My domain is:
ctm-dr.com
I ran this command:
Using traefik's integration with let's encrypt. I ran no command directly.
My web server is (include version):
traefik 2.8.3
The operating system my web server runs on is (include version):
amazon linux 2
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): NA, using traefik
Environment:
AWS Cloudfront -> AWS Network Load Balancer -> traefik (traefik:v2.8.3 docker containers)
I'm getting this error:
Cannot retrieve the ACME challenge for ninja-external-6c54d4df686a3499.elb.us-west-2.amazonaws.com (token \"_VUVT-UK84_sTe5Jh6TjMeFZ_8ajaMN7OTTgg8_r96I\"): cannot find challenge for token \"_VUVT-UK84_sTe5Jh6TjMeFZ_8ajaMN7OTTgg8_r96I\" (ninja-external-6c54d4df686a3499.elb.us-west-2.amazonaws.com)
I think it's because LE is making a request to ctm-dr.com (cloudfront) which makes a request to the origin (the amazonaws.com domain), and traefik sees the request as if it's on that domain and not ctm-dr.com -- so it's throwing the above error.
At least I think that's what's going on...?
So, question - is it even possible to do a HTTP challange given the above setup? Is the domain translation jacking everything up?
I've looked high and low for some configuration that might "forward" the originating domain through the load balancer, but i've yet to see something like that. If there is, I'd love to try it out.
Any ideas? Thank you!
PS. Double posted this "issue" to the traefik forums here. A bit more traefik specific information there, but I think this is more an AWS/let's encrypt issue, than a traefik issue: