error with letsencrypt? Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
lightsout
Posts: 23
Joined: Sat Feb 20, 2021 12:02 am

error with letsencrypt?

Post by lightsout »

I am messing with dietpi in a VM with virtual box on a windows machine. I keep getting this error when trying to get an ssl cert.

The machine has an internet connection I can't load a web page just fine.

Image

Got this running apt upgrade

Image
User avatar
Joulinar
Posts: 4249
Joined: Sat Nov 16, 2019 12:49 am

Re: error with letsencrypt?

Post by Joulinar »

Hi,

there seems to be an issue for apt reading actual status file. Might be it got corrupted. Let's try following

Code: Select all

/boot/dietpi/func/dietpi-set_software apt-cache clean
apt update

BTW: if possible, pls connect using SSH and try to copy/past the error message. It's more easier than creating screen shots. ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
lightsout
Posts: 23
Joined: Sat Feb 20, 2021 12:02 am

Re: error with letsencrypt?

Post by lightsout »

Ok thank you that worked, I am now getting a new error. I have a free domain with no-ip, I am unable to connect to nextcloud with that domain from an external network, so the domain appears to be working. I have forwarded 80 and 443 on the internal ip of the dietpi install.

But I keep getting this.

Code: Select all

[  OK  ] DietPi-LetsEncrypt | Lighttpd webserver detected
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
[FAILED] Certbot failed with error code (1), please check its terminal output. Aborting...
EDIT### Hmmm, looks like it may be because I am using a super common domain from no-ip that they are preventing it from working.
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: error with letsencrypt?

Post by MichaIng »

You hit the Let's Encrypt rate limit. I think you need to wait for an hour before you can retry. Then try once only and on case paste the error message here.
lightsout
Posts: 23
Joined: Sat Feb 20, 2021 12:02 am

Re: error with letsencrypt?

Post by lightsout »

I tried a different domain, prefer this one anyways. Here is what is happening. Just to be clear I am running the no-ip exe on the host windows machine with two domains that go to my home ip.I had dietpi running on an SBC, it was setup with SSL and I could access it from the domain. I have that shut down so that it doesn't interfere with what I am trying to do here. I am now getting this error.

IMPORTANT NOTES:
- The following errors were reported by the server:

Code: Select all

   Domain: xxxxxxxxxx
   Type:   connection
   Detail: Fetching
   http://xxxxxxxx/.well-known/acme-challenge/WABWCOLFCoVhybIRmzODJdmA-0vShuVmJqTivKvylaw:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
[FAILED] Certbot failed with error code (1), please check its terminal output. Aborting...
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: error with letsencrypt?

Post by MichaIng »

If you manually place a file at that location, e.g. /var/www/.well-known/acme-challenge/test, can you open it in a browser from outside of your LAN? The ACME server is doing exactly that :?.
lightsout
Posts: 23
Joined: Sat Feb 20, 2021 12:02 am

Re: error with letsencrypt?

Post by lightsout »

Negative. If I try with a local ip I get 403 forbidden. But I can access nextcloud over local ip.

Anything special in virtualbox I need to worry about?
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: error with letsencrypt?

Post by MichaIng »

But you created that file, right?
When you use a bridged network for the VM it should behave exactly like any other physical host attached to the metal l network. The functional access to Nextcloud basically verifies this.

Can you create a test file in the webroot, e.g. /var/www/test and try to access it via <IP>/test, if that works /var/www/.well-known/test? If the files definitely exist but you get a 403, then some non-default Lighttpd setting is blocking it at some point, so let's see where this is the case.
lightsout
Posts: 23
Joined: Sat Feb 20, 2021 12:02 am

Re: error with letsencrypt?

Post by lightsout »

MichaIng wrote: Sat Mar 20, 2021 6:00 pm But you created that file, right?
When you use a bridged network for the VM it should behave exactly like any other physical host attached to the metal l network. The functional access to Nextcloud basically verifies this.

Can you create a test file in the webroot, e.g. /var/www/test and try to access it via <IP>/test, if that works /var/www/.well-known/test? If the files definitely exist but you get a 403, then some non-default Lighttpd setting is blocking it at some point, so let's see where this is the case.
192.168.1.12/test = 403 forbidden
192.168.1.12/test/frog.jpg = 404 not found

And just to make sure we're on the same page here.

Image
User avatar
MichaIng
Site Admin
Posts: 2783
Joined: Sat Nov 18, 2017 6:21 pm

Re: error with letsencrypt?

Post by MichaIng »

But the file has a capital F, while you entered the URL with lower case f, isn't it? :)
When you create an index.html in the test dir, accessing the dir should work as well. Although directory indexing sound be enabled by default add well.

But please try with the .well-known/acme-challenge dir, so that we test the extract access the ACME server does.

Did you install any other web application aside of Nextcloud?
Post Reply