(dokku) trying to get SSL certificate return 404

GXcode95 · October 22, 2023, 1:40pm

My domain is:
dokkur7.xyz

I ran this command:
dokku letsencrypt:enable test-rails

It produced this output:

=====> Enabling letsencrypt for test-rails
-----> Enabling ACME proxy for test-rails...
-----> Getting letsencrypt certificate for test-rails via HTTP-01
        - Domain 'dokkur7.xyz'
2023/10/22 13:28:01 [INFO] [dokkur7.xyz] acme: Obtaining bundled SAN certificate
2023/10/22 13:28:02 [INFO] [dokkur7.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/276337780556
2023/10/22 13:28:02 [INFO] [dokkur7.xyz] acme: Could not find solver for: tls-alpn-01
2023/10/22 13:28:02 [INFO] [dokkur7.xyz] acme: use http-01 solver
2023/10/22 13:28:02 [INFO] [dokkur7.xyz] acme: Trying to solve HTTP-01
2023/10/22 13:28:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/276337780556
2023/10/22 13:28:07 Could not obtain certificates:
	error: one or more domains had a problem:
[dokkur7.xyz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 78.47.123.141: Invalid response from http://dokkur7.xyz/.well-known/acme-challenge/NmCBWhYNvKReQTxFBC5UZCDgtCdIijsZwv8wcYvuKKU: 404
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for test-rails...
 !     Failed to setup letsencrypt
 !     Check log output for further information on failure

My web server is (include version):
CAX11 (not sure it's the correct answer here ?)

The operating system my web server runs on is (include version):
Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is:
hetzner cloud

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
i'm using dokku 0.32

I'm really new to all that server stuff, I've been coding rails for 2 years and wanted to try to deploy my own app with dokku. Took a domain name from Namecheap. My deploy seems to work, but now I want to enable SSL but keep getting 404 when I try to request the certificate.

It's the first time I deal with SSL certificate, hope someone here could help me .

MikeMcQ · October 22, 2023, 2:25pm

I don't use that environ so can't be too specific.

First, your webserver is nginx. Did you configure that manually? The 404 error means the Let's Encrypt Server could not find the expected challenge token. That token should be created by the dokku letsencrypt command before it requests the cert from LE. This is how LE proves you have control over that domain name.

We don't often see that kind of system here but someone else may know more
anyway. You could also try posting at the github for that ACME client. People there will be more experienced with your system's configuration options like how it interacts with your nginx to get the cert.

Bruce5051 · October 23, 2023, 4:29pm

@GXcode95, Side note: Port 443 is closed

$ nmap -Pn -p80,443 dokkur7.xyz
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-23 16:27 UTC
Nmap scan report for dokkur7.xyz (78.47.123.141)
Host is up (0.19s latency).
rDNS record for 78.47.123.141: static.141.123.47.78.clients.your-server.de

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds

system · November 22, 2023, 4:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.