search

ibmjstart / bluemix-letsencrypt

Let's Encrypt wrapper for Cloud Foundry apps on IBM Bluemix
MIT License
36 stars 15 forks source link

Account credentials #4

Closed seejamescode closed 8 years ago

seejamescode commented 8 years ago

~scrubbed~

lmsurpre commented 8 years ago

I think the key output is this:

2016-11-14T13:22:56.26-0600 [App/0]      OUT    http://seejamescode.com/.well-known/acme-challenge/JJ3ljzNr8C5D7y2sMlhb_EFimLRLjh0j1oHzmVEz3wM:
2016-11-14T13:22:56.26-0600 [App/0]      OUT    "<!DOCTYPE html>
2016-11-14T13:22:56.26-0600 [App/0]      OUT    <html lang="en-US" style='height: 100%'>
2016-11-14T13:22:56.26-0600 [App/0]      OUT      <head>
2016-11-14T13:22:56.26-0600 [App/0]      OUT        <meta charset="UTF-8">
2016-11-14T13:22:56.26-0600 [App/0]      OUT        <meta name="viewport" content="
2016-11-14T13:22:56.26-0600 [App/0]      OUT    To fix these errors, please make sure that your domain name was
2016-11-14T13:22:56.26-0600 [App/0]      OUT    entered correctly and the DNS A record(s) for that domain
2016-11-14T13:22:56.26-0600 [App/0]      OUT    contain(s) the right IP address.

bluemix-letsencrypt will only obtain certificates for domains that are configured to point at Bluemix (via DNS). Check out the diagram at https://www.ibm.com/blogs/bluemix/2016/08/securing-custom-domains-lets-encrypt/ for more info. Please update your domains.yml so that you're only including domains and hosts that have properly configured DNS. In your case, it probably mean removing the '.' host (and possibly adding one for 'www').

seejamescode commented 8 years ago

~scrubbed~

lmsurpre commented 8 years ago

Looks like your getting the certs now...that's progress. However, I think your DNS is still pointing to the wrong IP. Check out https://console.ng.bluemix.net/docs/manageapps/secapps.html#ssl_certificate for the proper instructions. They recommend you to configure a CNAME record that points at 'secure.us-south.bluemix.net' which resolves to 75.126.81.68. www.seejamescode.com currently resolves to 75.126.81.66 which is the IP used for mybluemix.net and *.mybluemix.net in the US South region. Please update your DNS records and try again. BTW, when the upload fails, the script is supposed to download your certs to the local directory and tell you how to upload them. So, you can either run the script again after fixing the DNS, or if you already have the cert(s) in a local directory then you can just run the following command from your terminal/command line: bx security cert-add ibmjstart.biz -k privkey.pem -c cert.pem -i chain.pem

seejamescode commented 7 years ago

Switching my A Alias to a CNAME was it. Thank you!