NethServer Version: NS8,5
Module: Letsencrypt
i try to receive a certifikate for the server but did not succeed. I got an error called: {“context”:{“action”:“set-certificate”,“data”:{“fqdn”:“domain.my-gateway.de”,“sync”:true},“extra”:{“description”:“verarbeite”,“eventId”:“10cfce1d-eef4-43c8-b7ec-602c921f0abc”,“logs”:{“instance”:“traefik1”,“path”:“?searchQuery=&context=module&selectedAppId=traefik1&followLogs=false&startDate=2025-04-18&startTime=07%3A35&autoStartSearch=true”},“title”:“Zertifikat für domain.my-gateway.de anfordern”},“id”:“7bf90482-e12c-4fee-b7be-551d185d697b”,“parent”:“”,“queue”:“module/traefik1/tasks”,“timestamp”:“2025-04-18T05:35:21.321136342Z”,“user”:“admin”},“status”:“aborted”,“progress”:0,“subTasks”:,“validated”:false,“result”:{“error”:“<3>2025-04-18T07:35:38+02:00 cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: Get "https://acme-v02.api.letsencrypt.org/directory\”: dial tcp: lookup acme-v02.api.letsencrypt.org on 192.168.2.2:53: no such host\n<3>\n",“exit_code”:2,“file”:“task/module/traefik1/7bf90482-e12c-4fee-b7be-551d185d697b”,“output”:{“obtained”:false}}}
any Ideas?
Did you set a port forward for port 443 to the NS8 to make Letsencrypt work, it’s needed now with the new traefik 3 release instead of port 80, see also TLS certificates — NS8 documentation.
Is there a DNS issue?
this is the samba dns of the server. And yes, the forwarding port 443 is set and works fine with another server
Do you use the samba DNS on your Nethserver?
Let’s check NS8 DNS settings:
cat /etc/resolv.conf
What does work on another server, the port forwarding or getting a lets encrypt certificate? The port forwarding needs to point to the NS8 when requesting an LE cert.
respond from cat /etc/resolv.conf is
nameserver 192.168.2.111 ← pihole
nameserver 192.168.2.2 NS8 samba
it means a completeley other system where i did the tests with the ns8 system, not this one
Usually this entry is not needed.
Let’s check if the DNS servers can resolve the host:
Check samba DNS:
nslookup domain.my-gateway.de. 192.168.2.2
Check pihole DNS:
nslookup domain.my-gateway.de. 192.168.2.111
nslookup domain.my-gateway.de. 192.168.2.2
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.2.2
nslookup domain.my-gateway.de. 192.168.2.111
```Server: pi.hole
Address: 192.168.2.111
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: domain.my-gateway.de
Address: 192.168.2.2Is there also a public DNS entry for that host? The let’s encrypt servers need to find the host by using DNS.
yes it is
question, in NS8 is the possibility to restrict the access to per example the cluster-admin etc. i set an entry for access only green network and vpn network
maybe this is the problem? okay, it is not the problem, checked it. or did i need a reboot then, after change the restrict? because i am remote over a vpn on the server, but normaly it would not work the refresh it then… and i am still on the server
iam able to ping the adress from domain.my-gateway.de from outside
[1:traefik1:agent@traefik1] [domain.my-gateway.de] invalid authorization: acme: error: 400 :: urn:ietf:params:acme:error:connection :: 212.127.52.70: Timeout during connect (likely firewall problem)
2025-04-18T10:29:16+02:00
do i need the port 80 for the certifikate?
No, with new traefik it changed to port 443:
after i open the port 80 it was working… thats the reason i ask
From the docs:
For nodes installed before the Traefik 3.0.0 release, the same requirement applies to port 80. Starting from new installations of Traefik 3.0.0, only port 443 is required.
i installed it yesterday… so it should be the 3.0 or?
I think so.
The used version should be listed in the core apps in Software Center, see also Software center — NS8 documentation
i think is is onlay showed by updates etc. if i go on Software-Center i did see the apps like mail but no entry for Traefik.
yeah, tried it, but there is no update wait, there is a second button. okay, the traefik version is 3.02
Software center / core module is the point where you have to look.