search

home-assistant / addons

:heavy_plus_sign: Docker add-ons for Home Assistant
https://home-assistant.io/hassio/
Apache License 2.0
1.56k stars 1.52k forks source link

Let's Encrypt: HTTP challenge is using HTTPS not HTTP #3753

Closed fanningert closed 2 months ago

fanningert commented 2 months ago

Describe the issue you are experiencing

I am trying to use the addon "Let's Encrypt" with http challenge. But cerbot is using port 443 (https) and not 80 (http).

Config

domains:
  - [domain]
email: [email]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: http
dns: {}

Logs

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: grazhome.fanninger.at
  Type:   unauthorized
  Detail: 178.xxx.xxx.xxx: Invalid response from https://[domain]/.well-known/acme-challenge/[random characters]: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.1.4

Steps to reproduce the issue

  1. domains: *.domain.com
  2. email
  3. challenge http
  4. save
  5. start addon

System Health information

System Information

version core-2024.9.0
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.12.4
os_name Linux
os_version 6.6.31-haos-raspi
arch aarch64
timezone Europe/Vienna
config_dir /config
Home Assistant Community Store GitHub API | ok -- | -- GitHub Content | ok GitHub Web | ok HACS Data | ok GitHub API Calls Remaining | 4999 Installed Version | 2.0.1 Stage | running Available Repositories | 1474 Downloaded Repositories | 52
AccuWeather can_reach_server | ok -- | -- remaining_requests | 30
Home Assistant Cloud logged_in | false -- | -- can_reach_cert_server | ok can_reach_cloud_auth | ok can_reach_cloud | ok
Home Assistant Supervisor host_os | Home Assistant OS 13.1 -- | -- update_channel | stable supervisor_version | supervisor-2024.08.0 agent_version | 1.6.0 docker_version | 26.1.4 disk_total | 916.2 GB disk_used | 15.8 GB healthy | true supported | true host_connectivity | true supervisor_connectivity | true ntp_synchronized | true virtualization | board | rpi5-64 supervisor_api | ok version_api | ok installed_addons | MariaDB (2.7.1), Studio Code Server (5.15.0), Mosquitto broker (6.4.1), Samba Backup (5.2.0), File editor (5.8.0), Terminal & SSH (9.14.0), ecowitt2mqtt (2024.06.2), ESPHome (2024.8.3), Frigate Proxy (1.5), SQLite Web (4.2.0), Matter Server (6.4.2), OpenThread Border Router (2.10.0), Advanced SSH & Web Terminal (18.0.0), Nginx Proxy Manager (1.0.1), Let's Encrypt (5.1.4)
Dashboards dashboards | 3 -- | -- resources | 38 views | 11 mode | storage
Recorder oldest_recorder_run | 29. August 2024 um 18:00 -- | -- current_recorder_run | 5. September 2024 um 21:20 estimated_db_size | 1873.55 MiB database_engine | sqlite database_version | 3.45.3

Anything in the Supervisor logs that might be useful for us?

No response

Anything in the add-on logs that might be useful for us?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[07:42:03] INFO: Selected http verification
[07:42:03] INFO: Detecting existing certificate type for grazhome.fanninger.at
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[07:42:04] INFO: No certificate found - using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for grazhome.fanninger.at

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: grazhome.fanninger.at
  Type:   unauthorized
  Detail: 178.xxx.xxx.xxx: Invalid response from https://[domain]/.well-known/acme-challenge/[random characters]: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Additional information

No response

fanningert commented 2 months ago

My error. I made a mistake with the port forwarding.