LE Certificate Generation "sticking" from Poste.io

My domain is:
maggiandpaul.com (Machine’s FQDN is mail.maggiandpaul.com)
I ran this command:
From within Post.IO’s web interface, I clicked the button to renew my certificate
It produced this output:

[2019-09-24 16:12:13] LEScript.INFO: Account already registered. Continuing.
[2019-09-24 16:12:13] LEScript.INFO: Starting certificate generation process for domains
[2019-09-24 16:12:13] LEScript.INFO: Requesting challenge for mail.maggiandpaul.com
[2019-09-24 16:12:13] LEScript.INFO: Sending signed request to /acme/new-authz
[2019-09-24 16:12:13] LEScript.INFO: Got challenge token for mail.maggiandpaul.com
[2019-09-24 16:12:13] LEScript.INFO: Token for mail.maggiandpaul.com saved at /opt/www//.well-known/acme-challenge/gBJo_qfPd_P1wWrVj6zawZ2VENpLIA30rn_hXNOu5zw and should be available at http://mail.maggiandpaul.com/.well-known/acme-challenge/gBJo_qfPd_P1wWrVj6zawZ2VENpLIA30rn_hXNOu5zw

My web server is (include version):
nginx 1.14.2
The operating system my web server runs on is (include version):
Docker running on UnRaid
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Unsure as this is built into poste.io

Ok, So I have an Ubuntu firewall running and my mailserver is in a Docker container running on a host (UnRaid) inside my network. The host uses Port 80, so I have port 8280 exposed on the host for http:// connections and then my firewall is port forwarding incoming 80 to 8280 on my host.

If I try to issue a certificate for my mailserver. It seems to work, but stops at the point where it says the challenge should be available. If I connect to the URL from a web browser on a machine outside my network, it finds the challenge file ok, so I figure all the port switching is doing it’s job. Yet for some reason, the certificate never gets created.

Are there any other ports I need to open? Are there any other logs I can check? I’m at a complete loss and this is getting anoying as I need the cert to be able to connect to my mailserver from my iPhone etc!

Any thoughts?

Hi,

You might need to contact poste.io support since I’m not sure what ACME client the server is running, and how they integrate the client into the server (software).

Thank you

Thanks, I was afraid you were going to say that Unfortunately, just about every Google search leads here.

Would you be able to verify (independandly) that the acme challenge is at least working correctly?

Thanks!

Yes, i could confirm that the file is correctly placed on the server.

image965×208 8.27 KB

However, I'm really not sure how the script stopped after placing the file.

Thank you - at least I know I’m not crazy!

Poste seem somewhat inefficient in providing support for their free offering

It looks like I may have to configure manually for the time being. I’m prompted for three files to upload. “Private”, “Intermediate” and “Public”. If I use your standard client, are these the three files I should recieve?

If you use the standard client (or the suggested client, since there's no standard client), you would receive 3/4 files, fullchain.pem + privkey.pem + chain.pem + cert.pem, privkey.pem is the private key, chain is the intermediate cert, cert is the certificate file.

Thank you

Awesome! Thank you, not only for the excellent support, but for the speed of response!

If I’m going manual anyway, I guess I may as well get a wildcard cert and then I only have one to mess around with.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.