Seafile letsencrypt docker

i get this error when trying to generate a certificate
Ubuntu 17.04
as sudo

raceback (most recent call last):
File “/shared/ssl/letsencrypt/acme_tiny.py”, line 198, in
main(sys.argv[1:])
File “/shared/ssl/letsencrypt/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File “/shared/ssl/letsencrypt/acme_tiny.py”, line 123, in get_crt
wellknown_path, wellknown_url))
ValueError: Wrote file to /var/www/challenges/I8TFi8n-xvG9I8LoQ0GHuh39td-nCY41BULJgnGhbRs, but couldn’t download http://subdomain.domain.dk/.well-known/acme-challenge/I8TFi8n-xvG9I8LoQ0GHuh39td-nCY41BULJgnGhbRs
Traceback (most recent call last):
File “/scripts/bootstrap.py”, line 196, in
main()
File “/scripts/bootstrap.py”, line 185, in main
init_letsencrypt()
File “/scripts/bootstrap.py”, line 67, in init_letsencrypt
call(’/scripts/ssl.sh {0} {1}’.format(ssl_dir, domain))
File “/scripts/utils/init.py”, line 68, in call
return subprocess.check_call(*a, **kw)
File “/usr/lib/python2.7/subprocess.py”, line 541, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ‘/scripts/ssl.sh /shared/ssl subdomain.domain.dk’ returned non-zero exit status 1

Please share the correct domain name.

is that really necessary ? i dont want to publish it in a online forum if not absolutely needed.

domain is registered with a a-record
nslookup reveals the wan ip of my firewall so DNS is working.

what is the requirements for requesting a certificate ? firewall port 80 and port 443 points to a server that points to a docker container that has 80:80 and 443:443 routing.

do need to open other ports

and what thoes this mean
ValueError: Wrote file to /var/www/challenges/I8TFi8n-xvG9I8LoQ0GHuh39td-nCY41BULJgnGhbRs, but couldn’t download http://subdomain.domain.dk/.well-known/acme-challenge/I8TFi8n-xvG9I8LoQ0GHuh39td-nCY41BULJgnGhbRs

The acme-tiny client is trying to validate that the change it made to your site (creating a file that would be served via HTTP) is really visible from the Internet, by trying to download it for itself. This failed (maybe because the container didn’t have enough Internet access?) so acme-tiny concluded that something was broken because it thought that the certificate authority wouldn’t succeed in downloading this file either.

Alternatively, it could have failed for a legitimate reason such as a server misconfiguration (that is, the URL in question might not really work from the public Internet for some reason).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.