-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let's encrypt certificate cannot be renewed #550
Comments
Any Errors ? |
This is the log from acme:
|
The User 'Mailcow' has no Perm to If this is false Correct me (Sry for my Bad English I'm from Germany :D) |
I have also seen the "no Perm to /var/lib/acme/acme/* " entry in the log, but I don't know how to resolve this. P.S.: Ich habe kein Problem mit deinem English, meins ist auch nicht wirklich perfekt! ;-) |
Normaly its on port 80 i didn't change anything in the config and it works... (Hab keine Ahnung von den Proxy etc xD) |
Alternativ set something on port 80 |
I have changed /var/lib/acme/acme/* permission, but the error is still there. |
You can Try to deleat the acme and nginx volume from docker to reconfigure it |
I can't find a acme and nginx volume.
|
Hi there, I just wanted to ask if there is a solution on the issue above, cause I have the same prblem and absolute no clue how to solve it. |
It says connection refused. Maybe a firewall that blocks ipv6 forwarding? |
Any fix on this error, I've got this error message when I look into my logs for acme-mailcow
I've deleted and recreated the acme-mailcow, run the update.sh still don't know what to do. Looking at the private folder, I've seen that I don't have any backup/update since mid-November 2017 and now my certificate is expired. Any thoughts? Thanks Matt |
Hi Matt,
Do you habe an AAAA recorder for ipv6?
If so, disablese it.
The second thing for me was to disable all domains that are not linked with
AA records. I prepared a domain that was linked with a different IP.
Hope it helps.
Best regards,
Ingo
Am 12. Januar 2018 12:46:31 vorm. schrieb dixquatre <notifications@github.com>:
… Any fix on this error, I've got this error message when I look into my logs
for acme-mailcow
```
acme-mailcow_1 | Thu Jan 11 23:20:15 UTC 2018 - Found A record for
mail.royfortin.ca: 69.70.3.77
acme-mailcow_1 | Thu Jan 11 23:20:15 UTC 2018 - Confirmed A record
mail.royfortin.ca
acme-mailcow_1 | acme-client:
/var/lib/acme/acme/private/account.key: account key exists (not creating)
acme-mailcow_1 | acme-client:
/var/lib/acme/acme/private/privkey.pem: domain key exists (not creating)
acme-mailcow_1 | acme-client: adding SAN: autoconfig.royfortin.ca
acme-mailcow_1 | acme-client: adding SAN: autodiscover.royfortin.ca
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/directory: directories
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS:
96.7.204.37
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS:
2600:140a:0:1a7::3d5
acme-mailcow_1 | acme-client: acme-v01.api.letsencrypt.org: DNS:
2600:140a:0:196::3d5
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:
mail.royfortin.ca
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:
autoconfig.royfortin.ca
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:
autodiscover.royfortin.ca
acme-mailcow_1 | acme-client:
/var/www/acme/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc: created
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571:
challenge
acme-mailcow_1 | acme-client:
/var/www/acme/d-FAKIFTGQ6vhOHrRLwiROAQZvckHKCG-EMiyiOwsXY: created
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/RjG3LoBxlPeZBLJBtj0mlw5kL4plk7EBf8h4W-DupZM/3059681654:
challenge
acme-mailcow_1 | acme-client:
/var/www/acme/-ipKkQL6KprMyIPsohwrwKn9cldurO5JLHyYOORBE58: created
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/GsdaOSWvUHq4DC80TjVrfdSAHTnzA9JFd4QzssuP72c/3059681736:
challenge
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571:
status
acme-mailcow_1 | acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571:
bad response
acme-mailcow_1 | acme-client: transfer buffer: [{ "type":
"http-01", "status": "invalid", "error": { "type":
"urn:acme:error:connection", "detail": "Fetching
http://mail.royfortin.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc:
Error getting validation data", "status": 400 }, "uri":
"https://acme-v01.api.letsencrypt.org/acme/challenge/oE-CUxddLtiTzmVfySBQVulzV-5QWxegOHNwLI1rxY0/3059681571",
"token": "3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc", "keyAuthorization":
"3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc.ydinuoc0SKNQbeIlgoB6mWSV2OoEPhZfdpGI_pdJvlo",
"validationRecord": [ { "url":
"http://mail.royfortin.ca/.well-known/acme-challenge/3hG-Ro2TEHvEDOWO69Sjkwh3Q_oLc0O7-0KTanQ6QGc",
"hostname": "mail.royfortin.ca", "port": "80", "addressesResolved": [
"69.70.3.77" ], "addressUsed": "69.70.3.77", "addressesTried": [] } ] }]
(899 bytes)
acme-mailcow_1 | acme-client: bad exit: netproc(3623): 1
acme-mailcow_1 | Thu Jan 11 23:20:24 UTC 2018 - Verified hashes.
acme-mailcow_1 | Thu Jan 11 23:20:24 UTC 2018 - Retrying in 30
minutes...
```
I've deleted and recreated the acme-mailcow, run the update.sh still don't
know what to do. Looking at the private folder, I've seen that I don't have
any backup/update since mid-November 2017 and now my certificate is expired.
Any thoughts?
Thanks
Matt
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#550 (comment)
|
Thanks for the input. I don't have any AAAA since my provider does not provide any yet. I'll check my other records too. In the mean time, is there a way to manually renew the certificate? Could I use certbot install locally and then move/copy the certificate to the folder? Matt |
Hi Matt,
In case of manually renew your certs i cannot help.
Unfortunately I'm not an expert in these docker things.
By default Ich think it isn't possible cause of docker nginx is listening
on Port 80 and 443.
To renew with certbot you habe to run a Webserver listening on Port 80.
Best wishes,
Ingo
Am 12. Januar 2018 2:00:37 nachm. schrieb dixquatre <notifications@github.com>:
… Thanks for the input. I don't have any AAAA since my provider does not
provide any yet.
I'll check my other records too.
In the mean time, is there a way to manually renew the certificate? Could I
use certbot install locally and then move/copy the certificate to the folder?
Matt
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#550 (comment)
|
Hi,
I have a problem with renewing of the Let's encrypt certificate.
I think the problem is that port 80 does not work, but dokumentations says "mailcow must be available on port 80 for the acme-client to work". Unfortunately, I do not know why this is so.
Maybe someone can help me solve the problem.
mailcow.conf:
site.conf
The text was updated successfully, but these errors were encountered: