Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
https://buildly.recrm.io
I ran this command:
We are using openresty lua auto ssl docker, we hit https://buildly.recrm.
It produced this output:
Your connection is not private
Attackers might be trying to steal your information from buildly.recrm.io (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
the error log from the docker image is
2018/12/05 13:25:55 [notice] 4157#4157: *636 [lua] ssl_certificate.lua:89: issue_cert(): auto-ssl: issuing new certificate for buildly.recrm.io, context: ssl_certificate_by_lua*, client: 202.65.141.34, server: 0.0.0.0:443
{"server_name": "", "remoteAddress": "127.0.0.1", "timeLocal":"05/Dec/2018:13:25:58 +0000", "request_time":"0.002","request": "POST /deploy-challenge HTTP/1.1", "status":"200", "bytesSent":53, "referrer":"-", "host":"127.0.0.1","target":"", "scheme":"http", "http_x_forwarded_for":"-", "connection_serial_number":"647", "connection_requests":"1", "connections_waiting":"1", "uri":"/deploy-challenge", "http_user_agent":"curl/7.61.1", "args":"-", "nginx_version":"1.13.6"}
{"server_name": "", "remoteAddress": "66.133.109.36", "timeLocal":"05/Dec/2018:13:26:00 +0000", "request_time":"0.075","request": "GET /.well-known/acme-challenge/BcV_kJuut2fgTI-5PUmvhFAEJ_AVTgtyxYGBmjsbp30 HTTP/1.1", "status":"404", "bytesSent":175, "referrer":"-", "host":"buildly.recrm.io","target":"testing.build.ly", "scheme":"http", "http_x_forwarded_for":"-", "connection_serial_number":"650", "connection_requests":"1", "connections_waiting":"1", "uri":"/.well-known/acme-challenge/BcV_kJuut2fgTI-5PUmvhFAEJ_AVTgtyxYGBmjsbp30", "http_user_agent":"Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "args":"-", "nginx_version":"1.13.6"}
{"server_name": "", "remoteAddress": "127.0.0.1", "timeLocal":"05/Dec/2018:13:26:01 +0000", "request_time":"0.059","request": "POST /clean-challenge HTTP/1.1", "status":"200", "bytesSent":53, "referrer":"-", "host":"127.0.0.1","target":"", "scheme":"http", "http_x_forwarded_for":"-", "connection_serial_number":"653", "connection_requests":"1", "connections_waiting":"1", "uri":"/clean-challenge", "http_user_agent":"curl/7.61.1", "args":"-", "nginx_version":"1.13.6"}
2018/12/05 13:26:01 [error] 4157#4157: *636 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=3e9d05a3d54bdfd5802eed68bc113f0f944048b4e70f2e4b9738da8c05485e7a HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain buildly.recrm.io --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
Processing buildly.recrm.io
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for buildly.recrm.io...
Server returned error code: 3: name error
+ Responding to challenge for buildly.recrm.io...
Server returned error code: 3: name error
Invalid challenge: DOMAIN=buildly.recrm.io RESPONSE={
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://buildly.recrm.io/.well-known/acme-challenge/BcV_kJuut2fgTI-5PUmvhFAEJ_AVTgtyxYGBmjsbp30: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003e\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/FvJu_08Tafu_-7LNtrzM0sfNtyKMD3hg8ug33HXGBlg/9989234700",
"token": "BcV_kJuut2fgTI-5PUmvhFAEJ_AVTgtyxYGBmjsbp30",
"validationRecord": [
{
"url": "http://buildly.recrm.io/.well-known/acme-challenge/BcV_kJuut2fgTI-5PUmvhFAEJ_AVTgtyxYGBmjsbp30",
"hostname": "buildly.recrm.io",
"port": "80",
"addressesResolved": [
"13.232.99.128"
],
"addressUsed": "13.232.99.128"
}
]
}
err: # !! WARNING !! Extra configuration directory /etc/resty-auto-ssl/letsencrypt/conf.d exists, but no configuration found in it.
, context: ssl_certificate_by_lua*, client: 202.65.141.34, server: 0.0.0.0:443
2018/12/05 13:26:01 [error] 4157#4157: *636 [lua] ssl_certificate.lua:92: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 202.65.141.34, server: 0.0.0.0:443
2018/12/05 13:26:01 [error] 4157#4157: *636 [lua] ssl_certificate.lua:256: auto-ssl: could not get certificate for buildly.recrm.io - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 202.65.141.34, server: 0.0.0.0:443
2018/12/05 13:26:01 [info] 4157#4157: *633 client closed connection while waiting for request, client: 202.65.141.34, server: 0.0.0.0:443
My web server is (include version):
openresty/openresty:alpine-fat
The operating system my web server runs on is (include version):
ubuntu
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel)no