Open rgdd opened 2 weeks ago
2024/06/15 14:30:55 listening on 0.0.0.0:8443
Is port 443 somehow getting redirected to port 8443? Let's Encrypt needs to find litebastion listening on port 443 to issue it a certificate.
s/8443/443 solves this issue, thanks. Perhaps it would be better to not allow litebastion to run on any other port than 443?
From IRC/Matrix: good to allow port forwarding though. But print a warning on error seems helpful.
I'm running cmd/litebastion at v0.1.1.
My DNS setup is as follows:
I verified that these DNS records work using
nc
:The above also verifies that I should be able to listen on ports 443 and 8443.
The problem I have is that
litebastion
fails to acquire a certificate:I have the same issue if I do it without the CNAME:
I tried running the
litebastion
software on two different servers now with the same issue. I also used fresh DNS records, just in case there's a caching problem.Note: to trigger
litebastion
to acquire a certificate, you need to connect with a backend. Here's how I have my witness configured:https://git.glasklar.is/sigsum/project/documentation/-/blob/main/archive/2023-10-05-setup-prototype-witness-go.md?ref_type=heads
Just replace
-listen
with-bastion
.Maybe helpful information: I tried checking out an older version of the bastion host software that I'm pretty sure worked before. Based on the date of my [old notes][], I would have expeted git-commit c26209d5db05712c56c52cfeac3ca8d89937fb25 to work. However, I get the exact same errors as above.
Can anyone reproduce my issues? Any ideas on where things go wrong?