[SOLVED] DNS A record not accepted when using Docker


#1

Hi,

I’m running a server on digitalocean. My domain is used the default A record setting (Name: “@”, IP: IP from my server).

If I run

sudo docker run -it --rm -p 443:443 --name letsencrypt \
        -v "/etc/letsencrypt:/etc/letsencrypt" \
        -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
        quay.io/letsencrypt/letsencrypt:latest auth

on my server and enter my data, I get the following error:

Failed authorization procedure. www.example.com (dvsni): connection :: The server could 
not connect to the client for DV :: Failed to connect to host for DVSNI challenge, example.com 
(simpleHttp): unauthorized :: The client lacks sufficient authorization :: Invalid response from
http://example.com/.well-known/acme-challenge/qKshnYm1uFGtAvrnNvVdWFRXGg5mYzJbIFRNtphUsAs 
[some IP]: 500

IMPORTANT NOTES:

- The following 'connection' errors were reported by the server:

  Domains: example.com
  Error: The server could not connect to the client for DV

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain contains
  the right IP address. Additionally, please check that your computer
  has publicly routable IP address and no firewalls are preventing
  the server from communicating with the client.
- The following 'unauthorized' errors were reported by the server:

  Domains: www.example.com
  Error: The client lacks sufficient authorization

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain contains
  the right IP address.

Any ideas whats wrong?


#2

Problem solved.

Using git instead of docker.

git clone https://github.com/letsencrypt/letsencrypt

cd letsencrypt

./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth 
-d example.com -d www.example.com --authenticator webroot --webroot-path /var/www/sites/example

#3

I have been successfully using the docker method but I still need to figure out how this is supposed to work. I do not know why only port 443 is mapped in the sample command of the documentation although the acme-challenge is requested via http from http://my.example.com/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXX according to the log output.

Therefore it should work with the following docker command:

sudo docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    quay.io/letsencrypt/letsencrypt:latest auth