search

auto-ssl / lua-resty-auto-ssl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
MIT License
1.94k stars 182 forks source link

Connection to Redis server fails with "could not be resolved (2: Server failure)" #227

Open jordanade opened 4 years ago

jordanade commented 4 years ago 
2020/05/06 02:54:06 [error] 22#22: *2418323 [lua] ssl_certificate.lua:134: get_cert_der(): auto-ssl: error fetching certificate from storage for <domain>: <redis-server> could not be resolved (2: Server failure), context: ssl_certificate_by_lua*, client: <client-ip>, server: 0.0.0.0:443
2020/05/06 02:54:06 [error] 22#22: *2418323 [lua] ssl_certificate.lua:77: issue_cert(): auto-ssl: failed to obtain lock: <redis-server> could not be resolved (2: Server failure), context: ssl_certificate_by_lua*, client: <client-ip>, server: 0.0.0.0:443
2020/05/06 02:54:06 [error] 22#22: *2418323 [lua] ssl_certificate.lua:291: auto-ssl: could not get certificate for <domain> - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: <client-ip>, server: 0.0.0.0:443

And occasionally: 2020/05/06 02:51:01 [error] 22#22: unexpected response for <redis-server>

This is running on the "openresty:alpine-fat" docker image. The <redis-server> is an AWS ElastiCache cluster, specified using a domain, not IP address.

I wonder if it's an issue with the Nginx resolver. The problem remained after a restart. The Redis server was otherwise connectable. Research on the issue was inconclusive. The interesting thing is that it worked fine for more than a year and then started failing with seemingly no changes made.

mikeshultz commented 3 years ago

Yeah, might want to check that the nginx resolver is set. See the example config in the README:

https://github.com/auto-ssl/lua-resty-auto-ssl#installation