Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error getting validation data #195

Closed
JC-ironman opened this issue Jun 26, 2023 · 5 comments
Closed

Error getting validation data #195

JC-ironman opened this issue Jun 26, 2023 · 5 comments

Comments

@JC-ironman
Copy link

JC-ironman commented Jun 26, 2023
edited
Loading

Hi, I'm a bit stuck on using the docker compose.

My docker compose:

version: "3.8"
services:
  api:
    [...]
    
  frontend:
    [...]
  
  nginx:
    image: jonasal/nginx-certbot:latest
    container_name: <container-name>
    restart: unless-stopped
    env_file:
      - <env file>
    ports:
      - 23456:80 # I need this to be custom
      - 34567:443 # I need this to be custom
    volumes:
      - nginx_secrets:/etc/letsencrypt
      - ./nginx/dev:/etc/nginx/user_conf.d

volumes:
  nginx_secrets: {}

env file

CERTBOT_EMAIL=<my email>

./nginx/dev/nginx.conf

# nginx.conf
upstream backend {
    server api:3000;
}

upstream admin {
    server frontend;
}

server {
    listen 80;

    server_name <domain>;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name <domain>;

    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_protocols TLSv1.2;

    include mime.types;
    charset utf-8;
    client_max_body_size 512M;
    keepalive_timeout  0;

    location / {
        proxy_pass http://admin/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
    location /api {
        proxy_pass http://backend/api;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

I know that my domain is well set up. Got an error and I don't succeed to fix it

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: <domain>
  Type:   connection
  Detail: <ip>: Fetching http://<domain>/.well-known/acme-challenge/[...]: Error getting validation data

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

If you could help me it would be great !
@JonasAlfredsson
Copy link
Owner

Hi JC-ironman,

Yeah, webroot authentication only works if you have port 80 forwarded so either you have to do that or change over to the DNS challenge. This is discussed more on the Let's Encrypt forum: https://community.letsencrypt.org/t/is-port-80-required-for-renewals/121432/2

@JonasAlfredsson
Copy link
Owner

Also, there is already an HTTPS redirect included in this container: https://github.com/JonasAlfredsson/docker-nginx-certbot/blob/master/src/nginx_conf.d/redirector.conf

@JC-ironman
Copy link
Author

I tried with the example you give as example and got the same issue:

upstream backend {
    server api:3000;
}

upstream admin {
    server frontend;
}

server {
    # Listen to port 443 on both IPv4 and IPv6.
    listen 443 ssl default_server reuseport;
    listen [::]:443 ssl default_server reuseport;

    # Domain names this server should respond to.
    server_name <domain>;

    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/<domain>/chain.pem;

    location / {
        proxy_pass http://admin/;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_redirect off;
    }

    location /api {
        proxy_pass http://backend/api;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

Like I don't understand what to change in my conf to make it works. Thanks for helping me

@JonasAlfredsson
Copy link
Owner

In the docker-compose config you have

    ports:
      - 23456:80 # I need this to be custom
      - 34567:443 # I need this to be custom

If you use the HTTP-01 challenge you must have

    ports:
      - 80:80
      - 443:443

You must then make sure that port 80 is correctly forwarded to the machine where this container is running.

If you cannot forward port 80 then you will need to look into setting up this with the DNS challenge instead.

@JonasAlfredsson
Copy link
Owner

Did you manage to solve your issue?

@Fresnoth Fresnoth mentioned this issue Jul 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JonasAlfredsson @JC-ironman