search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
34.47k stars 1.87k forks source link

[Bug]: DNS-Setting invalid #679

Closed degoya closed 1 year ago

degoya commented 2 years ago

Is there an existing issue for this?

Description

when i try to set the FQDN i think i have a problem with letsencrypt, the DNS is pointing to the server but i only get a selfsigned cert when i turn off the DNS check in the settings.

grafik

the request causes a 500 error

grafik

are there any special DNS settings that need to be done? in my case for a subdomain?

is there a way to have logs to see what happens with the LE cert?

Steps To Reproduce

freshly installed coolify on hetzner cloud. when i have installed the 3.10.15 version and set up the FQDN and save with DNS-Check and SSL-Cert on. used

wget -q https://get.coollabs.io/coolify/install.sh -O install.sh; sudo bash ./install.sh

Version

3.10.15

vasani-arpit commented 2 years ago

Did you added the A record pointing to this IP in your provider (CloudFlare/goDaddy/Namecheap) ?

degoya commented 2 years ago

@vasani-arpit yes, it's setup normaly. like i've setup all the other Domains in the DNS with the DNS A-Record pointing to the coolify Server. btw. i've setup a service with a subdomain, with this service the LE Cert is working but not with the mail Coolify FQDN, but i need this to get it connected to my gitlab server.

vasani-arpit commented 2 years ago

I don't have a much experience with custom Certs. @andrasbacsai Can you take a look?

degoya commented 2 years ago

@vasani-arpit yes, it's setup normaly. like i've setup all the other Domains in the DNS with the DNS A-Record pointing to the coolify Server. btw. i've setup a service with a subdomain, with this service the LE Cert is working but not with the mail Coolify FQDN, but i need this to get it connected to my gitlab server.

Stargate-project commented 2 years ago

I can confirm that this is a problem that I also have, lets encrypt does not work on fqdn domain, my subdomain DNS is pointing to my server IP address with the A record

degoya commented 2 years ago

any solution for this problem? i'd like to use coolify but i'm not able to get the Domain with LE Cert.

andrasbacsai commented 2 years ago

I'm trying to reproduce it, but on a newly installed server + a new top-level domain, it works.

To check the logs of LE, you can check coolify-proxy container with docker logs -n 100 -f coolify-proxy command and see what's going on.

degoya commented 2 years ago

@andrasbacsai i've executed the command on the coolify host and got the following result

time="2022-10-27T15:13:15Z" level=error msg="Unable to obtain ACME certificate for domains \"coolify.xxxxxxx.de,www.coolify.xxxxxxx.de\": unable to generate a
certificate for the domains [coolify.xxxxxxx.de www.coolify.xxxxxxx.de]: error: one or more domains had a problem:\n[www.coolify.xxxxxxx.de] acme: error: 400
:: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.coolify.xxxxxxx.de - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.coolify.xxxxxxx.de - check that a DNS record exists for this domain\n" rule="(Host(`coolify.xxxxxxx.de`) || Host(`www.coolify.xxxxxxx.de`)) && PathPrefix(`/`)" providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=coolify-secure@http
time="2022-10-27T15:13:17Z" level=error msg="Provider connection error cannot fetch configuration data: Get \"http://coolify:3000/webhooks/traefik/main.json\": dial tcp: lookup coolify on 127.0.0.11:53: no such host, retrying in 634.469623ms" providerName=http
time="2022-10-27T15:13:23Z" level=error msg="Provider connection error cannot fetch configuration data: Get \"http://coolify:3000/webhooks/traefik/main.json\": dial tcp 172.16.0.3:3000: connect: connection refused, retrying in 1.034253849s" providerName=http
time="2022-10-27T15:13:29Z" level=error msg="Provider connection error cannot fetch configuration data: Get \"http://coolify:3000/webhooks/traefik/main.json\": dial tcp 172.16.0.3:3000: connect: connection refused, retrying in 809.323285ms" providerName=http
time="2022-11-02T21:31:38Z" level=error msg="Error while Peeking first byte: read tcp 000.16.16.2:80->000.85.94.217:1425: read: connection timed out"
andrasbacsai commented 2 years ago

It looks like the www.coolify.xxxxxx.de is not set in DNS. Could you please double check?

degoya commented 2 years ago

@andrasbacsai ok, i've added the www. to the DNS, now i don't get an Error when adding the Domain but when i try to open the domain via https://coolify.xxxx.de:3000 i get an Error in the Browser SSL_ERROR_RX_RECORD_TOO_LONG

degoya commented 1 year ago

any solution for this problem? i'd like to use coolify but i'm not able to get the Domain with LE Cert.

calvinlang commented 1 year ago

I'm having a similar issue with a fresh install

Screen Shot 2022-12-03 at 12 10 33 PM
Morpheus0x commented 1 year ago

I had the exact same issue, and I think that this isn't a bug with coolify at all.

My suspected reason for these errors is, that the Let's Encrypt server has a "slow" DNS server. If you create a new record, it might work instantly for you because you are using a good DNS server locally. But the Let's Encrypt API seems to use a DNS server with heavy caching and therefore doesn't pickup the new A records instantly.

I would recommend to everyone to wait a couple of hours until the A records have fully propagated to all DNS Servers before adding the domain to coolify.