help please is anyone knowa why do I get this error message
traefik | time="2023-11-09T09:02:12Z" level=error msg="Unable to obtain ACME certificate for domains "aipartners.org.nz": unable to generate a certificate for the domains [aipartners.org.nz]: error: one or more domains had a problem:\n[aipartners.org.nz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=frontend@docker rule="Host(aipartners.org.nz)" providerName=myresolver.acme
Thanks
cf terminates tls at their edge, us http-01 challenge or cfs origin certificate
5 Likes
The ALPN-01 challenge cannot work with Cloudflare since the incoming TLS connection will terminate at the Cloudflare proxy, preventing the ALPN-01 challenge from reaching your origin.
I have been using Apache mod_md with ALPN-01 challenges for quite a while. I switched to HTTP-01 on sites that I moved behind Cloudflare. You can also use a DNS-01 challenge, although it's a little more involved to set up and won't provide any additional benefit.
5 Likes
Thanks for the heads up I remove cloud flare of the picture but still having a problem obtaining the cert.will try to use HTTP-01 but its challenging for me because everything run inside the docker .
1 Like
Make sure that you are using persistent storage with your container. You will do well to use the Let's Encrypt staging servers while you are trying to work things out.
If you will only access the container through the Cloudflare proxy. You might also consider using a Cloudflare Origin CA certificate or a Cloudflare Tunnel.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.