letsencrypt configuration non port 80 is not working

[awb99]

The below snipped works for port 80 for letsencrypt challlenges, but fails to work for port 180 for example.

const Redbird = require('redbird');

const redbird = new Redbird( {
  port: 180,
  letsencrypt: {
    path: "certs", 
    port: 3231 // the path for the minimalist challenge server
  },
  ssl: {
    port: 1443,
    http2: false
  },
});

const ssl = {
  ssl: {
      letsencrypt: {
         email: 'admin@guestmate.org',
         production: false // WARNING: Only use this flag when the proxy is verified to work correctly to avoid being banned!
      }
  }
};
redbird.register("workflow.guestmate.org", "http://localhost:8081", ssl);

{"name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Getting Lets Encrypt certificates for workflow.guestmate.org","time":"2018-07-10T10:32:16.280Z","v":0}
le.challenges[http-01].loopback should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge 'http-01' will succeed
le.challenges[tls-sni-01].loopback should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and should prove (by external means) that the ACME server challenge 'tls-sni-01' will succeed
{"0":false,"1":"created middleware","name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:16.671Z","v":0}
{"name":"redbird","hostname":"Zity1","pid":14374,"level":30,"from":{"protocol":"http:","slashes":true,"auth":null,"host":"workflow.guestmate.org","port":null,"hostname":"workflow.guestmate.org","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://workflow.guestmate.org/"},"to":{"protocol":"http:","slashes":true,"auth":null,"host":"127.0.0.1:3081","port":"3081","hostname":"127.0.0.1","hash":null,"search":null,"query":null,"pathname":"/","path":"/","href":"http://127.0.0.1:3081/","sslRedirect":true,"useTargetHostHeader":false},"msg":"Registered a new route","time":"2018-07-10T10:32:16.687Z","v":0}
{"1":"checkAsync failed to find certificates","name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:16.730Z","v":0}
{"name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Manually registering certificate for workflow.guestmate.org","time":"2018-07-10T10:32:16.731Z","v":0}
{"0":false,"1":"checkAsync failed to find certificates","name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:16.736Z","v":0}
deprecation notice: new signature for signJws(keypair, header, protect, payload)
deprecation notice: new signature for signJws(keypair, header, protect, payload)
{"0":false,"1":"calling le.acme.getCertificateAsync","2":["workflow.guestmate.org"],"name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:17.955Z","v":0}
deprecation notice: new signature for signJws(keypair, header, protect, payload)
{"0":false,"1":"setChallenge called for 'workflow.guestmate.org'","name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:18.336Z","v":0}
deprecation notice: new signature for signJws(keypair, header, protect, payload)
{"0":false,"1":"removeChallenge called for 'workflow.guestmate.org'","name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Lets encrypt debugger","time":"2018-07-10T10:32:19.718Z","v":0}
{"name":"redbird","hostname":"Zity1","pid":14374,"level":50,"err":{"message":"The CA was unable to validate the file you provisioned. \n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626430 [invalid]\n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626431 [invalid]\n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626432 [invalid]\n   Invalid response from http://workflow.guestmate.org/.well-known/acme-challenge/mQ2BgONRNEDQuy3lgxVOwhtdQMDv6q1XPwTEaXW6_vM [104.222.96.51]: 404","name":"Error","stack":"Error: The CA was unable to validate the file you provisioned. \n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626430 [invalid]\n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626431 [invalid]\n - https://acme-staging.api.letsencrypt.org/acme/challenge/iTFvgi89yLxY6IwjeX0UCS7fxCm2l7BRYGXQMQrPmIA/146626432 [invalid]\n   Invalid response from http://workflow.guestmate.org/.well-known/acme-challenge/mQ2BgONRNEDQuy3lgxVOwhtdQMDv6q1XPwTEaXW6_vM [104.222.96.51]: 404\n    at handleErr (/home/cititrip/zitytripDomainrouter/node_modules/le-acme-core/lib/get-certificate.js:351:17)\n    at ensureValidation (/home/cititrip/zitytripDomainrouter/node_modules/le-acme-core/lib/get-certificate.js:226:16)\n    at Request._callback (/home/cititrip/zitytripDomainrouter/node_modules/le-acme-core/lib/get-certificate.js:208:13)\n    at Request.self.callback (/home/cititrip/zitytripDomainrouter/node_modules/request/request.js:186:22)\n    at emitTwo (events.js:126:13)\n    at Request.emit (events.js:214:7)\n    at Request.<anonymous> (/home/cititrip/zitytripDomainrouter/node_modules/request/request.js:1163:10)\n    at emitOne (events.js:116:13)\n    at Request.emit (events.js:211:7)\n    at IncomingMessage.<anonymous> (/home/cititrip/zitytripDomainrouter/node_modules/request/request.js:1085:12)\n    at Object.onceWrapper (events.js:313:30)\n    at emitNone (events.js:111:20)\n    at IncomingMessage.emit (events.js:208:7)\n    at endReadableNT (_stream_readable.js:1064:12)\n    at _combinedTickCallback (internal/process/next_tick.js:138:11)\n    at process._tickCallback (internal/process/next_tick.js:180:9)"},"msg":"Error registering LetsEncrypt certificates","time":"2018-07-10T10:32:19.722Z","v":0}
{"name":"redbird","hostname":"Zity1","pid":14374,"level":30,"msg":"Could not get any certs for workflow.guestmate.org","time":"2018-07-10T10:32:19.724Z","v":0}

[DayBr3ak]

Let's encrypt only work on port 80 so that's a given.

[neilyoung]

In fact it does not even work there...

[neilyoung]

Trying to set it up like so:

var proxy = require('redbird')({
  port: 80,

  letsencrypt: {
    path: "certs",
    port: 3000
  },
  ssl: {
    port: 443
  }
});

proxy.register("www.example1.com", "http://localhost:4000", {
    ssl: {
    letsencrypt: {
      email: "myemail",
      production: false
      }
    }
})

All required ports (80, 3000) open on the machine. Result:

{"level":50,"time":1584348646276,"pid":17106,"hostname":"myhostnam","name":"redbird","code":"E_FAIL_DRY_CHALLENGE","msg":"Error registering LetsEncrypt certificates","stack":"Error: Error: Failed HTTP-01 Pre-Flight / Dry Run.\ncurl 'http://www.example1.com/.well-known/acme-challenge/test-11b20db3b14e697c64659191ab4b1d2c-0'\nExpected: 'test-11b20db3b14e697c64659191ab4b1d2c-0.vf_frPRC_B1SSKls4UADgdlSW0DwBbP92WcWfH0KOh0'\nGot: '<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL was not found on this server.</p>\n<p>Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.</p>\n</body></html>\n'\nSee https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4\n    at /Users/decades/Documents/Node/test/node_modules/acme-v2/index.js:49:10\n    at process._tickCallback (internal/process/next_tick.js:68:7)","type":"Error","v":1}
{"level":30,"time":1584348646276,"pid":17106,"hostname":"myhostname","name":"redbird","msg":"Could not get any certs for www.example1.com","v":1}

[manast]

how could it work, do you control the example.com domain?

[neilyoung]

No of course not. Maybe I didn’t understand the entire stuff and what its all about with letsencrypt. Forget about