Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Let's Encrypt Issue

    Support
    letsencrypt
    4
    6
    539
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • doodlemania2
      doodlemania2 App Dev last edited by girish

      Oddity just cropped up on getting a new app running:

      Jan 24 08:13:12 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"During secondary validation: DNS problem: networking error looking up CAA for <mydnshere>","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10323824999/c7R7Lw","token":"HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","validationRecord":[{"url":"http://<mydnshere>/.well-known/acme-challenge/HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","hostname":"<mydnshere>","port":"80","addressesResolved":["myip"],"addressUsed":"myip"}]}

      The above <mydns> and <myip> are correct. I do have an empty surfer instance running in the root of the domain. This wasn't an issue yesterday but just started up today.

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        @doodlemania2 according to https://letsencrypt.org/docs/caa/#caa-errors first lets see if this is permanent or not. Then also check if you have setup any CAA rules to maybe prohibit issuing certificates by LetsEncrypt

        doodlemania2 1 Reply Last reply Reply Quote 0
        • doodlemania2
          doodlemania2 App Dev @nebulon last edited by

          @nebulon It cleared after about 30 minutes (strange). Will look at the CAA thing.
          Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?

          girish 1 Reply Last reply Reply Quote 0
          • jimcavoli
            jimcavoli App Dev last edited by

            That error message would seem to indicate that it failed on DNS lookup trying to pull the CAA to verify it - unusual for DNS to fail that way, but stranger things have happened.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @doodlemania2 last edited by

              @doodlemania2 said in Let's Encrypt Issue:

              Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?

              Other way around! Wildcard DNS will lead to non-wildcard certs (and vice versa - programmatic DNS means you can get wildcard certs).

              Also, the DNS error is reported by the Let's encrypt servers and not by Cloudron. If this is a new domain or you changed the NS recently, these errors are normal.

              doodlemania2 1 Reply Last reply Reply Quote 0
              • doodlemania2
                doodlemania2 App Dev @girish last edited by

                @girish no changes - will monitor to see if it crops back up.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Powered by NodeBB