Closed nodecheck closed 5 years ago
Look https://acme-v01.api.letsencrypt.org/acme/authz/yyuBsA2i8cdTx33AnZk69brkFncK2G9cRPd02eGbsj0
It is letsencrypt which does not manage to create your certificate.
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://btcpay.nodecheck.io/.well-known/acme-challenge/rvkm3HpPk_F4ApVt8e_45MaMUH3TTycoWaaHzwF0LdY: \"\u003chtml\u003e\\n\u003chead\u003e\u003ctitle\u003e500 Internal Server Error\u003c/title\u003e\u003c/head\u003e\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\n\u003ccenter\u003e\u003ch1\u003e500 Internal Server Error\u003c/h1\u003e\u003c/\"",
"status": 403
},
Are you using something in front of your server? (like cloudfare) which would decide to block this request? Or anything between internet and your server.
There is cloudflare, but it's not blocked. Problem is HTTPS is not working on nginx, it gives 500 internal server error. Even if I try to connect to the server on HTTP, it doesn't work either. I've verified this even without cloudflare.
@nodecheck the problem is cloudfare. I need HTTP to request the certificate and cloudfare block the request.
OK, with direct access it's renewed now as it's not forced to HTTPS. Although would be nice for it also to allow generation of certs on https if possible?
@nodecheck nginx force to HTTPS once it get the certificate. The certs are renewed automatically (though I don't know what happen if there is cloudfare in front)
OK thx, I'm checking up on it now, I expect if the certificates are valid, then renewal should occur fine as they've not expired and HTTPS is accessible. Mine seemed to be in the beginning when there was no cert, and so was an error. I can try a dry run renewal and see what happens when debugging it.
How was it? does the dry run renewal works without http?
Hi, was going to wait and see, but your reply made me check now :)
Yes, it works fine, I've re-enabled cloudflare, so it's forced to HTTPS like I had before. The cert renewed. I connected to the letsencrypt proxy instance with docker exec and ran force_renew and the site is still accessible.
So if anyone happens to use cloudflare, for the initial setup to have it direct to the server, once the certs have activated, and nginx is accessible showing the btcpay website, this is the point you can then enable cloudflare. At this point, it's not necessary for the renewal to happen on standard HTTP like the initial certificate creation.
Despite having correct configuration settings, and despite restarting everything, I'm still getting 500 Internal Server Error - all HTTP connections are redirected to HTTPS.
Error from docker logs for letsencrypt instance:
I have never used example.com for configuring this, I had set all the parameters prior to setting it up, and yet it constantly fails. My parameters:
What can I do to finally get this working, and get btcpay accessible? Seems to be something with nginx making the 500 errors, so just need to get nginx working properly.