Unable to obtain ACME certificate for domains, acme: error: 403

My domain is: memories.a2zsoftware.net

I ran this command: Running Traefik on a docker container, alongside Photoprism, a self hosted Photo Software

It produced this output:

traefik | time="2024-01-12T16:56:08Z" level=error msg="Unable to obtain ACME certificate for domains "memories.a2zsoftware.net": unable to generate a certificate for the domains [memories.a2zsoftware.net]: error: one or more domains had a problem:\n[memories.a2zsoftware.net] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: [redacted]: Invalid response from http://memories.a2zsoftware.net/.well-known/acme-challenge/Th3XmMkN51Wi4uWLwdNKlsy7N6rxAqCAGeOcArubIGo: 404\n" routerName=photoprism@docker rule="Host(memories.a2zsoftware.net)" providerName=myresolver.acme

My web server is (include version): Photoprism

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: umm. I have a domain purchased through namecheap, whose DNS's I have set to Netlify, whose DNS records for host: memories are set to my public IP of my own computer I am trying to use as a server.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): nope

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): traefik v2.5

Sorry if this is a dumb question, I'm new to certificates and website hosting and the sorts. I just want to get an actual SSL certificate so I don't get that stupid warning because of the self signed one.

I may know less about Traefik than you

But, what ACME Challenge did you select? Just reading the Traefik docs it supports TLS-ALPN directly. But, their docs about the HTTP Challenge say to a specific configuration endpoint must be reachable on port 80.

Can you explain more what you did? That said, this may be a better question for a Traefik forum but someone here may help too.

Also, are you planning on Traefik handling HTTPS and proxy back to Photoprism on HTTP? That is what photoprism recommends but thought I'd ask anyway. If so the TLS-ALPN challenge is probably the best choice.

I was using the HTTP Challenge, maybe I should have looked into TLS-ALPN before, huh.

I basically followed step for step the instructions here: Traefik - PhotoPrism

I would prefer that Traefik took care of HTTPS Stuff, yeah. Thanks for the help! I will probably reach out to Traefik support for more help with that.

You might try Photoprism support. They wrote the instructions.

The HTTP Challenge requires your domain to reply properly on port 80. But, I now get the below failure. Which is different than what you had earlier (404).

This is a general comms config issue between all your pieces. Those providers are probably the best sources for help at this stage.

curl -i http://memories.a2zsoftware.net/
HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.

The above looks like you are sending port 80 to port 443

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.