My domain is:
maggiandpaul.com (Machine’s FQDN is mail.maggiandpaul.com)
I ran this command:
From within Post.IO’s web interface, I clicked the button to renew my certificate
It produced this output:
[2019-09-24 16:12:13] LEScript.INFO: Account already registered. Continuing.
[2019-09-24 16:12:13] LEScript.INFO: Starting certificate generation process for domains
[2019-09-24 16:12:13] LEScript.INFO: Requesting challenge for mail.maggiandpaul.com
[2019-09-24 16:12:13] LEScript.INFO: Sending signed request to /acme/new-authz
[2019-09-24 16:12:13] LEScript.INFO: Got challenge token for mail.maggiandpaul.com
[2019-09-24 16:12:13] LEScript.INFO: Token for mail.maggiandpaul.com saved at /opt/www//.well-known/acme-challenge/gBJo_qfPd_P1wWrVj6zawZ2VENpLIA30rn_hXNOu5zw and should be available at http://mail.maggiandpaul.com/.well-known/acme-challenge/gBJo_qfPd_P1wWrVj6zawZ2VENpLIA30rn_hXNOu5zw
My web server is (include version):
nginx 1.14.2
The operating system my web server runs on is (include version):
Docker running on UnRaid
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
Unsure as this is built into poste.io
Ok, So I have an Ubuntu firewall running and my mailserver is in a Docker container running on a host (UnRaid) inside my network. The host uses Port 80, so I have port 8280 exposed on the host for http:// connections and then my firewall is port forwarding incoming 80 to 8280 on my host.
If I try to issue a certificate for my mailserver. It seems to work, but stops at the point where it says the challenge should be available. If I connect to the URL from a web browser on a machine outside my network, it finds the challenge file ok, so I figure all the port switching is doing it’s job. Yet for some reason, the certificate never gets created.
Are there any other ports I need to open? Are there any other logs I can check? I’m at a complete loss and this is getting anoying as I need the cert to be able to connect to my mailserver from my iPhone etc!
Any thoughts?