Nethsecurity Letsencrypt failed

MadPatrick · October 5, 2024, 2:52pm

NethSecurity Version: 1.20
Nethserver Version: 8
Module: letsencrypt

Hi

I’m trying to add letsencrypt certificate to Nethsecuriy for the Nethserver 8 FQDN but it is failing
I see the follow when i try it from the command line

/usr/lib/acme/client/acme.sh -d ns8.pdebrabander.nl --keylength                                                                                   2048 --accountemail no-reply@nethsecurity.org --server letsencrypt --standalone                                                                                   --listen-v6 --issue --home /etc/acme
egrep: warning: egrep is obsolescent; using grep -E
egrep: warning: egrep is obsolescent; using grep -E
[Sun Oct  6 17:13:57 CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/d                                                                                  irectory
[Sun Oct  6 17:13:57 CEST 2024] Standalone mode.
[Sun Oct  6 17:13:57 CEST 2024] Single domain='ns8.pdebrabander.nl'
[Sun Oct  6 17:13:57 CEST 2024] Getting domain auth token for each domain
egrep: warning: egrep is obsolescent; using grep -E
egrep: warning: egrep is obsolescent; using grep -E
egrep: warning: egrep is obsolescent; using grep -E
[Sun Oct  6 17:13:59 CEST 2024] Getting webroot for domain='ns8.pdebrabander.nl'
egrep: warning: egrep is obsolescent; using grep -E

[Sun Oct  6 17:13:59 CEST 2024] Verifying: ns8.pdebrabander.nl
[Sun Oct  6 17:13:59 CEST 2024] Standalone mode server
egrep: warning: egrep is obsolescent; using grep -E
[Sun Oct  6 17:14:01 CEST 2024] Pending, The CA is processing your order, please just wait. (1/30)
egrep: warning: egrep is obsolescent; using grep -E
egrep: warning: egrep is obsolescent; using grep -E
egrep: warning: egrep is obsolescent; using grep -E
[Sun Oct  6 17:14:05 CEST 2024] Invalid status, ns8.pdebrabander.nl:Verify error detail:213.93.196.209: Invalid response from http://ns8.pdebrabander.nl/.well-known/acme-challenge/Vy37KACnZMYeMh-Gipee7Y3x4QYjUFG1Rccl6HIWfN8: 404

giacomo · October 8, 2024, 7:04am

MadPatrick:

[Sun Oct  6 17:14:05 CEST 2024] Invalid status, ns8.pdebrabander.nl:Verify error detail:213.93.196.209: Invalid response from http://ns8.pdebrabander.nl/.well-known/acme-challenge/Vy37KACnZMYeMh-Gipee7Y3x4QYjUFG1Rccl6HIWfN8: 404

This is your issue: the site is not available for verification.
If ns8.pdebrabander.nl is a proxy pass to NS8 you can’t obtain a certificate using the HTTP verification, you must use DNS verification.

MadPatrick · October 8, 2024, 12:15pm

Ok. Thanks
It is a reverse proxy to the NS8 server.
I’m struggling to get the webserver working. Still a nono on NS8 and docker

MadPatrick · October 8, 2024, 5:29pm

Giacomo

I’m still struggling with the certificates
When i try to obtain a certificate within NS8 it also fails

2024-10-08T19:11:14+02:00 [1:traefik1:traefik] time="2024-10-08T17:11:14Z" level=error msg="Cannot retrieve the ACME challenge for nextcloud.pdebrabander.nl (token \"c0vB9bEtovoQMZ0FeGXXMS_dEaQUmiNFH6fHoeVxt9g\")" providerName=acme
2024-10-08T19:11:14+02:00 [1:traefik1:traefik] 23.178.112.103 - - [08/Oct/2024:17:11:14 +0000] "GET /.well-known/acme-challenge/c0vB9bEtovoQMZ0FeGXXMS_dEaQUmiNFH6fHoeVxt9g HTTP/1.1" 404 0 "-" "-" 1769 "acme-http@internal" "-" 4ms

Somehow the NS8 certificates succeeded

I hope you can help me out with this
Do i need to adjust Nethsecurity or NS8 ??

MadPatrick · October 9, 2024, 5:08pm

Ok. I’ve restored to a VM backup of Nethsecurity and now the certifcates are created.
I’ve no clue why and how, but it is working