Jump to content

Issue with getting an LE SSL Cert for a proxy to a docker service

Master Disaster
 Share
Posted

I recently dockerised much of my homelab but now I've hit a bit of an issue.

 

I have Portainer running in Docker then an Apache Virtual Server acting as a port based proxy, I can access portainer perfectly.

 

When I try to get an SSL cert from LE it fails, I expected the file based challenge to fail since a proxy has no wwwroot but the DNS based challenge also fails and I have no idea why, there's no real error other than "DNS based acmechallenge failed, make sure the DNS A record is pointing to the correct IP".

 

Anyone got any ideas?

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

How are you trying to get the certificate?

certbot has integration with nginx so reads the config files and does its magic even on simple port redirects, maybe there's something similar with apache...

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, Kilrah said:

How are you trying to get the certificate?

certbot has integration with nginx so reads the config files and does its magic even on simple port redirects, maybe there's something similar with apache...

I think I have solved the issue but cannot actually test the fix yet, it now says I've failed to many attempts 😄

 

It was the way I had my DNS servers setup, I was using CNAME on my web domain to forward subdomains to the main domain. I believe I have solved it by removing the CNAME subs and instead doing a full A records.

 

I'm using virtualmin and its running BIND locally, what I think was happening is LE was adding the challenge to my local DNS server but since my web domain was linking everything back to the main domain it wasn't seeing the changes on my local DNS for the sub.

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×