Configuring Custom Domain and SSL through letsencrypt

[tnakajo]

One of our customers is having the issue.

His custom domain (rsearch.co) is currently hosted with Yahoo and he added it to his org. However I cannot set it as the sole domain for his application, and he believes this may be the issue with getting my SSL through letsencrypt and the bluemix app to run the acme tests, and upload the certificate automatically. If there is anything he need to do with Yahoo please let me know - He'd love to have this resolved within the next 2 weeks as I am meeting with an important client.

He is trying to replace the rsearch.mybluemix.net with rsearch.co. He has attached the cname/a records and the output from running the letsencrypt app covered in : https://www.ibm.com/blogs/bluemix/2016/08/securing-custom-domains-lets-encrypt/ He has followed every step shown. Let us know if he needs anything more.

[tnakajo]

Region: IBM Cloud US-South (Dallas)

[tnakajo]

I, as IBM Cloud Support, discussed with our Cloud Foundry team.

The red text in the screenshot above looks something like:

http-01 challenge for rsearch.co
http-01 challenge for www.rseach.co
Using the webroot path /home/vcap/app/host for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Existing abnormally:
Traceback (most recent call last):
File "run.py", line 61, in 
cli.main(args)
File "/home/vcap/deps/0/python/lib/python3.6/site-packages/certbot/main.py", line 1250, in certonly
[.....]
certboot.errors.FailedChallenges: Failed authorization procedure. rsearch.co (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks suficient authorization :: Invalid response from http://rsearch.co/.well-known/acme-challenge/e51NbWgrGqpIdtdfCoSnxLLqz0kHO7spVtpPFyYyGj8: 400 [.....]
ERR Please see the logfiles in /home/vcap/app/logs for more details.

IBM security has an issue trying to get to these addresses that contain 'acme-challenge' although I can get a 400 response back from research.co/.well-known . lets encrypt website has details of an issue relating to its process trying to use ipv6 addresses if these are configured, but not following redirects: https://community.letsencrypt.org/t/error-getting-validation-data-status-400/50287/10 . This might not be an issue as there is something configured for ipv6 addresses for www.rsearch.co but not for research.co .

[tnakajo]

Can anyone look into the issue at your end?

[lmsurpre]

However I cannot set it as the sole domain for his application, and he believes this may be the issue with getting my SSL through letsencrypt and the bluemix app to run the acme tests, and upload the certificate automatically.

What do you mean by "I cannot set it as the sole domain for his application"? What are the routes that are configured for the app? Does the domain properly resolve?

[lmsurpre]

I did a lookup and research.co resolves to 67.195.197.75 whereas custom-domain.us-south.cf.cloud.ibm.com resolves to:

Name:   custom-domain.us-south.cf.cloud.ibm.com
Address: 169.62.254.80
Name:   custom-domain.us-south.cf.cloud.ibm.com
Address: 169.46.89.151
Name:   custom-domain.us-south.cf.cloud.ibm.com
Address: 169.47.124.23

As described in the README, establishing proper DNS entries is a prereq to running bluemix-letsencrypt.