Error while getting certificates

scher200 · June 8, 2018, 12:14pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bliksem.test.nl
I ran this command:
traefik acme automated certifcates (same with any other ingress in kubernetes)
It produced this output:
“log”:“time=“2018-06-08T11:51:10Z” level=error msg=“Unable to obtain ACME certificate for domains \“dummy.bliksem.test.nl\” detected thanks to rule \“Host:dummy.bliksem.test.nl\” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json \“https://acme-v02.api.letsencrypt.org/directory\”: Get https://acme-v02.api.letsencrypt.org/directory: x509: certificate is valid for ingress.local, not acme-v02.api.letsencrypt.org”\n”,“stream”:“stdout”,“time”:“2018-06-08T11:51:10.610190775Z”
My web server is (include version):
homeserver
The operating system my web server runs on is (include version):
centos 7.5
My hosting provider, if applicable, is:
Ziggo
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

_az · June 8, 2018, 12:16pm

Seems a lot like your environment is intercepting outbound connections.

Check your network and DNS setup where traefik runs to ensure it is actually reaching acme-v02.api.letsencrypt.org.

I’m not familiar with k8s but I assume you should have functional outbound internet access from Traefik’s container.

scher200 · June 8, 2018, 12:53pm

thank you for your quick reply, I just did try this:

docker-compose.yml:

  nginx-gen:
    restart: always
    image: jwilder/docker-gen
    networks:
      lb_default:
    container_name: nginx-gen
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./volumes/proxy/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro"
    volumes_from:
      - nginx
    entrypoint: /usr/local/bin/docker-gen -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

  letsencrypt-nginx-proxy-companion:
    restart: always
    networks:
      lb_default:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-nginx-proxy-companion
    volumes_from:
      - nginx
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./volumes/proxy/certs:/etc/nginx/certs:rw"
    environment:
      - NGINX_DOCKER_GEN_CONTAINER=nginx-gen

and it worked out of the box, directly in conjunction with:

version: '2'

services:
 minio:
  image: minio/minio:RELEASE.2018-06-08T03-49-38Z
  networks:
   - lb_default
  volumes:
   - /backup/data/minio:/data
  environment:
   MINIO_ACCESS_KEY: -
   MINIO_SECRET_KEY: -
   VIRTUAL_HOST: dummy.bliksem.test.nl
   VIRTUAL_NETWORK: lb_default
   VIRTUAL_PORT: 9000
   LETSENCRYPT_HOST: dummy.bliksem.test.nl
   LETSENCRYPT_EMAIL: test@test.de

  command: server /data

networks:
  lb_default:
    external: true

scher200 · June 8, 2018, 1:00pm

this is my resolv.conf:
search home leninsk.nl
nameserver 8.8.8.8
nameserver 192.168.2.254
nameserver 213.75.63.75

acme-v02.api.letsencrypt.org is resolving at my box:

curl -vvv acme-v02.api.letsencrypt.org
* About to connect() to acme-v02.api.letsencrypt.org port 80 (#0)
*   Trying 104.123.110.172...
* Connected to acme-v02.api.letsencrypt.org (104.123.110.172) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-v02.api.letsencrypt.org
> Accept: */*
>

system · July 8, 2018, 1:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.