Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to sign <domain>, Error creating new order #350

Open
prince-juguilon-fgi opened this issue Jan 22, 2024 · 1 comment
Open

Failed to sign <domain>, Error creating new order #350

prince-juguilon-fgi opened this issue Jan 22, 2024 · 1 comment

Comments

@prince-juguilon-fgi
Copy link

Getting these logs in EC2. For context, I'm trying to self host Outline w/ docker and got everything working besides https-portal

https-portal-1  | ========================================
https-portal-1  | HTTPS-PORTAL v1.23.1
https-portal-1  | ========================================
https-portal-1  |
https-portal-1  | [cont-init.d] 00-welcome: exited 0.
https-portal-1  | [cont-init.d] 20-setup: executing...
https-portal-1  | ----------- BEGIN DOMAIN CONFIG -------------
https-portal-1  | name: wiki.<REDACTED>.com
https-portal-1  | stage: production
https-portal-1  | upstream: http://outline:3000
https-portal-1  | upstreams: [{:address=>"outline:3000", :parameters=>nil}]
https-portal-1  | upstream_proto: http://
https-portal-1  | redirect_target_url:
https-portal-1  | basic_auth_username:
https-portal-1  | basic_auth_password:
https-portal-1  | access_restriction:
https-portal-1  | -------- --- END DOMAIN CONFIG  -------------
https-portal-1  | DH parameters appear to be ok.
https-portal-1  | -----BEGIN DH PARAMETERS-----
https-portal-1  | MIIBCAKCAQEAn6qTbzo+6AlEUvqCG4zVxpXvm9L8WM/0arPJ3aLgFBtSPNJkJOh8
https-portal-1  | flTkaICQSNx9yOT9au+i0tiNv3AfneQ3K9WdOY+NZbTi4KC5WqCWplQsSKOff5dV
https-portal-1  | SFRfVc9KWoJcm67+liFxWnZRqbGJJJT52VEEB4Nq501u6KSJsbWTjwTUUy4xZ7gf
https-portal-1  | RHbeJo9hbjdPvV0tnah56xOezBgWejiHDyQNGSn30CWjoDZ2uXmyCuY8V7qf1lax
https-portal-1  | reItg9OpajH147YTpTUEHHOpWohB7yGnXGDQePLhf0mJs1ERgra4n8DRL8KDb0P7
https-portal-1  | etU87a3UPtx0jgoA6HcxyUawid8BNOlDGwIBAg==
https-portal-1  | -----END DH PARAMETERS-----
https-portal-1  | RSA key ok
https-portal-1  | [DEBUG] Starting Nginx, daemon mode = true
https-portal-1  | [DEBUG] ensure_signed
https-portal-1  | [DEBUG] create_ongoing_domain_key rsa for wiki.<REDACTED>.com
https-portal-1  | Generating RSA private key, 2048 bit long modulus (2 primes)
https-portal-1  | ....+++++
https-portal-1  | ..+++++
https-portal-1  | e is 65537 (0x010001)
https-portal-1  | [DEBUG] create_csr for wiki.<REDACTED>.com
https-portal-1  | Signing certificates from https://acme-v02.api.letsencrypt.org/directory ...
https-portal-1  | Parsing account key...
https-portal-1  | Parsing CSR...
https-portal-1  | Found domains: wiki.<REDACTED>.com
https-portal-1  | Getting directory...
https-portal-1  | Directory found!
https-portal-1  | Registering account...
https-portal-1  | Already registered!
utline-docker-https-portal-1  | Creating new order...
https-portal-1  | Traceback (most recent call last):
https-portal-1  |   File "/bin/acme_tiny", line 198, in <module>
https-portal-1  |     main(sys.argv[1:])
https-portal-1  |   File "/bin/acme_tiny", line 194, in main
https-portal-1  |     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args
.directory_url, contact=args.contact)
https-portal-1  |   File "/bin/acme_tiny", line 121, in get_crt
https-portal-1  |     order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
https-portal-1  |   File "/bin/acme_tiny", line 60, in _send_signed_request
https-portal-1  |     return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
https-portal-1  |   File "/bin/acme_tiny", line 46, in _do_request
https-portal-1  |     raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
https-portal-1  | ValueError: Error creating new order:
https-portal-1  | Url: https://acme-v02.api.letsencrypt.org/acme/new-order
https-portal-1  | Data: {"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJub25jZSI6ICJEZzE
3UzNlMVZuVV9NX3BkRGJBMHVQY3VnbG4wSVVmSFVlUVVJdmRNbUJoQVlFbFBVZlUiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUyODkzMTYzNiJ9", "payload": "eyJpZ
GVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogIndpa2kuZm9jdXNnbG9iYWxpbmMuY29tIn1dfQ", "signature": "dFjoyYAJqHNKf-d87cu7QJ6wyMuo8DhcLnkqwlpozdXboTbnuwL48Mx92iwNptH8YtnXHHO
GkOWbJnWylm33WlH8O5ptZtiLWrvSarUY51Z8yqzLjVmfPEuWOO8_RCV8okQ-1aLvfVFnIbbP7_brKKBzgoIxgCwxjNp6eHKGjf6H6vq2l7lzJk51zCARLlmzx5eUOysSNvWeifQVdYeH1rVDBDegFC9mZz8EGA7gij_2XMRq09U48WB_
ooedI6LKaRTg4S-VZJkxkZ11dI6yHogeAj5R7-PKf_fz7OJK4XfMn4B1gbDbQPRkNGDzYa5--QqFec0zyoRiWf538_XpPGK4nxg9c1SgxAWK707UKFGawgB0rLU-IEJIYvvnkyXiYRzr6CxKAKwHuzqkZBMEP8f11GAYTUXcpFxfizoyA
Q0PvcoYtUhjhpJvq2eYJPMrsJ-7RZuZFr5RiKm2scT_bHKep5lcJMJXKrvQMGcQMPKPipjnTXuzERGHEzYam9urz-OvneQPnGnk9fTOnGwV7J3HfOAO8fjLelFjvE6gQfEGStjxAc1OlcQdJI6_EqU5SfzKcX2qyZZsDfCKwb30RM-37v
svriGbr-nmcAdqXg-gHzTNJp0cHl9HXh19na-oxA8-lOqB58ibYEU_0llRJjFSH1Y3vQl_fW3B2QrWU7Y"}
https-portal-1  | Response Code: 429
https-portal-1  | Response: {u'status': 429, u'type': u'urn:ietf:params:acme:error:rateLimited', u'detail': u'Error creating new order :: too many failed authoriz
ations recently: see https://letsencrypt.org/docs/failed-validation-limit/'}
https-portal-1  | ================================================================================
https-portal-1  | Failed to sign wiki.<REDACTED>.com.
https-portal-1  | Make sure your DNS is configured correctly and is propagated to this host
https-portal-1  | machine. Sometimes that takes a while.
https-portal-1  | ================================================================================
https-portal-1  | Failed to obtain certs for wiki.<REDACTED>.com
https-portal-1  | [DEBUG] Fail and Shutdown
https-portal-1  | [cont-init.d] 20-setup: exited 1.
https-portal-1  | [cont-finish.d] executing container finish scripts...
https-portal-1  | [cont-finish.d] done.
https-portal-1  | [s6-finish] waiting for services.
https-portal-1  | [s6-finish] sending all processes the TERM signal.
https-portal-1  | [s6-finish] sending all processes the KILL signal and exiting.
https-portal-1 exited with code 0
https-portal-1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
https-portal-1  | [s6-init] ensuring user provided files have correct perms...exited 0.
https-portal-1  | [fix-attrs.d] applying ownership & permissions fixes...
https-portal-1  | [fix-attrs.d] done.
https-portal-1  | [cont-init.d] executing container initialization scripts...
https-portal-1  | [cont-init.d] 00-welcome: executing...

  • My docker-compose.yml file is the same as what Outine provides. but just running it in AWS EC2.

  • I've configured all the security groups for ports 80, 443, 22 both ipv4 and ipv6.

  • Was able to make it work with self signed certificates (not https-portal), But I would like to make it work with this image
@SteveLTN
Copy link
Owner

In my experience most of this is because misconfiguration of DNS. Have you configured wiki.<REDACTED>.com and make sure it resolves to the IP address of your machine?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SteveLTN @prince-juguilon-fgi