My domain is: https://svcc.mobi/
Sorry for the newby question that I see has been asked a lot with most saying "go to the getting started".
I had a consultant setup Traefik years ago on a docker container that mostly works, but the certs keep expiring for reasons I don't understand. If I reset all my docker instances, they come back for a while, but then revert to having expired a long time ago.
I wan to just start again with LetsEncrypt in my docker environment. Is there a better "Traefik" to setup multiple certs or do I somehow need to figure out what is going wrong with my current one.
For example, here is another site I setup recently on the same docker instance and it seems to be working fine. Thanks, and again, sorry for the newby question. This just isn't my space but don't want to spend a lot of money on certs.
Hello @pkellner, welcome to the Let's Encrypt community.
This is the certificate presently being served https://decoder.link/sslchecker/svcc.mobi/443, and Yes (expired 102 days ago).
And here shows a different Expired Certificate date Hardenize Report: svcc.mobi
Also using the HTTP-01 challenge of the Challenge Types - Let's Encrypt requires access to an open Port 80.
Best Practice - Keep Port 80 Open
Using the online tool Let's Debug yields these results https://letsdebug.net/svcc.mobi/1529569
svcc.mobi has an A (IPv4) record (188.8.131.52) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with svcc.mobi/184.108.40.206: Get "http://svcc.mobi/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
@0ms: Making a request to http://svcc.mobi/.well-known/acme-challenge/letsdebug-test (using initial IP 220.127.116.11)
@0ms: Dialing 18.104.22.168
@10001ms: Experienced error: context deadline exceeded
Yet I see this with
nmap -Pn -p80,443 svcc.mobi
$ nmap -Pn -p80,443 svcc.mobi
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-25 19:01 UTC
Nmap scan report for svcc.mobi (22.214.171.124)
Host is up (0.088s latency).
rDNS record for 126.96.36.199: mail.planex-import.com
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds
I am not seeing a consistent picture.
I know nothing of
Traefik, so kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.
Such inconsistencies can be due to having some sort of Geo-Location blocking OR an IPS that is maybe too strict.
I also know very little about
Traefik, so... I can't give any good advice on how to troubleshoot/correct the problem.
Also here is a list of issued certificates https://crt.sh/?q=svcc.mobi and a different view https://tools.letsdebug.net/cert-search?m=domain&q=svcc.mobi&d=2160
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.
Also it seems that HTTPS is being served on Port 80; the HTTP-01 challenge needs HTTP
$ curl -k -Ii https://svcc.mobi:80/.well-known/acme-challenge/sometestfile
content-type: text/plain; charset=utf-8
date: Sun, 25 Jun 2023 19:12:45 GMT
Can someone point me at a recommended way to manage certs from docker containers? Traefic has just been no fun and hoping there is something better. I basically have my docker containers each exposing some "not port 80 or 443" and then I believe traefic does something with letsencrypt to proxy to my different domains (just a simple 1 server setup)
I haven't tried it myself but my first thought would be to use Caddy as the web server on a container, then have that configured to serve the other sites as a reverse proxy to the apps running in the other containers. This has the advantage that Caddy will automatically manage the certs for the hostnames it knows about: Reverse proxy quick-start — Caddy Documentation
People variously use other things like nginx proxy manager in the same way.
As an aside, while using containers is generally seen as the way to go for modern deployments, if all you're doing is hosting a few web apps sometimes the easiest solution to understand is just a VM running a single webserver, serving the apps. People do have a tendency to setup containers then lose track of how they did it and never rebuild the images, so they're often running very old software albeit in a very sophisticated/complex way.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.