# hello-world-webserver/Dockerfile
FROM python:3.8-slim
# Set the working directory in the container
WORKDIR /usr/src/app
# Copy the content of the local src directory to the working directory
COPY ./html /usr/src/app
# Command to run on container start
CMD [ "python", "-m", "http.server", "3333" ]
My certbot(lets encrypt) is going to run also via docker-compose:
But every single time when I run that command I get an output like this:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: goldenrodastrology.com
Type: connection
Detail: 5.15.101.220: Fetching http://goldenrodastrology.com/.well-known/acme-challenge/0dXcDP7Hwc9FO8hCT_5zleRze_maWHqZUavvgFicDHk: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Can anyone explain to me what exactly I am doing wrong?
Hi @Vildnex, and welcome to the LE community forum
Well, the certbot docker image isn't serving HTTP [TCP port 80].
Those incoming connections seem to be directed through the astrology_backend [192.168.0.98:8888].
And that one seems to proxy that the astrology_server [192.168.0.98:3333].
And that one has access to:
Now the certbot image has access to only:
I don't see how certbot [running in --standalone mode] can place a challenge file in the location expected to serve it.
There is a web server defined to handle the acme-challenge request.
[certbot won't hear those challenge requests]
certbot doesn't have access to the folder where the webserver would look to serve the challange requests.
If I understand it correctly by doing these changes into my docker-compose I should share the same files and folder between the containers such that they will have access.
I am not sure what do you me by this There is a web server defined to handle the acme-challenge request. [certbot won't hear those challenge requests]
Should this be fixed by the ha proxy configuration from below?
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
I've tried and I still have the same error message:
astro_sanzi-certbot-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
astro_sanzi-certbot-1 | Requesting a certificate for goldenrodastrology.com
astro_sanzi-certbot-1 |
astro_sanzi-certbot-1 | Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
astro_sanzi-certbot-1 | Domain: goldenrodastrology.com
astro_sanzi-certbot-1 | Type: connection
astro_sanzi-certbot-1 | Detail: 5.15.101.220: Fetching http://goldenrodastrology.com/.well-known/acme-challenge/KJ6m4zC4_bWrIHI5lZIB7e8J7HLGplxDREvFhbqqIbk: Timeout during connect (likely firewall problem)
astro_sanzi-certbot-1 |
astro_sanzi-certbot-1 | Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
astro_sanzi-certbot-1 |
astro_sanzi-certbot-1 | Some challenges have failed.
astro_sanzi-certbot-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
astro_sanzi-certbot-1 exited with code 1
Regarding the second question, if you are talking about the IP, it has changed starting yesterday because I had a power shortage at my hose and since I have a Dynamic IP this has changed.
Regarding the first one, is not blocked so far as I'm aware. But even so, cand it be changed because I'm using docker?
Using Docker isn't a reason for not being able to make a change.
Understanding where the problem is and changing whatever needs to be changed it essential.
I don't yet know where the problem is; So, I can't tell you what/where to make any change.
I'd say: Follow the packet.
Use tcpdump or wireshark to "see" what is going on in the wire(s).
Review any available log files to understand what those systems see [and how they are handling those requests] - You may have to turn logging up [in some places - to better understand what they are doing].
Unfortunately, most of that has nothing to do with this forum.
As you can see, the Internet can't reach your website [that has nothing to do with a certificate nor this forum]:
Meaning/Take-away: Even if I were to email you a certificate, it won't help you fix that problem. You have to fix the connectivity problem first - it is in the way of everything else [including the Internet reaching your site].
Right, my bad, now I understand what you meant. I stopped the server yesterday, that's why it was not working. But I started it now and you can check it if you want. Now should work.
You can check It yourself using let's debug or various other tools already mentioned. You could even use a mobile phone with WiFi turned off so you use your carrier network. Here is a link to let's debug again
Just click rerun test at the top to refresh or go to its home page and enter the domain over again
.