Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Let's Encrypt Issue

Scheduled Pinned Locked Moved Solved Support
letsencrypt
6 Posts 4 Posters 592 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    wrote on last edited by girish
    #1

    Oddity just cropped up on getting a new app running:

    Jan 24 08:13:12 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"During secondary validation: DNS problem: networking error looking up CAA for <mydnshere>","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10323824999/c7R7Lw","token":"HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","validationRecord":[{"url":"http://<mydnshere>/.well-known/acme-challenge/HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","hostname":"<mydnshere>","port":"80","addressesResolved":["myip"],"addressUsed":"myip"}]}

    The above <mydns> and <myip> are correct. I do have an empty surfer instance running in the root of the domain. This wasn't an issue yesterday but just started up today.

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    @doodlemania2 according to https://letsencrypt.org/docs/caa/#caa-errors first lets see if this is permanent or not. Then also check if you have setup any CAA rules to maybe prohibit issuing certificates by LetsEncrypt

    doodlemania2D 1 Reply Last reply
    0
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to nebulon on last edited by
    #3

    @nebulon It cleared after about 30 minutes (strange). Will look at the CAA thing.
    Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?

    girishG 1 Reply Last reply
    0
  • jimcavoliJ Offline
    jimcavoliJ Offline
    jimcavoli App Dev
    wrote on last edited by
    #4

    That error message would seem to indicate that it failed on DNS lookup trying to pull the CAA to verify it - unusual for DNS to fail that way, but stranger things have happened.

    1 Reply Last reply
    0
  • girishG Do not disturb
    girishG Do not disturb
    girish Staff
    replied to doodlemania2 on last edited by
    #5

    @doodlemania2 said in Let's Encrypt Issue:

    Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?

    Other way around! Wildcard DNS will lead to non-wildcard certs (and vice versa - programmatic DNS means you can get wildcard certs).

    Also, the DNS error is reported by the Let's encrypt servers and not by Cloudron. If this is a new domain or you changed the NS recently, these errors are normal.

    doodlemania2D 1 Reply Last reply
    0
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to girish on last edited by
    #6

    @girish no changes - will monitor to see if it crops back up.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.