Challenge failed for (multiple) domain(s)
andreborud opened this issue · comments
I have tried to clone this repo and updated the urls to my own, and it works flawlessly.
But once I try to use some extra configuration in my nginx config files and adding some more volumes to docker-compose it fails. The failure looks the same like many others I've seen there:
### Creating dummy certificate for domain.com ...
Generating a RSA private key
.....................+++++
.................................................................................+++++
writing new private key to '/etc/letsencrypt/live/domain.com/privkey.pem'
-----
### Starting nginx ...
Recreating production_nginx ... done
### Deleting dummy certificate for domain.com ...
### Requesting Let's Encrypt certificate for domain.com ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for domain2.com
http-01 challenge for files.domain.com
http-01 challenge for domain3.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain domain.com
Challenge failed for domain domain2.com
Challenge failed for domain files.domain.com
Challenge failed for domain domain3.com
http-01 challenge for domain.com
http-01 challenge for domain2.com
http-01 challenge for files.domain.com
http-01 challenge for domain3.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain.com
Type: connection
Detail: Fetching
http://domain.com/.well-known/acme-challenge/i6pLhnl3hftPhzgeMBqqDLnfdiEa8ml_vy4S5DQ6nOE:
Connection refused
Domain: domain2.com
Type: connection
Detail: Fetching
http://domain2.com/.well-known/acme-challenge/RwXLR3zZIfz79NwJ100v6Oty54rtEOFKtR62cWQbK3U:
Connection refused
Domain: files.domain.com
Type: connection
Detail: Fetching
http://files.domain.com/.well-known/acme-challenge/kZiypUTpi4tXETtdasGNL6Jk7ASqubwWoPHx9VvpjKk:
Connection refused
Domain: domain3.com
Type: connection
Detail: Fetching
http://domain3.com/.well-known/acme-challenge/Ft16pIXIqHi2Y5Q80OiDXfanE9c6ZNvtjglQPMrMl_w:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
### Reloading nginx ...
Error response from daemon: Container ff07c0b7f2b2697e8bc9ae02e2f15e1f13a2529de32cb2e601670bd3c51a4fdb is restarting, wait until the container is running
Does anyone know what could cause this problem?
My nginx config files looks like this one:
limit_req_zone $binary_remote_addr zone=domain:20m rate=10r/s;
server {
listen 80;
# listen [::]:80;
server_name domain.com www.domain.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_tokens off;
server_name domain.com www.domain.com;
gzip on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy "default-src 'self';";
location / {
proxy_cache nginx_cache;
proxy_cache_valid 60m;
proxy_cache_valid 404 1m;
proxy_cache_bypass $http_cache_control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_ignore_headers Cache-Control;
add_header X-Cache-Status $upstream_cache_status;
limit_req zone=domain burst=100 nodelay;
proxy_pass http://domain:2368;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
http2_push_preload on;
}
location ^~ /ghost/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://domain:2368;
}
}
And my docker-compose.yml looks like this:
version: "3.7"
services:
nginx:
image: nginx:latest
container_name: production_nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- /opt/nginx_cache/:/opt/nginx_cache/
- /home/core/docker/files/:/home/core/docker/files/
- ./data/nginx.conf:/etc/nginx/nginx.conf
networks:
- proxynet
- abnet
- dsnet
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
proxynet:
name: source_network
abnet:
name: ab_network
dsnet:
name: ds_network
Any ideas?
I am having the same issue. I have been trying to troubleshoot this thing for the past two days and no luck. I started with a brand new instance and disabled everything including the firewall and SELinux. Still no luck. If you curl your domain from the box, does it get a connection refused as well?
@andreborud Try this: #70 (comment)
Thanks for the tip @oem2. I got it working with this comment which does pretty much the same you suggested.