applicable, content of captain-definition file:
(would be be default, never changed)

Steps to reproduce the problem:

Follow getting started guide. With the exception of adding:
echo "{\"skipVerifyingDomains\":\"true\"}" > /captain/data/config-override.json before using caprover serversetup
(DNS was set correctly, it never was able to verify the domain).
(CLI will appear with

and password got reset to default. So had to use the web interface to "try to enable https").

Answers to the following questions where applicable:

• Your OS and version? CentOS 7
• RAM? 2GB
  Currently using OVH as my VPS with domain being hosted on OVH.

[githubsaturn]

You should only use skipVerifyingDomains if you're 100% sure that there is no issue with your DNS and it's just CapRover that fails to verify the domain. This happens when CapRover fails to call itself, but other external services can call CapRover without any issues. A common reason for this is some sort of loopback network rescriction.

But in your case, it looks like there is a real issue with your domain verification. Even LetsEncrypt's servers aren't able to verify your domain. From the logs you've attached:

captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | October 18th 2020, 11:50:00.319 am    executeCommand Container: captain-certbot certbot register --email coppertine@bteoce.com --agree-tos --no-eff-email --non-interactive
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | October 18th 2020, 11:50:07.036 am    Error: Unexpected output when registering with ACME Certbot
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |  Saving debug log to /var/log/letsencrypt/letsencrypt.log
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | An unexpected error occurred:
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fb393beb940>: Failed to establish a new connection: [Errno -3] Try again'))
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | Please see the logfiles in /var/log/letsencrypt for more details.
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | Error: Unexpected output when registering with ACME Certbot
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |  Saving debug log to /var/log/letsencrypt/letsencrypt.log
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | An unexpected error occurred:
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fb393beb940>: Failed to establish a new connection: [Errno -3] Try again'))
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | Please see the logfiles in /var/log/letsencrypt for more details.
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |     at /usr/src/app/built/user/system/CertbotManager.js:97:19
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |     at runMicrotasks (<anonymous>)
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    |     at processTicksAndRejections (internal/process/task_queues.js:93:5)
captain-captain.1.ussjyhk7e14b@vps-cb215f63.vps.ovh.ca    | POST /api/v2/user/system/enablessl 500 6724.958 ms - 21

[githubsaturn]

Maybe there is a firewall blocking outgoing connections, maybe there is a network issue....

Regardless, this is a real issue that needs to be resolved and cannot be bypassed.

To test, you can manually shell into your container, and try to run:

# replace root.domain.com
curl -v http://captain.root.domain.com 

and see what the response is.

[Coppertine]

You should only use skipVerifyingDomains if you're 100% sure that there is no issue with your DNS and it's just CapRover that fails to verify the domain. This happens when CapRover fails to call itself, but other external services can call CapRover without any issues. A common reason for this is some sort of loopback network rescriction.

For which I knew there was no issue with the DNS connection between both the domain and VPS.

Also responce is below:

* Rebuilt URL to: http://captain.local.bteoce.com/
*   Trying 139.99.195.31...
* TCP_NODELAY set
* Connected to captain.local.bteoce.com (139.99.195.31) port 80 (#0)
> GET / HTTP/1.1
> Host: captain.local.bteoce.com
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 18 Oct 2020 14:58:39 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 2289
< Connection: keep-alive
< X-Powered-By: Express
< Accept-Ranges: bytes
< Cache-Control: public, max-age=0
< Last-Modified: Sun, 16 Aug 2020 18:12:54 GMT
< ETag: W/"8f1-173f8796c70"
<
<!doctype html><html lang="en"><head><meta charset="utf-8"><link rel="shortcut icon" href="/favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#1b8ad3"><link rel="manifest" href="/manifest.json"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Google+Sans"><title>CapRover | Server Dashboard</title><link href="/static/css/2.b725a3e6.chunk.css" rel="stylesheet"><link href="/static/css/main.0a701e16.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function r(r){for(var n,p,f=r[0],l=r[1],a=r[2],c=0,s=[];c<f.length;c++)p=f[c],Object.prototype.hasOwnProperty.call(o,p)&&o[p]&&s.push(o[p][0]),o[p]=0;for(n in l)Object.prototype.hasOwnProperty.call(l,n)&&(e[n]=l[n]);for(i&&i(r);s.length;)s.shift()();return u.push.apply(u,a||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,f=1;f<t.length;f++){var l=t[f];0!==o[l]&&(n=!1)}n&&(u.splice(r--,1),e=p(p.s=t[0]))}return e}var n={},o={1:0},u=[];function p(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,p),t.l=!0,t.exports}p.m=e,p.c=n,p.d=function(e,r,t){p.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},p.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},p.t=function(e,r){if(1&r&&(e=p(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(p.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)p.d(t,n,function(r){return e[r]}.bind(null,n));return t},p.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return p.d(r,"a",r),r},p.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},p.p="/";var f=this["webpackJsonpapp-frontend"]=this["webpackJsonpa* Connection #0 to host captain.local.bteoce.com left intact
pp-frontend"]||[],l=f.push.bind(f);f.push=r,f=f.slice();for(var a=0;a<f.length;a++)r(f[a]);var i=l;t()}([])</script><script src="/static/js/2.daa8c15a.chunk.js"></script><script src="/static/js/main.74a273da.chunk.js"></script></body></html>```

[githubsaturn]

Where did you run curl from? Your local machine? Your server? from inside your captain-captain container?

[Coppertine]

the VPS server, would you like me to curl from container?

[githubsaturn]

Yes.

docker exec -it $(docker ps --filter name=captain-captain -q) /bin/sh
# then run curl

[Coppertine]

[root@vps-cb215f63 ~]# docker exec -it $(docker ps --filter name=captain-captain -q) /bin/sh
# curl -v http://captain.local.bteoce.com
* Rebuilt URL to: http://captain.local.bteoce.com/
* Could not resolve host: captain.local.bteoce.com
* Closing connection 0
curl: (6) Could not resolve host: captain.local.bteoce.com
#

[githubsaturn]

There it is. Your Docker installation on your host has some network problems that makes it unable to resolve domains. This can be due to many many issues:

• Docker network adapter is misconfigured.
• Some DNS cache is blocking the domain to be resolved
• and etc...

I suggest rebooting your server, and wait for 24hr, then try again. If it still fails, try another provider, like DigitalOcean. Docker installation on DigitalOcean is pretty good and I haven't had any issues with it.

[githubsaturn]

Closing as dormant, feel free to comment if there is any other questions.