Skip to content

Instantly share code, notes, and snippets.

@hesco

hesco/0010-certbot-output Secret

Last active Apr 16, 2020
Embed
What would you like to do?
+ docker run -i --rm --name certcont --publish 209.195.11.75:8888:8888 --volume letsencrypt-etc:/etc/letsencrypt --volume letsencrypt-var-lib:/var/lib/letsencrypt --volume letsencrypt-var-log:
/var/log/letsencrypt certbot/certbot:latest certonly --standalone -d jenkins.yourmessagedelivered.com --non-interactive --preferred-challenges http --agree-tos --email hesco@yourmessagedeliver
ed.com --staging --http-01-port=8888
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.yourmessagedelivered.com
Waiting for verification...
Challenge failed for domain jenkins.yourmessagedelivered.com
http-01 challenge for jenkins.yourmessagedelivered.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: jenkins.yourmessagedelivered.com
Type: unauthorized
Detail: Invalid response from
http://jenkins.yourmessagedelivered.com/.well-known/acme-challenge/uP-FXuSI5sYdRm5gLiEtjtq5Uag7XRP2-qDRyT_IfeM
[209.195.11.75]: "<html><head><meta http-equiv='refresh'
content='1;url=/login?from=%!F(MISSING).well-known%!F(MISSING)acme-challenge%!F(MISSING)uP-FXuSI5sYdRm5gLiEtjtq5Uag7"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
+ cat /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem
cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem: No such file or directory
cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem: No such file or directory
root@dessalines021:/exports/data/letsencrypt# ls -alht /exports/data/letsencrypt/etc/letsencrypt | grep live
drwx------ 5 root root 4.0K Aug 25 2019 live
but no new path for this domain. And the resultant written for the haproxy certificate
winds up 0 length, and it must be removed to restart the haproxy.
global
maxconn 4000
tune.ssl.default-dh-param 2048
log 127.0.0.1 local0
stats socket ipv4@127.0.0.1:9999 level admin
stats socket /var/run/haproxy/haproxy.sock mode 666 level admin
stats timeout 10m
defaults
log global
maxconn 8000
option redispatch
retries 3
stats enable
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
frontend http_proxy
bind 172.17.0.2:80
acl letsencrypt-acl path_beg -i /.well-known\/acme-challenge/
<snip>
mode http
option httplog
option forwardfor
use_backend letsencrypt if letsencrypt-acl
backend letsencrypt
mode http
# server letsencrypt_node_01 192.168.51.121:8888
server letsencrypt_node_02 209.195.11.75:8888
timeout connect 1h
timeout server 1h
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.