Letsencrypt error

boiler · April 24, 2024, 3:45pm

Hi,
I’ve want to enable certificates and enabled the letsencrypt function with these parameters:

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['myself@mymail.de']
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = "01"
letsencrypt['auto_renew_minute'] = "30"
letsencrypt['auto_renew_day_of_month'] = "*/7"

This gives me an error for some reason after reconfiguring:

letsencrypt_certificate[subdomain.myserver.de] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (letsencrypt::http_authorization line 43) had an error: RuntimeError: ruby_block[create certificate for subdomain.myserver.de] (letsencrypt::http_authorization line 110) had an error: RuntimeError: [subdomain.myserver.de] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12342342344/AAAAAhw, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:connection", "detail"=>"123.123.123.123: Fetching http://subdomain.myserver.de/.well-known/acme-challenge/5SAnuR5hqöasdkasödkasödkaösdkvkyY: Error getting validation data", "status"=>400}} ]

Running handlers complete
[2024-04-24T17:24:44+02:00] ERROR: Exception handlers complete
Infra Phase failed. 38 resources updated in 02 minutes 29 seconds
[2024-04-24T17:24:44+02:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/cinc-stacktrace.out
[2024-04-24T17:24:44+02:00] FATAL: ---------------------------------------------------------------------------------------
[2024-04-24T17:24:44+02:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2024-04-24T17:24:44+02:00] FATAL: ---------------------------------------------------------------------------------------
[2024-04-24T17:24:44+02:00] FATAL: RuntimeError: letsencrypt_certificate[subdomain.myserver.de] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (letsencrypt::http_authorization line 43) had an error: RuntimeError: ruby_block[create certificate for subdomain.myserver.de] (letsencrypt::http_authorization line 110) had an error: RuntimeError: [subdomain.myserver.de] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12342342344/AAAAAhw, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:connection", "detail"=>"123.123.123.123: Fetching http://subdomain.myserver.de/.well-known/acme-challenge/5SAnuR5hqöasdkasödkasödkaösdkvkyY: Error getting validation data", "status"=>400}} ]

Whats the issue? I’m a bit lost…
Thanks and Best
Mario

sdunt · May 1, 2024, 4:00pm

Prerequisites:

Ports 80 and 443 must be accessible to the public Let’s Encrypt servers that run the validation checks.

As I understand it the bundled letsencrypt probes port 80 from the internet to verify that you own the machine you are requesting the cert for. so If the hostname you configured does not resolve to the system where you are running the reconfigure, OR, the letsencrypt servers can not access port 80 on that machine the certificate create will fail…