Hey guys,
I am having some trouble getting a certificate issued due to validation failure and was hoping you could help me out…
I am trying to get this setup using a linuxserver/letsencrypt
docker container in the following manner:
docker create --name letsencrypt \
-v `pwd`:/config \
-e PUID=1871821589 -e PGID=1258410764 \
-e EMAIL=my-email@dimaj.net \
-e URL=dimaj.net \
-e SUBDOMAINS=sql,ldap,htt,oh,nr \
-e VALIDATION=dns \
-p 8080:80 -p 8443:443 \
-e TZ=America/Los_Angeles \
-e DNSPLUGIN=google \
-e ONLY_SUBDOMAINS=true \
-e STAGING=true \
linuxserver/letsencrypt
I have followed instructions found here to create a service account with specified permissions. However, when I run the container docker start letsencrypt && docker logs -f letsencrypt
, I see the following output
Created donoteditthisfile.conf
Backwards compatibility check. . .
No compatibility action needed
NOTICE: Staging is active
2048 bit DH parameters present
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d sql.dimaj.net -d ldap.dimaj.net -d htt.dimaj.net -d oh.dimaj.net -d nr.dimaj.net
E-mail address entered: my-email@dimaj.net
dns validation via google plugin is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for sql.dimaj.net
dns-01 challenge for ldap.dimaj.net
dns-01 challenge for htt.dimaj.net
dns-01 challenge for oh.dimaj.net
dns-01 challenge for nr.dimaj.net
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=sql.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Cleaning up challenges
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=sql.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Error finding zone. Skipping cleanup.
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=ldap.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Error finding zone. Skipping cleanup.
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=htt.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Error finding zone. Skipping cleanup.
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=oh.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Error finding zone. Skipping cleanup.
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=nr.dimaj.net.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=dimaj.net.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/studied-reason-196720/managedZones?alt=json&dnsName=net.
Error finding zone. Skipping cleanup.
Unable to determine managed zone for sql.dimaj.net using zone names: [u'sql.dimaj.net', u'dimaj.net', u'net'].
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/google.ini file.
Do you guys know what am I doing wrong?
Thanks for the help!