Navigation

    OpenIAP
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Let's Encrypt certificates issues but not loaded when loading url

    General Discussion
    2
    5
    27
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Renier Duvenhage last edited by

      Hi

      I am using the DNS01 Traefik file with Azure as the provider. The DNS records were added to Azure DNS but then removed after exactly 2 minutes every time. I can also see the requests come through on the activity logs in Azure and then the request to remove the record again.

      When I load my site, it is showing that a default certificate is issued but not the domain certificate:
      ed2e02f5-9173-4c87-8001-461944d7b97b-image.png

      I also did a search and saw that 2 certificates are issued already:
      fb82a4ce-e538-4c03-bac2-8f5aa9435fb6-image.png

      I don't understand what is wrong and why the site is not picking up the correct certificate. I also ran "sudo docker compose logs traefik" and there are no errors or any information in the logs. The site is just not loading any certificates.

      I don't know if I've reached the rate limit, but it seems like certificates were issued previously.

      I am not sure what else to check to find the potential error?

      I've attached the yaml file I am using, just removed the confidential information: docker-compose-dns01-azure-debug.yaml

      I am running docker compose version 2.5.1 on Ubuntu 20.04

      Allan Zimmermann 1 Reply Last reply Reply Quote 0
      • Allan Zimmermann
        Allan Zimmermann @Renier Duvenhage last edited by

        Troubleshooting DNS01 issues is just painful.
        And you have to be super carefull, you don't get many tries before you hit a rate limit and is locked out for 24 hours or 7 days or 30 days, depending on what you did
        Most of the things i would do to troubleshoot this, it seems you already did ( awsome ! ) and they all look good.
        Does the information ever end up in the /letsencrypt/acme.json file ?
        Check when this was last modified .. this should contain the certificate for this installation to request certificate, and it should contain all the privat ekeys for the different domains lets-encrypt has requested certificates for.
        something like this
        b69e95f5-8b45-41c7-8adf-ab6e64ff2d17-image.png

        Allan Zimmermann 1 Reply Last reply Reply Quote 0
        • Allan Zimmermann
          Allan Zimmermann @Allan Zimmermann last edited by Allan Zimmermann

          Also, traefik is not giving a lot of log information, but it CAN be useful to see the little they do log.
          Under traefik -> command: add this at the top

          - "--log.level=DEBUG"
          R 1 Reply Last reply Reply Quote 0
          • R
            Renier Duvenhage @Allan Zimmermann last edited by

            @allan-zimmermann said in Let's Encrypt certificates issues but not loaded when loading url:

            • "--log.level=DEBUG"

            acme.json contains the certificate key values:
            a6437fe5-beeb-4ff0-bfea-915787a9a785-image.png

            When I logged in this morning, the correct certificate were displaying without any changes to the environment after this post. Seems like it just took extremely long to pick it up or my browser cached something (although I closed my browser multiple times during tests).

            Allan Zimmermann 1 Reply Last reply Reply Quote 0
            • Allan Zimmermann
              Allan Zimmermann @Renier Duvenhage last edited by

              @renier-duvenhage Ahh, glad it worked out, even thou we don't know what was wrong. My guess is some rate limited was hit ?
              everything else seems correct.

              1 Reply Last reply Reply Quote 0
              • Locked by  A az 
              • First post
                Last post