Hi all,
I'm developing an ACMEv2 client app and having some trouble getting the HTTP challenges to work when pebble is configured to do dns resolution via pebble-challtestsrv (the DNS records just need to point to my service which is answering the HTTP challenge). I've gotten it all working if I link my service to the pebble container in my docker-compose file and use the default resolver. But I can't seem to figure out how to get it to work with pebble-chaltestsrv, which I need for more complete testing.
Here's my docker-compose config:
custom-domain:
image: internal_repo/custom-domain:latest
ports:
- 80:80
dns-server:
image: letsencrypt/pebble-challtestsrv:latest
command: pebble-challtestsrv
ports:
- 8053:8053
- 8055:8055
pebble:
image: letsencrypt/pebble:latest
command: pebble -config /test/pebble-config.json -dnsserver dns-server:8053
links:
- dns-server
- custom-domain
ports:
- 14000:14000 # ACME port
- 15000:15000 # Management port
environment:
- PEBBLE_VA_NOSLEEP=1
volumes:
- ./platform/files/pebble-config.json:/test/pebble-config.json
- ./platform/certs/cert.pem:/platform/certs/cert.pem
- ./platform/certs/key.pem:/platform/certs/key.pem
httpPort is set to 80 in the pebble config and I've added the default ipv4, and created A record and CNAME records via the management port (logs are showing the correct ip address).
Here are the relevant logs for both pebble and pebble-challtestsrv services:
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Creating HTTP-01 challenge server on :5002
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Creating HTTPS HTTP-01 challenge server on :5003
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Creating TCP and UDP DNS-01 challenge server on :8053
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Creating TLS-ALPN-01 challenge server on :5001
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Answering A queries with 127.0.0.1 by default
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Answering AAAA queries with ::1 by default
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Starting management server on :8055
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:40 Starting challenge servers
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:44 Set default IPv4 address for DNS A queries to "172.17.0.7"
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:44 Added response for DNS A queries to "local.io" : 172.17.0.7
dns-server_1 | pebble-challtestsrv - 2020/10/12 20:08:44 Added response for DNS CNAME queries to "custom-domain.local.io" targeting "local.io"
pebble_1 | Pebble 2020/10/12 20:09:09 Attempting to validate w/ HTTP: http://custom-domain.local.io:80/.well-known/acme-challenge/PhjgNZwmUa1DCMG855AWhMMMLpiq161N6JgJIvbUlNw
pebble_1 | Pebble 2020/10/12 20:09:10 POST /my-order/ -> calling handler()
pebble_1 | Pebble 2020/10/12 20:09:11 authz Xg4K9EWjF-Za2Aapjc88a0n8FQtPRjJXSKyc0e4hQ_Q set INVALID by completed challenge DTHoBTQsu3tsEEEHbye5DJb8uJlmd7eGq_rKio7-GGQ
Any advice here would be greatly appreciated.