Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need assistance in private beta... #34

Closed
sharpner opened this issue Nov 20, 2015 · 10 comments
Closed

Need assistance in private beta... #34

sharpner opened this issue Nov 20, 2015 · 10 comments

Comments

@sharpner
Copy link

Hi sorry if this is more of a stupid error by me, but I can't get lego to work on my server.

Running letsencryt-auto works and creates certificates:
/opt/letsencrypt/letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth -d sub.mydomain.com--standalone

Running lego:

./Go/bin/lego --domains=sub.mydomain.com -B 4096 --email="sharpner@mydomain.com" --port 10443 -s "https://acme-v01.api.letsencrypt.org/" run

gets me:

2015/11/20 16:24:52 [INFO] acme: Obtaining bundled SAN certificate for mydomain.com
2015/11/20 16:24:53 [INFO] acme: Trying to solve HTTP-01
2015/11/20 16:24:54 [mydomain.com] Could not obtain certificates
    The server could not validate our request.

Can you help me out here? I even tried the add-tls-sni-challenge branch, but with the same results.
@xenolf
Copy link
Member

xenolf commented Nov 20, 2015

Is there an active proxy listening on port 80 which forwards traffic to the opt port 10443 you told lego to bind to?

LE will try to access your server on port 80 for HTTP-01.

@sharpner
Copy link
Author

damn thank you. I hoped I would be able to use a different port than either 80/443. It sucks to disable the nginx to update the certificates.

But it works now, awesome =)

@xenolf
Copy link
Member

xenolf commented Nov 20, 2015

You don't have to disable nginx. That's what the optPort is for. You could just add a temporary proxy directive to the nginx config to pass all traffic on the path /.well-known/acme/ to port 10443. :)

@sharpner
Copy link
Author

let me try this. Thanks for the support! :-)

@xenolf
Copy link
Member

xenolf commented Nov 20, 2015

No problem. I know that this is kind of a convoluted way to work around nginx at the moment but as soon as we merge #32 and #16 we are able to put the token into the nginx webroot to let nginx serve it.

@sharpner
Copy link
Author

its also hard to find that workaround in the first place.

You probably have to read the whole spec get which folder to proxy.

@xenolf
Copy link
Member

xenolf commented Nov 20, 2015

I agree. I should probably improve the documentation on what optPort is for.

@sharpner
Copy link
Author

Thanks for the awesome project btw.

@xenolf
Copy link
Member

xenolf commented Nov 20, 2015

My pleasure :)

@sharpner
Copy link
Author

Just for the record, that's the nginx proxy i used:

      location /.well-known/acme-challenge/ {
                proxy_ssl_session_reuse off;

                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;
                add_header Strict-Transport-Security "max-age=31536000";

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $http_host;

                proxy_pass http://172.17.42.1:9999;
       }

Thanks again :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sharpner @xenolf