Http Challenge with own dns records

stimts · September 29, 2020, 8:28pm

Hi,

after endless searching in the web for a solution I finally have to ask for help.

I try to setup a nextcloud with traefik and I stuck at the http challange. I can and will provide more information about my setup but I try to spare you if possible.

My error I get:

Unable to obtain ACME certificate for domains \"mySubDomain.myDomain.io\": unable to generate a certificate for the domains [mySubDomain.myDomain.io]: error: one or more domains had a problem:\n[mySubDomain.myDomain.io] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://mySubDomain.myDomain.io/.well-known/acme-challenge/wuFJqo_-cgqLlXrtIpGO1mb6pqpYBaZC_2LNcIWgPNM: Timeout during connect (likely firewall problem), url: \n" routerName=nextcloud-app-secure@docker rule="Host(`mySubDomain.myDomain.io`)" providerName=http.acme

As background information:
Firewall

Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere                  
433/tcp                    ALLOW       Anywhere                  
80/tcp (v6)                ALLOW       Anywhere (v6)             
433/tcp (v6)               ALLOW       Anywhere (v6)

Fritzbox Router
Portforwarding for 80/tcp and 433/tcp as wall as ipv4 and ipv6

DNS Records

mySubdomain             300 IN A my.ip

Now I don't know what I can do to get it work. Please tell me if you need more informations about my setup.

zespri · September 30, 2020, 7:09am

You need to make sure that the request to http://mySubDomain.myDomain.io ends up on your traefik instance. It looks like currently it does not.

stimts · September 30, 2020, 8:35am

It should. Where do I find logs of traefik about incomming requests?

cakiwi · September 30, 2020, 11:28am

https://letsdebug.net is a great resource for helping identify LetsEncrypt issues.

Tuning the traefik logging to info or debug will show requests related to letsencrypt. But as the error indicates, its not getting any challenge request so you won't see anything.

More generically turn on traefik's access log to see http requests.

stimts · September 30, 2020, 12:08pm

I solved it. Finally. It was a problem with the portforwarding of the fritzbox even it was setup correctly. According to this Link I removed old devices out of the network list and created the forwarding rules new. Now everything is fine

stimts · September 30, 2020, 12:09pm

@zespri and @cakiwi thanks for your support.

system · October 3, 2020, 12:09pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik + letsencrypt using example fails to generate ceritifcate Traefik v2 docker , letsencrypt-acme	3	1192	June 5, 2021
Lets encrypt dns challenge via traefik docker compose (problem only on arch) Traefik v2 letsencrypt-acme	6	2898	May 28, 2023
Let's Encrypt HTTP Challenge is failing for reasons I don't understand Traefik v2 letsencrypt-acme	1	558	September 4, 2019
ACME error 400 with TLS challenge but not with HTTP challenge in Docker Swarm Traefik v2 letsencrypt-acme	0	1158	May 11, 2020
Unable to obtain ACME certificate despite setting challenge Traefik v1 docker , letsencrypt-acme	1	4774	July 18, 2019

Http Challenge with own dns records

Related topics