Where do even begin to debug my problem

I've been trying to expose an app (miniflux) in OMV docker with nginx with cloudflare for weeks now and had zero luck getting it working. nginx just faults out with the notice "internal error". I have the logs from /var/log/letsencrypt/letsencrypt.log but it has keys and ip's littered through it. What am I looking for to fix this
My domain is: miniflux.atlasstorm.cloud

I ran this command:?

It produced this output:?

My web server is (include version):cloudflare

The operating system my web server runs on is (include version):OMV

My hosting provider, if applicable, is:porkbun

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @MaoriPanda, and welcome to the LE community forum :slight_smile:

Please help us to help you.
Without answers to those questions, we are left to our imaginations.
[and, frankly, some of us just aren't that imaginative - LOL]

I have never seen any private information within the LE logs, so it is safe to post them here.

I can say that the FQDN you mention doesn't return an A, nor AAAA, record.
So, I suspect that you may be trying to get a certificate via DNS authentication.
But you also mention nginx and that leans me towards HTTP authentication.
Here I am left to my feeble imagination.
And... I imagine that you aren't trying to do both.

Providing the full nginx fault information may also be helpful.

I see that you are using Cloudflare CDN for the base domain.
And, also, Cloudflare DNS for authoritative servers.
That is something others should be made aware of.

You also mention docker.
That presents its' own set of challenges.
You should be informed that in order to obtain a certificate, via HTTP authentication, you must have a working HTTP path to your system/ACME client.

You have posted on an LE forum, so I'm pretty certain you are trying to obtain an LE cert.
But you don't specifically mention which ACME client you are using.
You did mention the LE log file, which leads me to believe you are using certbot.
But you haven't exactly made that clear.
You didn't say where the commands were run.
I imagine they were tried within the docker container.
You didn't show any of the commands that you have tried, nor their failures; Which can be helpful to us.
Not even the version of certbot in use was provided.

It may seem like these things might not matter much.
But they do; And they add up quickly.

The only way to get truly informed replies, is to provide enough information so that others may do so.

I imagine that together we can resolve your problem(s) and get your app secured.

4 Likes

@MaoriPanda As @rg305 noted, you are using Cloudflare. It also looks like you have made some changes since Rudy saw it.

You might find it simpler to use the Cloudflare Origin CA certificate. This provides HTTPS between your origin server and the Cloudflare Edge. This avoids needing to install and run an ACME client on your origin server (like certbot). It is all setup in Cloudflare.

The Cloudflare CDN manages its own certs for HTTPS connections between its Edge and clients (like browsers). If you have not yet, see this Cloudflare doc section for instructions on setting up the CDN

Right now I see you have the CF Edge redirecting all HTTP requests to HTTPS. When Cloudflare Edge tries to reach your Origin server it gets a timeout so responds to the client with an http code 522. I think you can resolve all of this by carefully following the instructions in the Cloudflare links I provided here.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.