search

EngineerBetter / concourse-up

Deprecated - used Control Tower instead
https://github.com/EngineerBetter/control-tower
Apache License 2.0
203 stars 29 forks source link

Let's Encrypt: "failed to determine hosted zone ID" #86

Closed bkonkle closed 5 years ago

bkonkle commented 5 years ago

I'm deploying with concourse-up like this:

concourse-up deploy \
  --region us-west-2 \
  --domain concourse-ci.communityfunded.io \
  --workers 2 \
  --worker-type medium \
  --add-tag ProvisionedBy=concourse-up \
  --add-tag Name=Concourse-CI \
  v2

I have a hosted zone in AWS for communityfunded.io. When I try to spin up a whole new deployment, I get this:

GENERATING BOSH DIRECTOR CERTIFICATE (35.160.135.120, 10.0.0.6)
2019/02/05 10:30:36 [INFO] acme: Registering account for nobody@madeupemailaddress.com
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] acme: Obtaining bundled SAN certificate
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/{token}
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] acme: Could not find solver for: tls-alpn-01
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] acme: Could not find solver for: http-01
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] acme: use dns-01 solver
2019/02/05 10:30:37 [INFO] [concourse-ci.communityfunded.io] acme: Preparing to solve DNS-01
2019/02/05 10:30:38 [INFO] [concourse-ci.communityfunded.io] acme: Cleaning DNS-01 challenge
2019/02/05 10:30:39 [WARN] [concourse-ci.communityfunded.io] acme: error cleaning up: failed to determine Route 53 hosted zone ID: zone communityfunded.io. not found for domain _acme-challenge.concourse-ci.communityfunded.io.
acme: Error -> One or more domains had a problem:
[concourse-ci.communityfunded.io] [concourse-ci.communityfunded.io] acme: error presenting token: route53: failed to determine hosted zone ID: zone communityfunded.io. not found for domain _acme-challenge.concourse-ci.communityfunded.io.

I also tried adding a hosted zone for concourse-ci.communityfunded.io, but got the same result.

I'm using v0.19.0, and I also tried reverting to the previous version with the same result.

Any ideas?

bkonkle commented 5 years ago

In the meantime, I'll try without a --domain flag and see if I can successfully ALIAS the result.

bkonkle commented 5 years ago

This one's on me. I was trying to use a domain that we don't actually control in Route53 - we're just shadowing an existing domain. No wonder lego wasn't able to find the record!