Iâve added an nginx frontend on myboulderserver.com, but this is not enoughâŚ
I tried forwarding ports 4000 and 4001 through port 443
CURL now works with HTTPS.
But now requesting a certificate from myboulderserver.com with cerbot running on mywebapp.com does not work:
2018-07-12 08:48:40,386:DEBUG:certbot.main:certbot version: 0.25.0
2018-07-12 08:48:40,386:DEBUG:certbot.main:Arguments: [ââserverâ, âhttps://myboulderserver.comâ, ââagree-tosâ, âânginxâ, ââno-eff-emailâ, ââno-redirectâ, ââemailâ, âeshalev@cisco.comâ, â-dâ, âhttps://myboulderserver.comâ]
2018-07-12 08:48:40,387:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-07-12 08:48:40,395:DEBUG:certbot.log:Root logging level set at 20
2018-07-12 08:48:40,395:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-07-12 08:48:40,396:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-07-12 08:48:40,501:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f63f72c9710>
Prep: True
2018-07-12 08:48:40,502:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f63f72c9710> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f63f72c9710>
2018-07-12 08:48:40,503:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2018-07-12 08:48:40,601:DEBUG:acme.client:Sending GET request to https://myboulderserver.com.
2018-07-12 08:48:40,604:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): myboulderserver.com
2018-07-12 08:48:40,622:DEBUG:urllib3.connectionpool:https://myboulderserver.com âGET / HTTP/1.1â 200 None
2018-07-12 08:48:40,623:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 12 Jul 2018 08:48:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Content-Encoding: gzip
<html>
<body>
This is an <a href="https://github.com/ietf-wg-acme/acme/">ACME</a>
Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.
JSON directory is available at <a href="/directory">/directory</a>.
</body>
</html>
2018-07-12 08:48:40,623:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.25.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1323, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1078, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 642, in _init_le_client
acc, acme = _determine_account(config)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 521, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 172, in register
acme = acme_from_config_key(config, key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 50, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 721, in __init__
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1054, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 971, in _check_response
'Unexpected response Content-Type: {0}'.format(response_ct))
acme.errors.ClientError: Unexpected response Content-Type: text/html
2018-07-12 08:48:40,624:ERROR:certbot.log:An unexpected error occurred:
Finally:
I can clearly see that there is an existing HTTPS interface on ports 44301 and 44300. This is serving non-authenticated https certificates. Wouldnât it be better to just get this to work somehow? Is there another dockerfile which uses them by default?
When I look at what I get when I just add query my nginx frontent I see that it is serving dev-configuration json that is comming from inside the docker images (not served from my source). See all the references for localhost. This has me questioning if I should be using the provided dockerfiles at allâŚ
curl https://myboulderserver.com/directory
{
"key-change": "http://localhost:4000/acme/key-change",
"meta": {
"caaIdentities": [
"happy-hacker-ca.invalid"
],
"terms-of-service": "http://boulder:4000/terms/v1",
"website": "https://github.com/letsencrypt/boulder"
},
"new-authz": "http://localhost:4000/acme/new-authz",
"new-cert": "http://localhost:4000/acme/new-cert",
"new-reg": "http://localhost:4000/acme/new-reg",
"revoke-cert": "http://localhost:4000/acme/revoke-cert",
"vBALMlU07hw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"