search

SteveLTN / https-portal

A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.
MIT License
4.41k stars 295 forks source link

Failed to sign <domain>, Error creating new order #350

Open prince-juguilon-fgi opened 5 months ago

prince-juguilon-fgi commented 5 months ago

Getting these logs in EC2. For context, I'm trying to self host Outline w/ docker and got everything working besides https-portal

https-portal-1  | ========================================
https-portal-1  | HTTPS-PORTAL v1.23.1
https-portal-1  | ========================================
https-portal-1  |
https-portal-1  | [cont-init.d] 00-welcome: exited 0.
https-portal-1  | [cont-init.d] 20-setup: executing...
https-portal-1  | ----------- BEGIN DOMAIN CONFIG -------------
https-portal-1  | name: wiki.<REDACTED>.com
https-portal-1  | stage: production
https-portal-1  | upstream: http://outline:3000
https-portal-1  | upstreams: [{:address=>"outline:3000", :parameters=>nil}]
https-portal-1  | upstream_proto: http://
https-portal-1  | redirect_target_url:
https-portal-1  | basic_auth_username:
https-portal-1  | basic_auth_password:
https-portal-1  | access_restriction:
https-portal-1  | -------- --- END DOMAIN CONFIG  -------------
https-portal-1  | DH parameters appear to be ok.
https-portal-1  | -----BEGIN DH PARAMETERS-----
https-portal-1  | MIIBCAKCAQEAn6qTbzo+6AlEUvqCG4zVxpXvm9L8WM/0arPJ3aLgFBtSPNJkJOh8
https-portal-1  | flTkaICQSNx9yOT9au+i0tiNv3AfneQ3K9WdOY+NZbTi4KC5WqCWplQsSKOff5dV
https-portal-1  | SFRfVc9KWoJcm67+liFxWnZRqbGJJJT52VEEB4Nq501u6KSJsbWTjwTUUy4xZ7gf
https-portal-1  | RHbeJo9hbjdPvV0tnah56xOezBgWejiHDyQNGSn30CWjoDZ2uXmyCuY8V7qf1lax
https-portal-1  | reItg9OpajH147YTpTUEHHOpWohB7yGnXGDQePLhf0mJs1ERgra4n8DRL8KDb0P7
https-portal-1  | etU87a3UPtx0jgoA6HcxyUawid8BNOlDGwIBAg==
https-portal-1  | -----END DH PARAMETERS-----
https-portal-1  | RSA key ok
https-portal-1  | [DEBUG] Starting Nginx, daemon mode = true
https-portal-1  | [DEBUG] ensure_signed
https-portal-1  | [DEBUG] create_ongoing_domain_key rsa for wiki.<REDACTED>.com
https-portal-1  | Generating RSA private key, 2048 bit long modulus (2 primes)
https-portal-1  | ....+++++
https-portal-1  | ..+++++
https-portal-1  | e is 65537 (0x010001)
https-portal-1  | [DEBUG] create_csr for wiki.<REDACTED>.com
https-portal-1  | Signing certificates from https://acme-v02.api.letsencrypt.org/directory ...
https-portal-1  | Parsing account key...
https-portal-1  | Parsing CSR...
https-portal-1  | Found domains: wiki.<REDACTED>.com
https-portal-1  | Getting directory...
https-portal-1  | Directory found!
https-portal-1  | Registering account...
https-portal-1  | Already registered!
utline-docker-https-portal-1  | Creating new order...
https-portal-1  | Traceback (most recent call last):
https-portal-1  |   File "/bin/acme_tiny", line 198, in <module>
https-portal-1  |     main(sys.argv[1:])
https-portal-1  |   File "/bin/acme_tiny", line 194, in main
https-portal-1  |     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args
.directory_url, contact=args.contact)
https-portal-1  |   File "/bin/acme_tiny", line 121, in get_crt
https-portal-1  |     order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
https-portal-1  |   File "/bin/acme_tiny", line 60, in _send_signed_request
https-portal-1  |     return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
https-portal-1  |   File "/bin/acme_tiny", line 46, in _do_request
https-portal-1  |     raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
https-portal-1  | ValueError: Error creating new order:
https-portal-1  | Url: https://acme-v02.api.letsencrypt.org/acme/new-order
https-portal-1  | Data: {"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJub25jZSI6ICJEZzE
3UzNlMVZuVV9NX3BkRGJBMHVQY3VnbG4wSVVmSFVlUVVJdmRNbUJoQVlFbFBVZlUiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUyODkzMTYzNiJ9", "payload": "eyJpZ
GVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogIndpa2kuZm9jdXNnbG9iYWxpbmMuY29tIn1dfQ", "signature": "dFjoyYAJqHNKf-d87cu7QJ6wyMuo8DhcLnkqwlpozdXboTbnuwL48Mx92iwNptH8YtnXHHO
GkOWbJnWylm33WlH8O5ptZtiLWrvSarUY51Z8yqzLjVmfPEuWOO8_RCV8okQ-1aLvfVFnIbbP7_brKKBzgoIxgCwxjNp6eHKGjf6H6vq2l7lzJk51zCARLlmzx5eUOysSNvWeifQVdYeH1rVDBDegFC9mZz8EGA7gij_2XMRq09U48WB_
ooedI6LKaRTg4S-VZJkxkZ11dI6yHogeAj5R7-PKf_fz7OJK4XfMn4B1gbDbQPRkNGDzYa5--QqFec0zyoRiWf538_XpPGK4nxg9c1SgxAWK707UKFGawgB0rLU-IEJIYvvnkyXiYRzr6CxKAKwHuzqkZBMEP8f11GAYTUXcpFxfizoyA
Q0PvcoYtUhjhpJvq2eYJPMrsJ-7RZuZFr5RiKm2scT_bHKep5lcJMJXKrvQMGcQMPKPipjnTXuzERGHEzYam9urz-OvneQPnGnk9fTOnGwV7J3HfOAO8fjLelFjvE6gQfEGStjxAc1OlcQdJI6_EqU5SfzKcX2qyZZsDfCKwb30RM-37v
svriGbr-nmcAdqXg-gHzTNJp0cHl9HXh19na-oxA8-lOqB58ibYEU_0llRJjFSH1Y3vQl_fW3B2QrWU7Y"}
https-portal-1  | Response Code: 429
https-portal-1  | Response: {u'status': 429, u'type': u'urn:ietf:params:acme:error:rateLimited', u'detail': u'Error creating new order :: too many failed authoriz
ations recently: see https://letsencrypt.org/docs/failed-validation-limit/'}
https-portal-1  | ================================================================================
https-portal-1  | Failed to sign wiki.<REDACTED>.com.
https-portal-1  | Make sure your DNS is configured correctly and is propagated to this host
https-portal-1  | machine. Sometimes that takes a while.
https-portal-1  | ================================================================================
https-portal-1  | Failed to obtain certs for wiki.<REDACTED>.com
https-portal-1  | [DEBUG] Fail and Shutdown
https-portal-1  | [cont-init.d] 20-setup: exited 1.
https-portal-1  | [cont-finish.d] executing container finish scripts...
https-portal-1  | [cont-finish.d] done.
https-portal-1  | [s6-finish] waiting for services.
https-portal-1  | [s6-finish] sending all processes the TERM signal.
https-portal-1  | [s6-finish] sending all processes the KILL signal and exiting.
https-portal-1 exited with code 0
https-portal-1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
https-portal-1  | [s6-init] ensuring user provided files have correct perms...exited 0.
https-portal-1  | [fix-attrs.d] applying ownership & permissions fixes...
https-portal-1  | [fix-attrs.d] done.
https-portal-1  | [cont-init.d] executing container initialization scripts...
https-portal-1  | [cont-init.d] 00-welcome: executing...
SteveLTN commented 5 months ago

In my experience most of this is because misconfiguration of DNS. Have you configured wiki.<REDACTED>.com and make sure it resolves to the IP address of your machine?