Giters

maxlerebourg / crowdsec-bouncer-traefik-plugin

Traefik plugin for Crowdsec - WAF and IP protection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Question] Letsencrypt Challenge Fails

prononext opened this issue · comments

commented

I am testing this nice crowdsec traefik bouncer and as I added a new domain with letsencrypt http challenge to my traefik stack the Letsencrypt challenge failed to get the valid certificate.

When I remove the plugin from the service it worked normally.

Everything else is working fine with the plugin.

I got the following errors

time="2023-06-26T03:32:08Z" level=error msg="Unable to obtain ACME certificate for domains \"domain.example.com\": unable to generate a certificate for the domains [domain.example.com]: error: one or more domains had a problem:\n[domain.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 111.11.11.11: Fetching http://domain.example.com/.well-known/acme-challenge/0nqnrMe234234234l6x123412341234f7nIF8: Connection refused\n" routerName=authtest@docker rule="(Host(`domain.example.com`))" providerName=production.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-06-26T03:32:13Z" level=error msg="middleware \"traefik@docker\" does not exist" entryPointName=web routerName=error-router@docker
time="2023-06-26T03:32:13Z" level=error msg="middleware \"traefik@docker\" does not exist" entryPointName=websecure routerName=error-router@docker
time="2023-06-26T03:32:19Z" level=error msg="Unable to obtain ACME certificate for domains \"domain.example.com\": unable to generate a certificate for the domains [domain.example.com]: error: one or more domains had a problem:\n[domain.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 111.11.11.11: Invalid response from https://domain.example.com/.well-known/acme-challenge/Gj-fkGXPi23421234123412330p_MmgKoZPGp4noYw: 403\n" providerName=production.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=authtest@docker rule="(Host(`domain.example.com`))"


time="2023-06-26T03:55:05Z" level=error msg="Cannot retrieve the ACME challenge for domain.example.com (token \"KuenyF2234234234i-UVHmNc_hHF234234Qs2nBg\"): cannot find challenge for token \"KuenyF2_94234234Yi-UVHmNc_hH24323423Qs2nBg\" (domain.example.com)" providerName=acme
time="2023-06-26T03:55:20Z" level=error msg="Unable to obtain ACME certificate for domains \"domain.example.com\": unable to generate a certificate for the domains [domain.example.com]: error: one or more domains had a problem:\n[domain.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 111.11.111.1: Invalid response from http://domain.example.com/.well-known/acme-challenge/25_01emRjEw234234234234234yRF9EfM7U: 404\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=authtest@docker rule="(Host(`domain.example.com`))" providerName=production.acme

Please help how can I get the challenge working with the plugin activated on the service?

commented

I got is resolved by playing around with the label order of "tls true" and "ruleHost" strange but I tested 10 times with different domains and now it works.

commented

Hey @prononext,
Glad to know you got it resolved.

Yes, tls: true is mandatory in the router section of traefik when you want tls certificates and letsencrypt to work.
Don't hesitate if you have any other questions