Created
May 17, 2020 15:24
-
-
Save McFateM/095eb6cd798f8c9807de7e0c0024cf62 to your computer and use it in GitHub Desktop.
Log of First DNS-01 Attempt for Static.Grinnell.edu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Well, this appeared to work in "staging" so I switched over to use the LE live server, and I got no visible errors, so the sites work, but all of the certs are invalid. 8^( | |
| Checking the logs shows this... | |
| ╭─administrator@static /opt/docker-traefik-host-with-DNS-01 ‹master*› | |
| ╰─$ cat ~/docker-compose.log | |
| Attaching to whoami, traefik_proxy, portainer, watchtower | |
| whoami | Starting up on port 80 | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Using TOML configuration file /traefik.toml" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Traefik version v1.7.20 built on 2019-12-10_05:02:10PM" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v1.7/basics/#collected-data\n" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Account URI does not match the current CAServer. The account will be reset" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc000a02fc0 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00099a9c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000569d40 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00099ae40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
| traefik_proxy | time="2020-04-28T19:52:31Z" level=info msg="Starting server on :80" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00099af80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Starting server on :443" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Starting server on :8080" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Starting provider configuration.ProviderAggregator {}" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"\",\"TLS\":null,\"ExposedByDefault\":true,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"digital@grinnell.edu\",\"ACMELogging\":true,\"CAServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"Storage\":\"/root/acme.json\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"OnHostRule\":true,\"OnDemand\":false,\"DNSChallenge\":{\"Provider\":\"azure\",\"DelayBeforeCheck\":0,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"Domains\":null,\"Store\":{}}" | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=info msg="Testing certificate renew..." | |
| traefik_proxy | time="2020-04-28T19:52:32Z" level=warning msg="Deprecated configuration found: traefik.frontend.auth.basic. Please use traefik.frontend.auth.basic.users." | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :80" | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :443" | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :8080" | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :80" | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :443" | |
| traefik_proxy | time="2020-04-28T19:52:33Z" level=info msg="Server configuration reloaded on :8080" | |
| traefik_proxy | time="2020-04-28T19:53:37Z" level=warning msg="Deprecated configuration found: traefik.frontend.auth.basic. Please use traefik.frontend.auth.basic.users." | |
| traefik_proxy | time="2020-04-28T19:53:38Z" level=info msg="Server configuration reloaded on :8080" | |
| traefik_proxy | time="2020-04-28T19:53:38Z" level=info msg="Server configuration reloaded on :80" | |
| traefik_proxy | time="2020-04-28T19:53:38Z" level=info msg="Server configuration reloaded on :443" | |
| traefik_proxy | time="2020-04-28T19:53:38Z" level=info msg="The key type is empty. Use default key type 4096." | |
| traefik_proxy | time="2020-04-28T19:53:39Z" level=warning msg="Deprecated configuration found: traefik.frontend.auth.basic. Please use traefik.frontend.auth.basic.users." | |
| traefik_proxy | time="2020-04-28T19:53:40Z" level=info msg="Server configuration reloaded on :443" | |
| traefik_proxy | time="2020-04-28T19:53:40Z" level=info msg="Server configuration reloaded on :8080" | |
| traefik_proxy | time="2020-04-28T19:53:40Z" level=info msg="Server configuration reloaded on :80" | |
| traefik_proxy | time="2020-04-28T19:53:41Z" level=info msg=Register... | |
| traefik_proxy | time="2020-04-28T19:53:41Z" level=info msg="legolog: [INFO] acme: Registering account for digital@grinnell.edu" | |
| traefik_proxy | time="2020-04-28T19:53:41Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Obtaining bundled SAN certificate" | |
| traefik_proxy | time="2020-04-28T19:53:41Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: Obtaining bundled SAN certificate" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4238808899" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Could not find solver for: tls-alpn-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Could not find solver for: http-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: use dns-01 solver" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Preparing to solve DNS-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4238808921" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: Could not find solver for: tls-alpn-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: Could not find solver for: http-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: use dns-01 solver" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: Preparing to solve DNS-01" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=warning msg="Deprecated configuration found: traefik.frontend.auth.basic. Please use traefik.frontend.auth.basic.users." | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [vaf.grinnell.edu] acme: Cleaning DNS-01 challenge" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Cleaning DNS-01 challenge" | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [WARN] [static.grinnell.edu] acme: error cleaning up: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\" " | |
| traefik_proxy | time="2020-04-28T19:53:42Z" level=info msg="legolog: [WARN] [vaf.grinnell.edu] acme: error cleaning up: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\" " | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=error msg="Unable to obtain ACME certificate for domains \"static.grinnell.edu\" detected thanks to rule \"Host:static.grinnell.edu\" : unable to generate a certificate for the domains [static.grinnell.edu]: acme: Error -> One or more domains had a problem:\n[static.grinnell.edu] [static.grinnell.edu] acme: error presenting token: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="Server configuration reloaded on :80" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="Server configuration reloaded on :443" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="Server configuration reloaded on :8080" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: Obtaining bundled SAN certificate" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Obtaining bundled SAN certificate" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=error msg="Unable to obtain ACME certificate for domains \"vaf.grinnell.edu\" detected thanks to rule \"Host:vaf.grinnell.edu\" : unable to generate a certificate for the domains [vaf.grinnell.edu]: acme: Error -> One or more domains had a problem:\n[vaf.grinnell.edu] [vaf.grinnell.edu] acme: error presenting token: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4238809109" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: Could not find solver for: tls-alpn-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: Could not find solver for: http-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: use dns-01 solver" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: Preparing to solve DNS-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4238809123" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Could not find solver for: tls-alpn-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Could not find solver for: http-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: use dns-01 solver" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Preparing to solve DNS-01" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [vaf-kiosk.grinnell.edu] acme: Cleaning DNS-01 challenge" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [INFO] [static.grinnell.edu] acme: Cleaning DNS-01 challenge" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [WARN] [vaf-kiosk.grinnell.edu] acme: error cleaning up: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\" " | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=error msg="Unable to obtain ACME certificate for domains \"vaf-kiosk.grinnell.edu\" detected thanks to rule \"Host:vaf-kiosk.grinnell.edu\" : unable to generate a certificate for the domains [vaf-kiosk.grinnell.edu]: acme: Error -> One or more domains had a problem:\n[vaf-kiosk.grinnell.edu] [vaf-kiosk.grinnell.edu] acme: error presenting token: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n" | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=info msg="legolog: [WARN] [static.grinnell.edu] acme: error cleaning up: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\" " | |
| traefik_proxy | time="2020-04-28T19:53:43Z" level=error msg="Unable to obtain ACME certificate for domains \"static.grinnell.edu\" detected thanks to rule \"Host:static.grinnell.edu\" : unable to generate a certificate for the domains [static.grinnell.edu]: acme: Error -> One or more domains had a problem:\n[static.grinnell.edu] [static.grinnell.edu] acme: error presenting token: azure: dns.ZonesClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"AuthorizationFailed\" Message=\"The client '457433eb-a304-410d-a92b-9b2d570538aa' with object id '457433eb-a304-410d-a92b-9b2d570538aa' does not have authorization to perform action 'Microsoft.Network/dnsZones/read' over scope '/subscriptions/a55a69f3-1595-41b7-97ae-df56289ffc4f/resourceGroups/NetworkServices/providers/Microsoft.Network/dnsZones/grinnell.edu' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n" | |
| portainer | 2020/04/28 19:52:32 Templates already registered inside the database. Skipping template import. | |
| portainer | 2020/04/28 19:52:32 Instance already has defined endpoints. Skipping the endpoint defined via CLI. | |
| portainer | 2020/04/28 19:52:32 Instance already has an administrator user defined. Skipping admin password related flags. | |
| portainer | 2020/04/28 19:52:32 server: Reverse tunnelling enabled | |
| portainer | 2020/04/28 19:52:32 server: Fingerprint 77:40:36:41:8f:a0:78:2d:bc:68:02:de:8b:7e:5f:c1 | |
| portainer | 2020/04/28 19:52:32 server: Listening on 0.0.0.0:8000... | |
| portainer | 2020/04/28 19:52:32 Starting Portainer 1.23.0 on :9000 | |
| portainer | 2020/04/28 19:52:32 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process] | |
| watchtower | time="2020-04-28T19:52:31Z" level=info msg="Starting Watchtower and scheduling first run: 2020-04-28 19:57:31 +0000 UTC m=+301.204263325" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment