Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HELP] Not possible to create an SSL certificate #386

Open
daendaen opened this issue Nov 9, 2024 · 10 comments
Open

[HELP] Not possible to create an SSL certificate #386

daendaen opened this issue Nov 9, 2024 · 10 comments
Assignees
Labels
help wanted Extra attention is needed

Comments

@daendaen
Copy link

daendaen commented Nov 9, 2024

Hi,

I’ve installed the latest version of Zoraxy as a Docker container, and the necessary ports are open.

Now, I wanted to secure my DNS address with an SSL certificate, but I keep getting the following error.

Error: one or more domains had a problem: [DOMAIN.ddns.net] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 99.999.99.99: Invalid response from http://DOMAIN.ddns.net/.well-known/acme-challenge/7k9pJWEaLAxLMDVBsUffVCDv1ykyckWNpfoBulj4fq8: 404

As a test, I set up the DNS address with SSL using Nginx, and that worked without any issues.

Does anyone have an idea what might be causing this?

Best regards,

@daendaen daendaen added the help wanted Extra attention is needed label Nov 9, 2024
@daendaen daendaen changed the title [HELP] [HELP] Not possible to create an SSL certificate Nov 9, 2024
@xxLexanixx
Copy link

xxLexanixx commented Nov 12, 2024

i have the same issue

[mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 12.34.56.78: Invalid response from http://mydomain.com/.well-known/acme-challenge/ulhLOyyun5LCNDLDLtLA3nm0bnW7-LuVvFdqTdNaq1o: 404

Portforwarding for 80 and 443 is active
i can create certificates at the nginx proxy manager without problems

@tobychui
Copy link
Owner

@yeungalan Can you help check if the latest version of Zoraxy ACME module got any issue regarding http-01 challenge?

Though, from what I observed, these issues mostly come from inbound network settings. In your case, I would recommend keep using NPM if it works in your specific network environment (and maybe use Zoraxy as a 2nd layer proxy). NPM is more compatible with de-facto or "wired" network setups as it is a much more mature and old project.

@yeungalan
Copy link
Collaborator

checking

@yeungalan
Copy link
Collaborator

looks like DNS01 and HTTP01 both broke, maybe due to @tobychui 's recent code change

@yeungalan
Copy link
Collaborator

2024/11/15 01:33:24 [INFO] acme: Registering account for [email protected]
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] acme: Obtaining bundled SAN certificate
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/430439213837
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] acme: Could not find solver for: tls-alpn-01
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] acme: Could not find solver for: http-01
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] acme: use dns-01 solver
2024/11/15 01:33:24 [INFO] [r5desktop.alanyeung.co] acme: Preparing to solve DNS-01

@yeungalan
Copy link
Collaborator

yeungalan commented Nov 15, 2024

2024/11/15 01:34:00 [INFO] [r5desktop.alanyeung.co] acme: Obtaining bundled SAN certificate
2024/11/15 01:34:00 [INFO] [r5desktop.alanyeung.co] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/430439401907
2024/11/15 01:34:00 [INFO] [r5desktop.alanyeung.co] acme: Could not find solver for: tls-alpn-01
2024/11/15 01:34:00 [INFO] [r5desktop.alanyeung.co] acme: use http-01 solver
2024/11/15 01:34:00 [INFO] [r5desktop.alanyeung.co] acme: Trying to solve HTTP-01
2024/11/15 01:35:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/430439401907
[2024-11-15 01:35:45.783206] [ACME] [system:error] Obtain certificate failed: error: one or more domains had a problem:
[r5desktop.alanyeung.co] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 0.0.0.0: Fetching http://r5desktop.alanyeung.co/.well-known/acme-challenge/3HkVgOGMyaahKojod9sFKKSVExH47un7wiOwfOJeic8: Timeout after connect (your server may be slow or overloaded)

@yeungalan
Copy link
Collaborator

Hey @tobychui can you rollback your change

@yeungalan
Copy link
Collaborator

yeungalan commented Nov 15, 2024

Steps to recreate the issue

  1. delete sys.db
  2. start the server
  3. run curl -v localhost
  4. acme request by using HTTP01
  5. run curl -v localhost
  6. connection timeout

@tobychui
Copy link
Owner

Hey @tobychui can you rollback your change

Fuck you, no.

Steps to recreate the issue

圖片

圖片

圖片

Cannot reproduce such issue on Windows build v3.1.3. Using a completely fresh install (start with just a single exe file) and immediate visit localhost:80 shows the correct static web server welcome page.

Will be testing http-01 on ramnode now.

@tobychui
Copy link
Owner

Tested on RAMNODE with a Debian 12 Cloud instance. http-01 challenge work perfectly fine.

圖片

圖片

And web server fresh start also working fine on Linux.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

4 participants