Closed fr33n0rm closed 2 days ago
Hello @fr33n0rm, the errors is this:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
dashboard-1 | Domain: nb2.example.com
dashboard-1 | Type: connection
dashboard-1 | Detail: During secondary validation: 35.221.174.49: Fetching http://nb2.example.com/.well-known/acme-challenge/IpkLf3E7NL8-vVivqWl9U9rS7xFhAy1ivXrUApnFA-s: Timeout during connect (likely firewall problem)
Have you checked your firewall? And is the domain pointing to the right address?
@mlsmaycon Yes i have checked the firewall and allowed all IP 0.0.0.0/0 to connect
please ignore.. i think it's the firewall.. i tried adding 0.0.0.0/0 again and it successfully created a new cert. Thanks
That's great. I will close this one.
Describe the problem
Certbot certificate creation issue. I am using Google Workspace as IdP and followed the step provided. I have run the ./configure script however im still having issue with the let's encrypt cert even though all ports are open to the internet(80,443).
To Reproduce
Steps to reproduce the behavior:
NETBIRD_DOMAIN="nb2.example.com"
NETBIRD_TURN_DOMAIN=""
NETBIRD_TURN_EXTERNAL_IP="35.221.174.49"
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://accounts.google.com/.well-known/openid-configuration" NETBIRD_AUTH_AUDIENCE="44444444-uklmene.apps.googleusercontent.com" NETBIRD_AUTH_CLIENT_ID="44444444-uklmene.apps.googleusercontent.com" NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email" NETBIRD_AUTH_CLIENT_SECRET="GOCSPAUTH_CLIENT_SECRET" NETBIRD_USE_AUTH0="false" NETBIRD_AUTH_REDIRECT_URI="/auth" NETBIRD_AUTH_SILENT_REDIRECT_URI="/silent-auth" NETBIRD_TOKEN_SOURCE="idToken" NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none" NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="" NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid" NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS="53000" NETBIRD_MGMT_IDP="google" NETBIRD_IDP_MGMT_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID NETBIRD_IDP_MGMT_CLIENT_SECRET="" NETBIRD_IDP_MGMT_EXTRA_SERVICE_ACCOUNT_KEY="b64key" NETBIRD_IDP_MGMT_EXTRA_CUSTOMER_ID="909098d9s" NETBIRD_DISABLE_LETSENCRYPT=false NETBIRD_LETSENCRYPT_EMAIL="it@example.com" NETBIRD_DISABLE_ANONYMOUS_METRICS=false NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
NETBIRD_RELAY_DOMAIN=""
NETBIRD_RELAY_PORT="" ``
Compose file ` version: "3" services:
UI dashboard
dashboard: image: netbirdio/dashboard:latest restart: unless-stopped ports:
Endpoints
OIDC
SSL
Letsencrypt
Signal
signal: image: netbirdio/signal:latest restart: unless-stopped volumes:
port and command for Let's Encrypt validation
- 443:443
command: ["--letsencrypt-domain", "nb2.example.com", "--log-file", "console"]
logging: driver: "json-file" options: max-size: "500m" max-file: "2"
Relay
relay: image: netbirdio/relay:latest restart: unless-stopped environment:
todo: change to a secure secret
Management
management: image: netbirdio/management:latest restart: unless-stopped depends_on:
command for Let's Encrypt validation without dashboard container
command: ["--letsencrypt-domain", "nb2.example.com", "--log-file", "console"]
command: [ "--port", "443", "--log-file", "console", "--log-level", "info", "--disable-anonymous-metrics=false", "--single-account-mode-domain=nb2.example.com", "--dns-domain=netbird.selfhosted" ] logging: driver: "json-file" options: max-size: "500m" max-file: "2" environment:
Coturn
coturn: image: coturn/coturn:latest restart: unless-stopped
domainname: nb2.example.com # only needed when TLS is enabled
volumes:
- ./privkey.pem:/etc/coturn/private/privkey.pem:ro
- ./cert.pem:/etc/coturn/certs/cert.pem:ro
network_mode: host command:
dashboard-1 | dashboard-1 | Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: dashboard-1 | Domain: nb2.example.com dashboard-1 | Type: connection dashboard-1 | Detail: During secondary validation: 35.221.174.49: Fetching http://nb2.example.com/.well-known/acme-challenge/IpkLf3E7NL8-vVivqWl9U9rS7xFhAy1ivXrUApnFA-s: Timeout during connect (likely firewall problem) dashboard-1 | dashboard-1 | Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. dashboard-1 | dashboard-1 | Some challenges have failed. dashboard-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Expected behavior
Create a letsencrypt certificate and will automatically renew using http-01 challenge
Are you using NetBird Cloud?
Please specify whether you use NetBird Cloud or self-host NetBird's control plane.
NetBird version
0.30