Need SSL For A Subdomain Container

I think it should be perfectly valid to install an SSL cert in an LXD container, but the command:
certbot certonly is failing with:

root@broadcast:~/RTCMultiConnection# certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): bcast.streamingworld.us
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bcast.streamingworld.us
Waiting for verification…
Challenge failed for domain bcast.streamingworld.us
http-01 challenge for bcast.streamingworld.us
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: bcast.streamingworld.us
  Type: unauthorized
  Detail: Invalid response from
  http://bcast.streamingworld.us/.well-known/acme-challenge/7WGBX04IKki9RIzUNAPx_patC2KDMYhsJmJ_kN_Q26s
  [23.239.31.177]: 503

I have port 80 forwarding on my host to the container port 80.

Is this valid? If not, how do I get an SSL cert in the container?

PS: Becasue I am using multiple containers, I have HAproxy in front of them, the bcast is in the haproxy config and routes to the bcast container.

Thanks,

Ray

This is your problem--whatever's responding to that query is giving a 503 error, rather than the required challenge token. There's nothing inherent to a container that should change anything about cert issuance.

Just to clarify:

• I am trying to run certbot from inside the container.
• I can ping yahoo.com from inside the container.
• I have haproxy container between the host and the containers. I was successful in installing a cert in the HAproxy container but it was a while ago and can’t remember how I did it?
• I have port 80 on the host forwarded to the HAproxy. HAproxy is configured to redirect via acl to the container based on the subdomain (bcast in this case).

Do you see anything wrong with this configuration?

Thanks,

Ray

Hi @rayj00

a http status 503 doesn’t look like a connection problem.

The server answers with a http status code (like 401, 403, 200), but the server is unable to answer.

So it doesn’t look like a connection problem. Instead, it’s a wrong server configuration you have to fix.

Sample: Wrong code with a division / 0 without a correct error handling -> server is helpless, throws a 503.

I appreciate your response.

Since I am running Ubuntu 20.04, could that be the problem?

Ray

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.