ubuntu@ip-172-31-34-187:/data/compose/1/data/nginx/proxy_host$ cat 2.conf
# ------------------------------------------------------------
# portainer.the-dodo.de
# ------------------------------------------------------------
server {
set $forward_scheme https;
set $server "portainer";
set $port 9443;
listen 80;
listen [::]:80;
server_name portainer.the-dodo.de;
# Block Exploits
include conf.d/include/block-exploits.conf;
access_log /data/logs/proxy-host-2_access.log proxy;
error_log /data/logs/proxy-host-2_error.log warn;
location / {
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
actually this is the log from the files here so proxhost 2
ubuntu@ip-172-31-34-187:/data/compose/1/data/logs$ cat proxy-host-2_error.log
2023/05/03 19:30:03 [error] 4451#4451: *155 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de"
2023/05/03 19:38:49 [error] 5572#5572: *205 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de"
2023/05/04 12:59:05 [error] 183198#183198: *403 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 12:59:05 [error] 183198#183198: *403 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET /favicon.ico HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://portainer.the-dodo.de/"
2023/05/04 15:51:12 [error] 217730#217730: *560 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de"
2023/05/04 16:31:15 [error] 226269#226269: *698 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de"
2023/05/04 16:33:56 [error] 226269#226269: *717 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:09 [error] 226269#226269: *718 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:10 [error] 231277#231277: *723 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:10 [error] 231277#231277: *723 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:10 [error] 231277#231277: *723 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:11 [error] 231277#231277: *723 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
2023/05/04 16:34:17 [error] 231277#231277: *723 portainer could not be resolved (2: Server failure), client: 172.18.0.1, server: portainer.the-dodo.de, request: "GET / HTTP/1.1", host: "portainer.the-dodo.de", referrer: "http://172.31.34.187:81/"
ubuntu@ip-172-31-34-187:/data/compose/1/data/logs$
[5/6/2023] [12:17:49 AM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf
[5/6/2023] [12:17:49 AM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/proxy_host/1.conf.err
[5/6/2023] [12:17:49 AM] [Nginx ] › ⬤ debug Could not delete file: {
"errno": -2,
"syscall": "unlink",
"code": "ENOENT",
"path": "/data/nginx/proxy_host/1.conf.err"
}
[5/6/2023] [12:17:49 AM] [Nginx ] › ℹ info Reloading Nginx
[5/6/2023] [12:17:54 AM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #11: portainer.the-dodo.de
[5/6/2023] [12:17:54 AM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
[5/6/2023] [12:17:57 AM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_11.conf
[5/6/2023] [12:17:57 AM] [Nginx ] › ℹ info Reloading Nginx
[5/6/2023] [12:17:57 AM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-11" --agree-tos --authenticator webroot --email "dominik261@outlook.de" --preferred-challenges "dns,http" --domains "portainer.the-dodo.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
ubuntu@ip-172-31-34-187:/tmp/letsencrypt-log$ cat letsencrypt.log
2023-05-06 00:01:54,488:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /home/ubuntu/01-Dev/Web/.well-known/acme-challenge
2023-05-06 00:01:54,489:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /home/ubuntu/01-Dev/Web/.well-known/acme-challenge/u9Q_uCscXhbb16Xc0GTKQ3J_h5wrK16_DIb8gREXbs4
2023-05-06 00:01:54,490:DEBUG:acme.client:JWS payload:
b'{}'
2023-05-06 00:01:54,491:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/225308204957/-f7zyw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5NTc5MjY5NyIsICJub25jZSI6ICIyNzEyZjE2WndqV2RHbkt4TUJiaXMxV19NeFBiNTliQXFGSlh5dXBId2NOLXRKcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjI1MzA4MjA0OTU3Ly1mN3p5dyJ9",
"signature": "Yrqq8NSKA_3BeXlv2PjOeHN-uUyrLu5KMD3QDX9KM4chOoNfIEJh2Ma2mxEm53cuTbjYpHBBCGBrQp3KeagG1jZsOT-L2Qa2bfsUxmFkREWxTnTN4VY1TmAeMyUMmGjDTgFebL8MHG2XV5sMQwcwhIuFBAjQkHOyD69h-pSLtghEVhR1jTfhnn1HpApdwm0MGEWZTEuRqSxx0RBSWEiV4EGy27sAjM9AfmyNQmJ9v5JugX6fO1Syy1KD1wjhVXV8mHJrP5uhlIYtkhOZcXAJxVFLCYu46Mdzw_WGYPkZbHNX3E1BrNDfe46wjqlFn9qAl_RJGOKwZOiw1i63CeBfQw",
"payload": "e30"
}
2023-05-06 00:01:54,653:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/225308204957/-f7zyw HTTP/1.1" 200 187
2023-05-06 00:01:54,654:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 May 2023 00:01:54 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1095792697
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/225308204957>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/225308204957/-f7zyw
Replay-Nonce: 4397yn4JXYzUDqlCh2d9S_mKjdSmaqcclateTDfQqhBJElw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/225308204957/-f7zyw",
"token": "u9Q_uCscXhbb16Xc0GTKQ3J_h5wrK16_DIb8gREXbs4"
}
2023-05-06 00:01:54,654:DEBUG:acme.client:Storing nonce: 4397yn4JXYzUDqlCh2d9S_mKjdSmaqcclateTDfQqhBJElw
2023-05-06 00:01:54,654:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-05-06 00:01:55,656:DEBUG:acme.client:JWS payload:
b''
2023-05-06 00:01:55,657:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/225308204957:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5NTc5MjY5NyIsICJub25jZSI6ICI0Mzk3eW40SlhZelVEcWxDaDJkOVNfbUtqZFNtYXFjY2xhdGVURGZRcWhCSkVsdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjI1MzA4MjA0OTU3In0",
"signature": "fWRg1GCN9MDClfSRzHYrwGixY7IqGnN2MALg-XNhHqBUQcjgppyihIMTLKe9VkmoyFB5WOMEu8MCZl8NxeZd9uc_8Fr_o5f7SWC1DIHxMOis1ahOyod-b6MKu8eub4J3esu-fF75nG9gV4xafdhQKCMXQIzmFMBTaWvG-j2YbfEJUWybGwM9qwIc0Y9utGiTCBGb1j3t0t2gJxTE7I-8lRbmRxr2aOqB8iYNNJ8omsxqi23dZYKvJCGSfAyBFnRNwKdFH2C8VP1WBlK17Xdwrx17fhqbKH-5itc1kAAD1SHV1LHbMOOX_X1rU8BA9Op_yJPlzvXEOav0FiKSECFUKA",
"payload": ""
}
2023-05-06 00:01:55,817:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/225308204957 HTTP/1.1" 200 644
2023-05-06 00:01:55,818:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 May 2023 00:01:55 GMT
Content-Type: application/json
Content-Length: 644
Connection: keep-alive
Boulder-Requester: 1095792697
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712KOqgcl5HnN5glC_5W2NgRuPdiW9cwmZW-2TZdYK23mA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "portainer.the-dodo.de"
},
"status": "invalid",
"expires": "2023-05-12T23:57:52Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "no valid A records found for portainer.the-dodo.de; no valid AAAA records found for portainer.the-dodo.de",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/225308204957/-f7zyw",
"token": "u9Q_uCscXhbb16Xc0GTKQ3J_h5wrK16_DIb8gREXbs4",
"validated": "2023-05-06T00:01:54Z"
}
]
}
2023-05-06 00:01:55,818:DEBUG:acme.client:Storing nonce: 2712KOqgcl5HnN5glC_5W2NgRuPdiW9cwmZW-2TZdYK23mA
2023-05-06 00:01:55,818:INFO:certbot._internal.auth_handler:Challenge failed for domain portainer.the-dodo.de
2023-05-06 00:01:55,819:INFO:certbot._internal.auth_handler:http-01 challenge for portainer.the-dodo.de
2023-05-06 00:01:55,819:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: portainer.the-dodo.de
Type: dns
Detail: no valid A records found for portainer.the-dodo.de; no valid AAAA records found for portainer.the-dodo.de
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2023-05-06 00:01:55,820:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-05-06 00:01:55,820:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-05-06 00:01:55,820:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-05-06 00:01:55,820:DEBUG:certbot._internal.plugins.webroot:Removing /home/ubuntu/01-Dev/Web/.well-known/acme-challenge/u9Q_uCscXhbb16Xc0GTKQ3J_h5wrK16_DIb8gREXbs4
2023-05-06 00:01:55,821:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-05-06 00:01:55,821:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/2913/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
return config.func(config, plugins)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-05-06 00:01:55,825:ERROR:certbot._internal.log:Some challenges have failed.
ubuntu@ip-172-31-34-187:/tmp/letsencrypt-log$
Okay, anyway, I'll throw them down. How do I do that?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.