Error:unauthorized :: Cannot negotiate ALPN protocol

aipartnerslimited · November 9, 2023, 9:25am

help please is anyone knowa why do I get this error message
traefik | time="2023-11-09T09:02:12Z" level=error msg="Unable to obtain ACME certificate for domains "aipartners.org.nz": unable to generate a certificate for the domains [aipartners.org.nz]: error: one or more domains had a problem:\n[aipartners.org.nz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=frontend@docker rule="Host(aipartners.org.nz)" providerName=myresolver.acme
Thanks

orangepizza · November 9, 2023, 10:21am

cf terminates tls at their edge, us http-01 challenge or cfs origin certificate

linkp · November 9, 2023, 2:43pm

The ALPN-01 challenge cannot work with Cloudflare since the incoming TLS connection will terminate at the Cloudflare proxy, preventing the ALPN-01 challenge from reaching your origin.

I have been using Apache mod_md with ALPN-01 challenges for quite a while. I switched to HTTP-01 on sites that I moved behind Cloudflare. You can also use a DNS-01 challenge, although it's a little more involved to set up and won't provide any additional benefit.

aipartnerslimited · November 10, 2023, 9:52am

Thanks for the heads up I remove cloud flare of the picture but still having a problem obtaining the cert.will try to use HTTP-01 but its challenging for me because everything run inside the docker .

linkp · November 10, 2023, 2:45pm

Make sure that you are using persistent storage with your container. You will do well to use the Let's Encrypt staging servers while you are trying to work things out.

If you will only access the container through the Cloudflare proxy. You might also consider using a Cloudflare Origin CA certificate or a Cloudflare Tunnel.