Hi all
I have several domains managed by letsencrypt (*.levillain.ml, eklectik-mood.ml) and I recently created a new domain named levillain.tk that I want to use for testing moving some of my stuff (email server, nextcloud…) to docker.
All these domains use the same IP address (actually, there all running on the same rapsberrypi)
So I created a docker container using the mailu/mailu image which manages letsencrypt automatically.
I setup the container to manage the mail domain mail.levillain.tk and I ran it.
From the mailu sources, I see it’s running the following python code to configure letsencrypt:
command = [
"certbot",
"-n", "--agree-tos", # non-interactive
"-d", os.environ["HOSTNAMES"],
"-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
"certonly", "--standalone",
"--cert-name", "mailu",
"--preferred-challenges", "http", "--http-01-port", "8008",
"--keep-until-expiring",
"--rsa-key-size", "4096",
"--config-dir", "/certs/letsencrypt",
"--post-hook", "/config.py"
]
Looking at the logs, I can see the following:
2020-05-09 08:12:17,140:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/4466700232 HTTP/1.1" 200 1551
2020-05-09 08:12:17,141:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 09 May 2020 08:12:16 GMT
Content-Type: application/json
Content-Length: 1551
Connection: keep-alive
Boulder-Requester: 85626288
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002lfRVqtvEt9HD5keN5YzCrkomLLtQP-Ebj48CmNvn7c8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mail.levillain.tk"
},
"status": "invalid",
"expires": "2020-05-16T08:12:06Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://www.levillain.ml/.well-known/acme-challenge/WQVdC9UkkLusfqx_LCsGjSvB7T-brnAO7OniPy4sYx0 [78.203.12.245]: \"\u003c!DOCT$ "status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4466700232/kSphaA",
"token": "WQVdC9UkkLusfqx_LCsGjSvB7T-brnAO7OniPy4sYx0",
"validationRecord": [
{
"url": "http://mail.levillain.tk/.well-known/acme-challenge/WQVdC9UkkLusfqx_LCsGjSvB7T-brnAO7OniPy4sYx0",
"hostname": "mail.levillain.tk",
"port": "80",
"addressesResolved": [
"78.203.12.245"
],
"addressUsed": "78.203.12.245"
},
{
"url": "https://www.levillain.ml/.well-known/acme-challenge/WQVdC9UkkLusfqx_LCsGjSvB7T-brnAO7OniPy4sYx0",
"hostname": "www.levillain.ml",
"port": "443",
"addressesResolved": [
"78.203.12.245"
],
"addressUsed": "78.203.12.245"
}
]
}
]
}
2020-05-09 08:12:17,142:DEBUG:acme.client:Storing nonce: 0002lfRVqtvEt9HD5keN5YzCrkomLLtQP-Ebj48CmNvn7c8
2020-05-09 08:12:17,143:WARNING:certbot.auth_handler:Challenge failed for domain mail.levillain.tk
2020-05-09 08:12:17,144:INFO:certbot.auth_handler:http-01 challenge for mail.levillain.tk
So, as you can see, it tried to create certificate for mail.levillain.tk but asked the challenge from https://www.levillain.ml/.well-known/… instead of https://www.levillain.tk/.well-known/…
As levillain.tk is running in the docker container, the 2 domains do not share anything…
My web server is (include version): nginx 1.16.1 in docker container
The operating system my web server runs on is (include version): alpine 3.10.5 in docker container
I can login to a root shell on my machine (yes or no, or I don’t know): I didn’t find how to login as root yet in the docker container but I can execute commands one by one as root.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): docker exec mailu_front_1 certbot --version => 0.35.1