Certificate Letsencrypt renewal error

Help
1

My domain is: forum.toestand.be

I ran this command: ./launcher rebuild app

It produced this output:
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
[Fri Apr 26 13:29:05 UTC 2019] Single domain=‘forum.toestand.be’
[Fri Apr 26 13:29:05 UTC 2019] Getting domain auth token for each domain
[Fri Apr 26 13:29:06 UTC 2019] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[Fri Apr 26 13:29:06 UTC 2019] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri Apr 26 13:29:06 UTC 2019] Installing key to:/shared/ssl/forum.toestand.be.key
[Fri Apr 26 13:29:06 UTC 2019] Installing full chain to:/shared/ssl/forum.toestand.be.cer
[Fri Apr 26 13:29:06 UTC 2019] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri Apr 26 13:29:06 UTC 2019] Reload error for :
nginx: [error] open() “/run/nginx.pid” failed (2: No such file or directory)
run-parts: /etc/runit/1.d/letsencrypt exited with return code 1

My web server is (include version): nginx (latest docker)

The operating system my web server runs on is (include version):
ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don’t know):
Can’t login to the docker, status is:
Restarting (100) 38 seconds ago

To my understanding, there must have been a bug with the auto-renewal process. The cronjob should be automatically created when building the container. I’ve already waited for a week, to get whitelisted again by letsencrypt. This is hard to debug because I can’t get into the container with the lines uncommented that activate encryption.

I’m rebuilding the app now, without encryption. Any tips on what to remove / clear to get a clean slate for enabling the SLL again, much apprectiated!! I did look at similar topics, but can’t seem to find the solution.

1 Like
2

Hi @nin_o_0

looks like your nginx doesn't support ipv6. Is there a

listen [::]:80;

directive?

1 Like
3

I saw that too, but is that the rootcause you think?

I don’t see that in my config file (app.yml)

The part that I think is relevant (and how I adapted it now, to be able to shell into the container):
templates:

  • “templates/postgres.template.yml”
  • “templates/redis.template.yml”
  • “templates/web.template.yml”
  • “templates/web.ratelimited.template.yml”

Uncomment these two lines if you wish to add Lets Encrypt (https)

- “templates/web.ssl.template.yml”

- “templates/web.letsencrypt.ssl.template.yml”

which TCP/IP ports should this container expose?

If you want Discourse to share a port with another webserver like Apache or nginx,

see https://meta.discourse.org/t/17247 for details

expose:

  • “80:80” # http

- “443:443” # https

Last lines of /shared/letsencrypt/acme.sh.log:
[Fri Apr 26 15:36:03 UTC 2019] Using config home:/shared/letsencrypt
[Fri Apr 26 15:36:03 UTC 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:36:03 UTC 2019] DOMAIN_PATH=’/shared/letsencrypt/forum.toestand.be’
[Fri Apr 26 15:36:03 UTC 2019] Installing key to:/shared/ssl/forum.toestand.be.key
[Fri Apr 26 15:36:03 UTC 2019] Installing full chain to:/shared/ssl/forum.toestand.be.cer
[Fri Apr 26 15:36:03 UTC 2019] Run reload cmd: sv reload nginx
[Fri Apr 26 15:36:03 UTC 2019] Reload error for :
[Fri Apr 26 15:37:04 UTC 2019] _main_domain=‘forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] _alt_domains=‘no’
[Fri Apr 26 15:37:04 UTC 2019] Using config home:/shared/letsencrypt
[Fri Apr 26 15:37:04 UTC 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:37:04 UTC 2019] DOMAIN_PATH=’/shared/letsencrypt/forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:37:04 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:37:04 UTC 2019] GET
[Fri Apr 26 15:37:04 UTC 2019] url=‘https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:37:04 UTC 2019] timeout=
[Fri Apr 26 15:37:04 UTC 2019] _CURL=‘curl -L --silent --dump-header /shared/letsencrypt/http.header -g ’
[Fri Apr 26 15:37:04 UTC 2019] ret=‘0’
[Fri Apr 26 15:37:04 UTC 2019] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[Fri Apr 26 15:37:04 UTC 2019] ACME_NEW_AUTHZ
[Fri Apr 26 15:37:04 UTC 2019] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Fri Apr 26 15:37:04 UTC 2019] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[Fri Apr 26 15:37:04 UTC 2019] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[Fri Apr 26 15:37:04 UTC 2019] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
[Fri Apr 26 15:37:04 UTC 2019] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Fri Apr 26 15:37:04 UTC 2019] ACME_VERSION=‘2’
[Fri Apr 26 15:37:04 UTC 2019] Le_NextRenewTime=‘1554854412’
[Fri Apr 26 15:37:04 UTC 2019] _on_before_issue
[Fri Apr 26 15:37:04 UTC 2019] _chk_main_domain=‘forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] _chk_alt_domains
[Fri Apr 26 15:37:04 UTC 2019] Le_LocalAddress
[Fri Apr 26 15:37:04 UTC 2019] d=‘forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] Check for domain=‘forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] _currentRoot=’/var/www/discourse/public’
[Fri Apr 26 15:37:04 UTC 2019] d
[Fri Apr 26 15:37:04 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Fri Apr 26 15:37:04 UTC 2019] Read key length:4096
[Fri Apr 26 15:37:04 UTC 2019] _createcsr
[Fri Apr 26 15:37:04 UTC 2019] Single domain=‘forum.toestand.be’
[Fri Apr 26 15:37:04 UTC 2019] Getting domain auth token for each domain
[Fri Apr 26 15:37:04 UTC 2019] d
[Fri Apr 26 15:37:04 UTC 2019] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Fri Apr 26 15:37:04 UTC 2019] payload=’{“identifiers”: [{“type”:“dns”,“value”:“forum.toestand.be”}]}’
[Fri Apr 26 15:37:04 UTC 2019] RSA key
[Fri Apr 26 15:37:04 UTC 2019] HEAD
[Fri Apr 26 15:37:04 UTC 2019] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Fri Apr 26 15:37:04 UTC 2019] _CURL=‘curl -L --silent --dump-header /shared/letsencrypt/http.header -g ’
[Fri Apr 26 15:37:04 UTC 2019] _ret=‘0’
[Fri Apr 26 15:37:05 UTC 2019] POST
[Fri Apr 26 15:37:05 UTC 2019] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Fri Apr 26 15:37:05 UTC 2019] _CURL=‘curl -L --silent --dump-header /shared/letsencrypt/http.header -g ’
[Fri Apr 26 15:37:05 UTC 2019] _ret=‘0’
[Fri Apr 26 15:37:05 UTC 2019] code=‘429’
[Fri Apr 26 15:37:05 UTC 2019] Le_LinkOrder
[Fri Apr 26 15:37:05 UTC 2019] Le_OrderFinalize
[Fri Apr 26 15:37:05 UTC 2019] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[Fri Apr 26 15:37:05 UTC 2019] pid
[Fri Apr 26 15:37:05 UTC 2019] No need to restore nginx, skip.
[Fri Apr 26 15:37:05 UTC 2019] _clearupdns
[Fri Apr 26 15:37:05 UTC 2019] dns_entries
[Fri Apr 26 15:37:05 UTC 2019] skip dns.
[Fri Apr 26 15:37:05 UTC 2019] _on_issue_err
[Fri Apr 26 15:37:05 UTC 2019] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri Apr 26 15:37:05 UTC 2019] Using config home:/shared/letsencrypt
[Fri Apr 26 15:37:05 UTC 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 26 15:37:05 UTC 2019] DOMAIN_PATH=’/shared/letsencrypt/forum.toestand.be’
[Fri Apr 26 15:37:05 UTC 2019] Installing key to:/shared/ssl/forum.toestand.be.key
[Fri Apr 26 15:37:05 UTC 2019] Installing full chain to:/shared/ssl/forum.toestand.be.cer
[Fri Apr 26 15:37:05 UTC 2019] Run reload cmd: sv reload nginx
[Fri Apr 26 15:37:05 UTC 2019] Reload error for :

1 Like
4

I don't know and understand your setup. Perhaps you should ask in a specialized forum how to configure such an environment.

Looks like the Letsencrypt problem is only a small side effect.

1 Like
5

Thanks for your answers and time !

This is a default docker container setup !!

The app.yml file is located at /var/discourse/containers/app.yml

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.