search

nginx-proxy / acme-companion

Automated ACME SSL certificate generation for nginx-proxy
MIT License
7.42k stars 825 forks source link

acme-challenge working on one sub domain but failing on second with 400. #1135

Closed prairietree closed 4 months ago

prairietree commented 4 months ago

companionLog.txt

I am using image nginxproxy/acme-companion. I updated to the latest yesterday or the day before. I had not notice an issue before but did not test for it. I did a bit of reading around through issues here and other places but found no solution.

I have NextCloud in one docker image with a domain like nextcloud.mydomain.com and I have collabora in anther with a domain like office.mydomian.com. I noticed collabora was not working.

When I go to https://office.mydomain.com/hosting/discovery I get "office.mydomain.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT". If I continue on to the page I get "500 Internal Server Error", but http://office.mydomain.com/hosting/discovery works fine.

Looking the logs for the docker container I see a 400 error returned to the acme-challenge:

errordetail='myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400'
Invalid status, office.mydomain.com:Verify error detail:myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400

I turned on debug and here is the complete logs of a start of the companion docker container. I inserted a few blank lines at the place where the logs for the office domain starts about a 108 lines down. There is a few more blank lines about 530 lines down where I got the error above from.

I appreciate any suggestions. Thanks

Update- it says this is too long so I removed most of the log. I will try to attach it.

nextcloud-letsencrypt-companion-1  | Info: running acme-companion version v2.4.0-6-ge9c01c9
nextcloud-letsencrypt-companion-1  | Debug: a default certificate with subject=CN=letsencrypt-nginx-proxy-companion is present.
nextcloud-letsencrypt-companion-1  | Debug: the self generated default certificate is still valid for more than three months. Skipping default certificate creation.
nextcloud-letsencrypt-companion-1  
[...]

nextcloud-letsencrypt-companion-1  | Debug: checking /etc/nginx/certs/office.mydomain.com ownership and permissions.
nextcloud-letsencrypt-companion-1  | Debug: numeric ID of user root is 0.
nextcloud-letsencrypt-companion-1  | Debug: numeric ID of group root is 0.
nextcloud-letsencrypt-companion-1  | Calling acme.sh --issue with the following parameters : --log /dev/null --useragent nginx-proxy/acme-companion/v2.4.0-6-ge9c01c9 (acme.sh/3.0.7) --debug 2 --server https://acme-v02.api.letsencrypt.org/directory --config-home /etc/acme.sh/myemail@someplace.com --webroot /usr/share/nginx/html --keylength 4096 --cert-file /etc/nginx/certs/office.mydomain.com/cert.pem --key-file /etc/nginx/certs/office.mydomain.com/key.pem --ca-file /etc/nginx/certs/office.mydomain.com/chain.pem --fullchain-file /etc/nginx/certs/office.mydomain.com/fullchain.pem --always-force-new-domain-key --domain office.mydomain.com
nextcloud-letsencrypt-companion-1  | Creating/renewal office.mydomain.com certificates... (office.mydomain.com)
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _is_idn_d='office.mydomain.com'
nextcloud-letsencrypt-companion-1  | [Thu
[companionLog.txt](https://github.com/user-attachments/files/16185690/companionLog.txt)
 Jul 11 23:30:15 UTC 2024] _idn_temp
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='zerossl.com,zerossl'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='letsencrypt.org,letsencrypt'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='letsencrypt.org_test,letsencrypt_test,letsencrypttest'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='buypass.com,buypass'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='buypass.com_test,buypass_test,buypasstest'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='ssl.com,sslcom'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='google.com,google'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _selectServer try snames='google.com_test,googletest,google_test'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Lets find script dir.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _SCRIPT_='/app/acme.sh'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _script='/app/acme.sh'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _script_home='/app'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Using default home:/root/.acme.sh
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Using config home:/etc/acme.sh/myemail@someplace.com
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
nextcloud-letsencrypt-companion-1  | https://github.com/acmesh-official/acme.sh
nextcloud-letsencrypt-companion-1  | v3.0.7
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Using server: https://acme-v02.api.letsencrypt.org/directory
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Running cmd: issue
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _main_domain='office.mydomain.com'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _alt_domains='no'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] Using config home:/etc/acme.sh/myemail@someplace.com
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:15 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[...]
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] response='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"pending","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/8ccOlw","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/NlxM0Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] original='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"pending","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/8ccOlw","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/NlxM0Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] response='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"pending","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/8ccOlw","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/NlxM0Q","status":"pending","token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA"}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] status='pending
nextcloud-letsencrypt-companion-1  | pending
nextcloud-letsencrypt-companion-1  | pending
nextcloud-letsencrypt-companion-1  | pending'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] Pending, The CA is processing your order, please just wait. (2/30)
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:19 UTC 2024] sleep 2 secs to verify again
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] checking
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] =======Begin Send Signed Request=======
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/375791360827'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] payload
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Use cached jwk for file: /etc/acme.sh/myemail@someplace.com/ca/acme-v02.api.letsencrypt.org/directory/account.key
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Use _CACHED_NONCE='XrsdoYfreF8TZUaciEbZb2jy_sdsl_FAUaKnCe05JfxnKIqbao8'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] nonce='XrsdoYfreF8TZUaciEbZb2jy_sdsl_FAUaKnCe05JfxnKIqbao8'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] POST
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/375791360827'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] body='{"protected": "eyJub25jZSI6ICJYcnNkb1lmcmVGOFRaVWFjaUViWmIyanlfc2RzbF9GQVVhS25DZTA1SmZ4bktJcWJhbzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3NTc5MTM2MDgyNyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyMDkyMDI0NyJ9", "payload": "", "signature": "UChs-nQKvMD48ttzKyca6SDL7m9woXa8cOOskJZyl5X-s1VlBr8vKfgl0_0-g0okixH63V8JSorgIMrZlubXg5xRlhnoLBl1bv1LEAoyKFngXmriRCXDI3JuC3qX4LdXB0_K5mHdQUNfiB60WBdUrzgr7Z5cTyn8SOkDBPP0jpwoNqXLiZ155qLDtYjLm-VrKPorsZSfKMT9QLbF5MlDaeoOeJl9MZ30GDajks9Eol2WcdFuCmEBNW2bzLFWV_y3JiuTTGgWojb7HOGT-dChzXarNC9gEHmJRWX_0juK3N7IysANARO6la_9VvSeEqVXKAMjhRBsyaQvWiAY1iV4Tg"}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _postContentType='application/jose+json'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Http already initialized.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/myemail@someplace.com/http.header  -L  --trace-ascii /tmp/tmp.SZ8sbAWTK6  -g '
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _ret='0'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] responseHeaders='HTTP/2 200 
nextcloud-letsencrypt-companion-1  | server: nginx
nextcloud-letsencrypt-companion-1  | date: Thu, 11 Jul 2024 23:30:21 GMT
nextcloud-letsencrypt-companion-1  | content-type: application/json
nextcloud-letsencrypt-companion-1  | content-length: 1039
nextcloud-letsencrypt-companion-1  | boulder-requester: 1020920247
nextcloud-letsencrypt-companion-1  | cache-control: public, max-age=0, no-cache
nextcloud-letsencrypt-companion-1  | link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
nextcloud-letsencrypt-companion-1  | replay-nonce: 0HjY_nENu92nSQJeni-VV5iVcOIuCS0IWmMoc-ev6Zy0mxb8eUA
nextcloud-letsencrypt-companion-1  | x-frame-options: DENY
nextcloud-letsencrypt-companion-1  | strict-transport-security: max-age=604800
'extcloud-letsencrypt-companion-1  | 
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] code='200'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] original='{
nextcloud-letsencrypt-companion-1  |   "identifier": {
nextcloud-letsencrypt-companion-1  |     "type": "dns",
nextcloud-letsencrypt-companion-1  |     "value": "office.mydomain.com"
nextcloud-letsencrypt-companion-1  |   },
nextcloud-letsencrypt-companion-1  |   "status": "invalid",
nextcloud-letsencrypt-companion-1  |   "expires": "2024-07-18T23:30:16Z",
nextcloud-letsencrypt-companion-1  |   "challenges": [
nextcloud-letsencrypt-companion-1  |     {
nextcloud-letsencrypt-companion-1  |       "type": "http-01",
nextcloud-letsencrypt-companion-1  |       "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q",
nextcloud-letsencrypt-companion-1  |       "status": "invalid",
nextcloud-letsencrypt-companion-1  |       "validated": "2024-07-11T23:30:16Z",
nextcloud-letsencrypt-companion-1  |       "error": {
nextcloud-letsencrypt-companion-1  |         "type": "urn:ietf:params:acme:error:unauthorized",
nextcloud-letsencrypt-companion-1  |         "detail": "myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400",
nextcloud-letsencrypt-companion-1  |         "status": 403
nextcloud-letsencrypt-companion-1  |       },
nextcloud-letsencrypt-companion-1  |       "token": "RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA",
nextcloud-letsencrypt-companion-1  |       "validationRecord": [
nextcloud-letsencrypt-companion-1  |         {
nextcloud-letsencrypt-companion-1  |           "url": "http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA",
nextcloud-letsencrypt-companion-1  |           "hostname": "office.mydomain.com",
nextcloud-letsencrypt-companion-1  |           "port": "80",
nextcloud-letsencrypt-companion-1  |           "addressesResolved": [
nextcloud-letsencrypt-companion-1  |             "myipaddress"
nextcloud-letsencrypt-companion-1  |           ],
nextcloud-letsencrypt-companion-1  |           "addressUsed": "myipaddress"
nextcloud-letsencrypt-companion-1  |         }
nextcloud-letsencrypt-companion-1  |       ]
nextcloud-letsencrypt-companion-1  |     }
nextcloud-letsencrypt-companion-1  |   ]
nextcloud-letsencrypt-companion-1  | }'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] response='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"invalid","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"invalid","validated":"2024-07-11T23:30:16Z","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400","status": 403},"token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","validationRecord":[{"url":"http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","hostname":"office.mydomain.com","port":"80","addressesResolved":["myipaddress"],"addressUsed":"myipaddress"}]}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] original='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"invalid","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"invalid","validated":"2024-07-11T23:30:16Z","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400","status": 403},"token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","validationRecord":[{"url":"http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","hostname":"office.mydomain.com","port":"80","addressesResolved":["myipaddress"],"addressUsed":"myipaddress"}]}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] response='{"identifier":{"type":"dns","value":"office.mydomain.com"},"status":"invalid","expires":"2024-07-18T23:30:16Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q","status":"invalid","validated":"2024-07-11T23:30:16Z","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400","status": 403},"token":"RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","validationRecord":[{"url":"http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA","hostname":"office.mydomain.com","port":"80","addressesResolved":["myipaddress"],"addressUsed":"myipaddress"}]}]}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] status='invalid
nextcloud-letsencrypt-companion-1  | invalid'

nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400","status": 403'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] errordetail='myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Invalid status, office.mydomain.com:Verify error detail:myipaddress: Invalid response from http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA: 400
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Debug: get token url.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] GET
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] url='http://office.mydomain.com/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] timeout=1
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Http already initialized.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/myemail@someplace.com/http.header  -L  --trace-ascii /tmp/tmp.SZ8sbAWTK6  -g  --connect-timeout 1'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] ret='0'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Debugging, skip removing: /usr/share/nginx/html/.well-known/acme-challenge/RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] pid
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] No need to restore nginx, skip.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _clearupdns
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] dns_entries
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] skip dns.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _on_issue_err
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Please check log file for more details: /dev/null
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _chk_vlist='office.mydomain.com#RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA._LNaiRmVQhKmTDSfnVRBA60aiOyFQJet6-rm_1aTHwc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q#http-01#/usr/share/nginx/html#https://acme-v02.api.letsencrypt.org/acme/authz-v3/375791360827,'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] start to deactivate authz
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Trigger domain validation.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _t_key_authz='RsASgZLD2EgSsGH98soNA-xkdhNY_cSZSGZbe7mLGSA._LNaiRmVQhKmTDSfnVRBA60aiOyFQJet6-rm_1aTHwc'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _t_vtype
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] =======Begin Send Signed Request=======
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] payload='{}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Use cached jwk for file: /etc/acme.sh/myemail@someplace.com/ca/acme-v02.api.letsencrypt.org/directory/account.key
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Use _CACHED_NONCE='0HjY_nENu92nSQJeni-VV5iVcOIuCS0IWmMoc-ev6Zy0mxb8eUA'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] nonce='0HjY_nENu92nSQJeni-VV5iVcOIuCS0IWmMoc-ev6Zy0mxb8eUA'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] POST
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/375791360827/nzjy5Q'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] body='{"protected": "eyJub25jZSI6ICIwSGpZX25FTnU5Mm5TUUplbmktVlY1aVZjT0l1Q1MwSVdtTW9jLWV2Nlp5MG14YjhlVUEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM3NTc5MTM2MDgyNy9uemp5NVEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMjA5MjAyNDcifQ", "payload": "e30", "signature": "izoM9ej7zYMJiNMmoXwUj__Y2-2qUXiAZfs-r8pM98qU5fCrPqJ7cHQqg3f57GeLNSxJltAYSAGXxuDxW4zhQp0qUaNItfYwyLmtjqq6XzADersPw0364q0RPY6Ivs825JNkhLZZPLJFyhHLfW1cIga2xzxXtfpBz7OdYttB4mOHQ3ZZPpgQduXFazqNppy_DXMHyODmtpg2npcb2R2ok4xITJOR_2C1quAS78UJPTJzzT5vcsuw2hK2beWxh0PmzPtkiq1ffyJFoGtURhDmMAYrNjy3ADkFp19g0MFoPypTmIFRlUPlPinsYxMRxSjjF1jv_ArHZET-NOfwpUkBvQ"}'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _postContentType='application/jose+json'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] Http already initialized.
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:21 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/myemail@someplace.com/http.header  -L  --trace-ascii /tmp/tmp.SZ8sbAWTK6  -g '
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] _ret='0'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] responseHeaders='HTTP/2 400 
nextcloud-letsencrypt-companion-1  | server: nginx
nextcloud-letsencrypt-companion-1  | date: Thu, 11 Jul 2024 23:30:21 GMT
nextcloud-letsencrypt-companion-1  | content-type: application/problem+json
nextcloud-letsencrypt-companion-1  | content-length: 144
nextcloud-letsencrypt-companion-1  | boulder-requester: 1020920247
nextcloud-letsencrypt-companion-1  | cache-control: public, max-age=0, no-cache
nextcloud-letsencrypt-companion-1  | link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
nextcloud-letsencrypt-companion-1  | replay-nonce: XrsdoYfrDUn3fYKEJ6FL5NTN1SIDBb4z2nAiReOCCMqkiNw9aZ4
'extcloud-letsencrypt-companion-1  | 
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] code='400'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] original='{
nextcloud-letsencrypt-companion-1  |   "type": "urn:ietf:params:acme:error:malformed",
nextcloud-letsencrypt-companion-1  |   "detail": "Unable to update challenge :: authorization must be pending",
nextcloud-letsencrypt-companion-1  |   "status": 400
nextcloud-letsencrypt-companion-1  | }'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] response='{
nextcloud-letsencrypt-companion-1  |   "type": "urn:ietf:params:acme:error:malformed",
nextcloud-letsencrypt-companion-1  |   "detail": "Unable to update challenge :: authorization must be pending",
nextcloud-letsencrypt-companion-1  |   "status": 400
nextcloud-letsencrypt-companion-1  | }'
nextcloud-letsencrypt-companion-1  | [Thu Jul 11 23:30:22 UTC 2024] Diagnosis versions: 
nextcloud-letsencrypt-companion-1  | openssl:openssl
nextcloud-letsencrypt-companion-1  | OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024)
nextcloud-letsencrypt-companion-1  | apache:
nextcloud-letsencrypt-companion-1  | apache doesn't exist.
nextcloud-letsencrypt-companion-1  | nginx:
nextcloud-letsencrypt-companion-1  | nginx doesn't exist.
nextcloud-letsencrypt-companion-1  | socat:
nextcloud-letsencrypt-companion-1  | socat by Gerhard Rieger and contributors - see www.dest-unreach.org
nextcloud-letsencrypt-companion-1  | socat version 1.8.0.0 on 16 Nov 2023 13:03:44
nextcloud-letsencrypt-companion-1  |    running on Linux version #123-Ubuntu SMP Mon Jun 10 08:16:17 UTC 2024, release 5.15.0-113-generic, machine x86_64
nextcloud-letsencrypt-companion-1  | features:
nextcloud-letsencrypt-companion-1  |   #define WITH_HELP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_STATS 1
nextcloud-letsencrypt-companion-1  |   #define WITH_STDIO 1
nextcloud-letsencrypt-companion-1  |   #define WITH_FDNUM 1
nextcloud-letsencrypt-companion-1  |   #define WITH_FILE 1
nextcloud-letsencrypt-companion-1  |   #define WITH_CREAT 1
nextcloud-letsencrypt-companion-1  |   #define WITH_GOPEN 1
nextcloud-letsencrypt-companion-1  |   #define WITH_TERMIOS 1
nextcloud-letsencrypt-companion-1  |   #define WITH_PIPE 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SOCKETPAIR 1
nextcloud-letsencrypt-companion-1  |   #define WITH_UNIX 1
nextcloud-letsencrypt-companion-1  |   #define WITH_ABSTRACT_UNIXSOCKET 1
nextcloud-letsencrypt-companion-1  |   #define WITH_IP4 1
nextcloud-letsencrypt-companion-1  |   #define WITH_IP6 1
nextcloud-letsencrypt-companion-1  |   #define WITH_RAWIP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_GENERICSOCKET 1
nextcloud-letsencrypt-companion-1  |   #define WITH_INTERFACE 1
nextcloud-letsencrypt-companion-1  |   #define WITH_TCP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_UDP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SCTP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_DCCP 1
nextcloud-letsencrypt-companion-1  |   #define WITH_UDPLITE 1
nextcloud-letsencrypt-companion-1  |   #define WITH_LISTEN 1
nextcloud-letsencrypt-companion-1  |   #define WITH_POSIXMQ 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SOCKS4 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SOCKS4A 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SOCKS5 1
nextcloud-letsencrypt-companion-1  |   #define WITH_VSOCK 1
nextcloud-letsencrypt-companion-1  |   #define WITH_NAMESPACES 1
nextcloud-letsencrypt-companion-1  |   #define WITH_PROXY 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SYSTEM 1
nextcloud-letsencrypt-companion-1  |   #define WITH_SHELL 1
nextcloud-letsencrypt-companion-1  |   #define WITH_EXEC 1
nextcloud-letsencrypt-companion-1  |   #define WITH_READLINE 1
nextcloud-letsencrypt-companion-1  |   #define WITH_TUN 1
nextcloud-letsencrypt-companion-1  |   #define WITH_PTY 1
nextcloud-letsencrypt-companion-1  |   #define WITH_OPENSSL 1
nextcloud-letsencrypt-companion-1  |   #undef WITH_FIPS
nextcloud-letsencrypt-companion-1  |   #undef WITH_LIBWRAP
nextcloud-letsencrypt-companion-1  |   #define WITH_SYCLS 1
nextcloud-letsencrypt-companion-1  |   #define WITH_FILAN 1
nextcloud-letsencrypt-companion-1  |   #define WITH_RETRY 1
nextcloud-letsencrypt-companion-1  |   #define WITH_MSGLEVEL 0 /*debug*/
nextcloud-letsencrypt-companion-1  |   #define WITH_DEFAULT_IPV 0
nextcloud-letsencrypt-companion-1  | Symlinked domains: nextcloud.mydomain.com
nextcloud-letsencrypt-companion-1  | Enabled domains: nextcloud.mydomain.com office.mydomain.com
nextcloud-letsencrypt-companion-1  | Disabled domains: 
nextcloud-letsencrypt-companion-1  | Reloading nginx proxy (ebdd22612b248576c17979c5079ddc5862d806eedd652213d111cd47cb0d6511)...
nextcloud-letsencrypt-companion-1  | 2024/07/11 23:30:22 Generated '/etc/nginx/conf.d/default.conf' from 8 containers
nextcloud-letsencrypt-companion-1  | 2024/07/11 23:30:22 [notice] 80#80: signal process started
nextcloud-letsencrypt-companion-1  | Sleep for 3600s
buchdag commented 4 months ago

Hi

Have you read the release note for the latest version and followed the instructions at the top ?

prairietree commented 4 months ago

Thanks. That seems to have been the issue. I was using the 1.5-alpine tag for nginx-proxy. I changed it to 1.6-alpine tag and now I can load the https page.