Hi!
I want to create SSL certs for domains / subdomains that can only be accessed after a reverse proxy.
There’s no single web server but multiple servers offering different web services. Having only 1 public IP the requests are directed to the relevant server by the reverse proxy server.
This reverse proxy has SSL termination enabled + any http request will be redirected to https.
I’ve installed certbot on a Proxmox VE server and started cert creation with option “standalone”. However the verification failed; here’s the log output:
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel): biszumbitterenen.de
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for biszumbitterenen.de
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. biszumbitterenen.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://biszumbitterenen.de/.well-known/acme-challenge/-d4Pf49aKv9B-U0hKzrri05UuvE6o2Cwd9zpQwfsAp8 [78.94.230.158]: 503
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: biszumbitterenen.de
Type: unauthorized
Detail: Invalid response from
http://biszumbitterenen.de/.well-known/acme-challenge/-d4Pf49aKv9B-U0hKzrri05UuvE6o2Cwd9zpQwfsAp8
[78.94.230.158]: 503To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
What is the recommended procedure for cert creation considering this setup (reverse proxy + Proxmox VE)?
My domain is:
biszumbitterenen.de
I ran this command:
certbot certonly
It produced this output:
Failed authorization procedure. biszumbitterenen.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authori
zation :: Invalid response from http://biszumbitterenen.de/.well-known/acme-challenge/JKAs47KiNtF8Ah0kahoJ2kTAszj-Wi6TB_zB7bPp2Qc
[78.94.230.158]: 503
My web server is (include version):
n/a
The operating system my web server runs on is (include version):
Debian 9.4
My hosting provider, if applicable, is:
Unitymedia
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
n/a