I’m having trouble creating a cert on EC2 with traefik.
Any one know of specific issues with Amazon limiting lets encrypt specific requests to they may have a connection problem, specifically with urn:ietf:params:acme:error:connection error?
I’ve posted in the traefik forum too, but haven’t gotten any insight. Please let me know if something jumps out at you
ERRO[2020-06-23T06:10:04Z] Unable to obtain ACME certificate for domains "admin.mydomain.org,services.mydomain.org" : unable to generate a certificate for the domains [admin.mydomain.org services.mydomain.org]: error: one or more domains had a problem:
[admin.mydomain.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://admin.mydomain.org/.well-known/acme-challenge/HpuYRG-QtAtJbO5BJKo31uSIYa-AVI_W9oPLiE7wizo: Connection refused, url:
[services.mydomain.org] failed to initiate challenge: acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/67923807/C_bkXA :: urn:ietf:params:acme:error:malformed :: Unable to update challenge :: authorization must be pending, url: providerName=mydomain-challenge.acme
Not necessarily.
From the log you provided, it just means Let's Encryt can't connect to your server due to closed / filtered or whatever reasons so they can't create the certificate.
Since you masked your domain, that's all i know.
So let’s encrypt cannot connect to the outside world from the ec2 box?
I just manually installed cerbot, so I can test it without traefik… and looks like “certbot doesn’t know how to configure a server on this system”.
ubuntu@ip-10-10-0-132:~/traefik$ sudo certbot Saving debug log to /var/log/letsencrypt/letsencrypt.log Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
That error message, as it described means port 80 of your EC2 machine are either not open or blocked. It might be a security group settings, or a setting on your EC2 VM’s firewall.
Before the last message i send, the port 80 and 443 were closed and now it’s open.
Can you try to issue the certificates again? (You can try to issue with traeflk)