search

wmnnd / nginx-certbot

Boilerplate configuration for nginx and certbot with docker-compose
MIT License
3.16k stars 1.17k forks source link

http-01 challenge failed #59

Closed jingw222 closed 4 years ago

jingw222 commented 4 years ago 
### Deleting dummy certificate for myrealdomain.com ...

### Requesting Let's Encrypt certificate for myrealdomain.com ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myrealdomain.com
http-01 challenge for www.myrealdomain.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain myrealdomain.com
Challenge failed for domain www.myrealdomain.com
http-01 challenge for myrealdomain.com
http-01 challenge for www.myrealdomain.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: myrealdomain.com
   Type:   connection
   Detail: Fetching
   http://myrealdomain.com/.well-known/acme-challenge/Xs94VXCMCvMdGrz6QEWDSWrRH86ISG4x3FA6yetMRyw:
   Connection refused

   Domain: www.myrealdomain.com
   Type:   connection
   Detail: Fetching
   http://www.myrealdomain.com/.well-known/acme-challenge/QW9SYinn_8V6y5apuh4lQwa4ny7R3bcWadWIePNIaI4:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

### Reloading nginx ...
Error response from daemon: Container fa728312c6a2d9e5958505f3f8b973aafb46f01969ae9134cc0e33977060b86e is restarting, wait until the container is running

I created and successfully ran my flask app container, and am able to access the app through myrealdomain.com:5000, but not myrealdomain.com. I'm pretty sure the domain and the DNS A/AAAA record(s) is correct.

nginx conf

server {
    listen 80;
    server_name myrealdomain.com www.myrealdomain.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name myrealdomain.com www.myrealdomain.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://web:5000;  # flask service name: web
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

I have no idea how to debug this issue. What could possibly go wrong in this case?

jingw222 commented 4 years ago

Sorry, I forgot to change the example.org to myrealdomain.com in ssl_certificate directory.