Deploying Boulder in Production

c-eshalev · July 12, 2018, 9:35am

I don't understand what you are asking here.

One thing I can say is that the exact same certbot command on my mywebapp.com works with the default letsencrypt.org.
It fails only when I run it with: --server https://myboulderserver.com

Aside from this the encoding headers for the /directory look correct (see below). I don't think NGINX is meddling with anything here. You will also note that the error message I posted looked like it was relating to the site root, as that was the text that apears in log right before the exception.

But putting all of this aside, the fact that the directory is serving links "localhost" instead of myboulderserver.com makes me think that approach of using this dockerfile might be wrong. (this json looks like it's baked into the image)

$ curl -v https://myboulderserver.com/directory

ALPN, offering http/1.1
SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
server certificate verification OK
server certificate status verification SKIPPED
common name: CENSORED
server certificate expiration date OK
server certificate activation date OK
certificate public key: RSA
certificate version: #3
subject: CN=boulder.ctao6.net
start date: Thu, 12 Jul 2018 07:16:14 GMT
expire date: Wed, 10 Oct 2018 07:16:14 GMT
issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
compression: NULL
ALPN, server accepted to use http/1.1

GET /directory HTTP/1.1
Host: CENSORED
User-Agent: curl/7.47.0
Accept: /

< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Thu, 12 Jul 2018 09:27:43 GMT
< Content-Type: application/json
< Content-Length: 569
< Connection: keep-alive
< Cache-Control: public, max-age=0, no-cache
< Replay-Nonce: 272zwtipRlbQMUvabUsfJTkZQ0CIxx8ACCJ_ZPnax7s
<
{
"a_OR_XmKTcQ": "Adding random entries to the directory",
"key-change": "http://localhost:4000/acme/key-change",
"meta": {
"caaIdentities": [
"happy-hacker-ca.invalid"
],
"terms-of-service": "http://boulder:4000/terms/v1",
"website": "GitHub - letsencrypt/boulder: An ACME-based certificate authority, written in Go."
},
"new-authz": "http://localhost:4000/acme/new-authz",
"new-cert": "http://localhost:4000/acme/new-cert",
"new-reg": "http://localhost:4000/acme/new-reg",
"revoke-cert": "http://localhost:4000/acme/revoke-cert"

Connection #0 to host mybouldersever.com left intact

Topic		Replies	Views
Simple Boulder server setup Server	13	6064	April 8, 2018
Urn:acme:error:connection :: The server could not connect to the client to verify the domain Help	15	6302	August 1, 2019
Boulder -Initial Version of Boulder Deplyment in Production Help	14	1347	October 16, 2021
Deploying Boulder in my machine Help	12	1993	August 2, 2020
Boulder deploy in production Help	6	2124	September 20, 2019

Deploying Boulder in Production

Related topics