Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Bug Report: worker-certificates generate SSL certificate failed #5617

Closed
2 tasks done
wilhantian opened this issue May 31, 2023 · 5 comments
Closed
2 tasks done
Labels
bug Something isn't working

Comments

@wilhantian
Copy link

👟 Reproduction steps

Preconditions:

  1. The appwrite has been installed correctly
  2. Properly configure the domain name my.domain.com

Run: docker compose exec appwrite ssl

worker-certificates logs:

Cannot renew domain (my.domain.com) on attempt no. 4 certificate: Failed to issue a certificate with message: Saving debug log to /var/log/letsencrypt/letsencrypt.lo

/var/log/letsencrypt/letsencrypt.lo:

2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-05-31 13:43:13,758:DEBUG:certbot._internal.main:Arguments: ['--webroot', '--noninteractive', '--agree-tos', '--email', '[email protected]', '--cert-name', '64774eef75c9e479c247', '-w', '/storage/certificates', '-d', 'my.domain.com']
2023-05-31 13:43:13,759:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-05-31 13:43:13,784:DEBUG:certbot._internal.log:Root logging level set at 30
2023-05-31 13:43:13,789:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-05-31 13:43:13,795:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fb84d006910>
Prep: True
2023-05-31 13:43:13,795:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fb84d006910> and installer None
2023-05-31 13:43:13,795:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-05-31 13:43:13,886:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-05-31 13:43:13,893:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-05-31 13:43:16,397:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-05-31 13:43:16,397:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:15 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "EJf8o9ZOweo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-05-31 13:43:16,398:DEBUG:acme.client:Requesting fresh nonce
2023-05-31 13:43:16,398:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-05-31 13:43:16,673:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-05-31 13:43:16,674:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:16 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 15C9wfTOGUJlnlUDahe1L11bJf2ArdE6JzosJl6pzhs_qC4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-05-31 13:43:16,675:DEBUG:acme.client:Storing nonce: 15C9wfTOGUJlnlUDahe1L11bJf2ArdE6JzosJl6pzhs_qC4
2023-05-31 13:43:16,675:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:[email protected]"\n  ],\n  "termsOfServiceAgreed": true\n}'
2023-05-31 13:43:16,679:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInd6eFVhOG52UlNOb0lsN2ZQcUhmbHU2cEJxd09PcmYwQWtiOXhPbEk0RnNYUURWckhWMVdIQS1sQVNYeV82UnRWMjh4MFBsR1pBR0Q1bE9lUXJ2NGgtdUVsSjdYYWtEeGhtMUR1VmtNVUFWbVNEWUtaMTlpZFg2WmppOVY1TkJtY1IzRkFLMXFsaFZubFlzREFCc3FPS1FZeHk3M3VidW10cjlaR0xybzJfUEx4bGhmamRzRXVuMmx0UDFrcUJUcFRHRzI0Nk5MUXdNaDhkSDZrM0wxTWQ5dVFEQlpYM0RaOHlUcU5LMFFYMU9NcUlMVllXOTRwOHBzU19PZVRYUHd3QmF6alZTNmZZcVJzSUZDNE5VM0JNZU5rZHR3WnRMWHAyWG0zTllCUEZhb3hIMFdVWVY5Uk1qbEZBSHdBNVA4YThBZTk1bF9TSTRLT096ZTFMVmdDdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiMTVDOXdmVE9HVUpsbmxVRGFoZTFMMTFiSmYyQXJkRTZKem9zSmw2cHpoc19xQzQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0In0",
  "signature": "Mpt8uPVWrvxS1wLeF3jYGid3a1Tn3vjqFGUug8JdFE652EVDQvWI-SKUH1f2Ro9cvVq9cJzilGDkwlVh6jqJ35fA7zxtRv_mDEOrA5lVeQoxagN-W54xiay4txB236Rcjw2WuPPMN9Po-_UdVxkcWGEJadlYV2vkqrIuDM6cVBLF3y5eLJ-8Sh7nH6nl2LsoOKuy4CAGS4XoTc5mt1ullHf9xVj9q8rB00KUX_JX0C91YdQFFBelj52H6AfEJhO1MLJADjqd3F_YsjUhcNCaTw7Gw9BaZN8j4H7BAPpSTmkAf1rHnJRSeuILCt28xCLPVjb9Up7IhHvCgYeN5-EtHA",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpjZXJ0c0BhcHB3cml0ZS5pbyIKICBdLAogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUKfQ"
}
2023-05-31 13:43:16,992:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 561
2023-05-31 13:43:16,993:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 31 May 2023 13:43:16 GMT
Content-Type: application/json
Content-Length: 561
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1136520607
Replay-Nonce: 15C9myFgzoGZr9hVHiMYdSXpDZgmRAodL-5TsmmT5FmR22Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "wzxUa8nvRSNoIl7fPqHflu6pBqwOOrf0Akb9xOlI4FsXQDVrHV1WHA-lASXy_6RtV28x0PlGZAGD5lOeQrv4h-uElJ7XakDxhm1DuVkMUAVmSDYKZ19idX6Zji9V5NBmcR3FAK1qlhVnlYsDABsqOKQYxy73ubumtr9ZGLro2_PLxlhfjdsEun2ltP1kqBTpTGG246NLQwMh8dH6k3L1Md9uQDBZX3DZ8yTqNK0QX1OMqILVYW94p8psS_OeTXPwwBazjVS6fYqRsIFC4NU3BMeNkdtwZtLXp2Xm3NYBPFaoxH0WUYV9RMjlFAHwA5P8a8Ae95l_SI4KOOze1LVgCw",
    "e": "AQAB"
  },
  "contact": [
    "mailto:[email protected]"
  ],
  "initialIp": "182.92.176.221",
  "createdAt": "2023-05-31T13:43:16.825377872Z",
  "status": "valid"
}
2023-05-31 13:43:16,993:DEBUG:acme.client:Storing nonce: 15C9myFgzoGZr9hVHiMYdSXpDZgmRAodL-5TsmmT5FmR22Y
2023-05-31 13:43:16,997:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2023-05-31 13:43:16,997:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fb84d0034c0>)>), contact=('mailto:[email protected]',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1136520607', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'), 5c0ec3a18fcb3cbb994534dc787dd082, Meta(creation_dt=datetime.datetime(2023, 5, 31, 13, 43, 16, tzinfo=<UTC>), creation_host='318b73835b42', register_to_eff=None))>
2023-05-31 13:43:16,998:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for my.domain.com
2023-05-31 13:43:17,105:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
2023-05-31 13:43:17,129:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2023-05-31 13:43:17,131:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "my.domain.com"\n    }\n  ]\n}'
2023-05-31 13:43:17,134:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxNUM5bXlGZ3pvR1pyOWhWSGlNWWRTWHBEWmdtUkFvZEwtNVRzbW1UNUZtUjIyWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "TLiEL0z75Keid-9VTTDCd-Zk_2WpBnqCOJAVQHTY7-lEf98bEq4hJ83klApJBzSlPh2zLO4SuDvWkgwiebitEB2qi5tutnSrycL6bqr9gyE-2qu1qwi8KcZdWtBzP2bbwH-qC-YhJMeLFUN_4Po4QJ2EN9IiQ_xXHu7SMKr6FOoTSigUj-fYW5Q9iodFGtM_lyGk7scxva8vo4ZafO9858UW4HTdC6u6nE5mtehwmpKZbKfWtl36t-doVCrCyk4jpoA_UyHsC9xGPh7ptBhikD2CaeamKkA6gQzsrTkR8AEI7Wexy7hp-Dm1LIHyfHg92v9Y11I_J4BE6qg9a4E00g",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFwcC5pb3Jlc3QuY29tIgogICAgfQogIF0KfQ"
}
2023-05-31 13:43:17,980:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 340
2023-05-31 13:43:17,982:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 31 May 2023 13:43:17 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1136520607/185676526967
Replay-Nonce: 15C9-PdEgtw6hNiw-cyxJwBKqQK2E5INDhjFAKN-PY-uf2g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-06-07T13:43:17Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "my.domain.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1136520607/185676526967"
}
2023-05-31 13:43:17,982:DEBUG:acme.client:Storing nonce: 15C9-PdEgtw6hNiw-cyxJwBKqQK2E5INDhjFAKN-PY-uf2g
2023-05-31 13:43:17,983:DEBUG:acme.client:JWS payload:
b''
2023-05-31 13:43:17,985:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxNUM5LVBkRWd0dzZoTml3LWN5eEp3QktxUUsyRTVJTkRoakZBS04tUFktdWYyZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjMyNzAyNjQ4NjI3In0",
  "signature": "hNSNmTS8mCdQnfOx_UZYuRY1T28Rqaa6bnpMILafs2d2NmcbaK9HKhGqBBFUHcBEc44zvu0_jWeL34PZCU4T7OnTjGKOF-Zc_1CxcSpDQfPhmyj8T5Goo4VbDIpGIpdFHLfA581FT3KOta1iyzDh5g3jUTBU7eCI41_MWjFk7iKxXKhsVUXqkp48xEglUibWLMP1ZpHbGJbnPxOnNRDG6YSsUijGn28SeH1agtjKCdO-ap7gjSMBmrRQF1vQWgPHF740yTalEqMcC_Wk24dlmjJuFm9fvYSQ9A-u-kvyOCx5Iji1wyCgArdLiGM_DYYPil5GH9WNBJ58Mup8qOYACQ",
  "payload": ""
}
2023-05-31 13:43:18,265:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/232702648627 HTTP/1.1" 200 798
2023-05-31 13:43:18,267:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:18 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADRDlZ7p6V6MH_FKe11yujAUp9DJx5P2I6lvgqXkPy5zM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.domain.com"
  },
  "status": "pending",
  "expires": "2023-06-07T13:43:17Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
      "token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/uvRTRQ",
      "token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/gpWVKg",
      "token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
    }
  ]
}
2023-05-31 13:43:18,267:DEBUG:acme.client:Storing nonce: 1AADRDlZ7p6V6MH_FKe11yujAUp9DJx5P2I6lvgqXkPy5zM
2023-05-31 13:43:18,268:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-05-31 13:43:18,269:INFO:certbot._internal.auth_handler:http-01 challenge for my.domain.com
2023-05-31 13:43:18,269:INFO:certbot._internal.plugins.webroot:Using the webroot path /storage/certificates for all unmatched domains.
2023-05-31 13:43:18,269:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /storage/certificates/.well-known/acme-challenge
2023-05-31 13:43:18,272:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /storage/certificates/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc
2023-05-31 13:43:18,273:DEBUG:acme.client:JWS payload:
b'{}'
2023-05-31 13:43:18,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxQUFEUkRsWjdwNlY2TUhfRktlMTF5dWpBVXA5REp4NVAySTZsdmdxWGtQeTV6TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjMyNzAyNjQ4NjI3L194dEs4QSJ9",
  "signature": "STjuVPL9UNjp9uPVx7Vv3-5eEU_3Aew__g5iPYfR6LX5sJnEMtiyU9BIaix6w6q6fZ-VxXBf5w_2TMabM25WiyhDCMzcUdfxt1yF9IrKqtDdFPxhL18g9w_eSiFT4k5g535hcIA-QbUST67rI_6gJOhw2FFQa2x1HGVOZCjeBHNO2nnJWPHoCcBt5dkpu3gZvs7kOD-GLHS6auM7brvjFgr0GdnCoocdaxqsgTXOJT8nMEJI4ShzlfKT-VicKpsG_4f7Dtut1nWd6sGeRqtV9wdYuMHdBXcKVJl-olr7ktOdbMajRM9KHamzUmZBJOP_oWDK93bQTK7M8QShIoP69A",
  "payload": "e30"
}
2023-05-31 13:43:18,561:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/232702648627/_xtK8A HTTP/1.1" 200 187
2023-05-31 13:43:18,562:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:18 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A
Replay-Nonce: 1AADUGuPAuRO6tbET0D2dr6GvdFXHQHiOJVpqqZ_bPSkEO4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
  "token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc"
}
2023-05-31 13:43:18,563:DEBUG:acme.client:Storing nonce: 1AADUGuPAuRO6tbET0D2dr6GvdFXHQHiOJVpqqZ_bPSkEO4
2023-05-31 13:43:18,563:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-05-31 13:43:19,565:DEBUG:acme.client:JWS payload:
b''
2023-05-31 13:43:19,567:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/232702648627:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNjUyMDYwNyIsICJub25jZSI6ICIxQUFEVUd1UEF1Uk82dGJFVDBEMmRyNkd2ZEZYSFFIaU9KVnBxcVpfYlBTa0VPNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjMyNzAyNjQ4NjI3In0",
  "signature": "DuCwzvbExHIeD52hXvbKGot3_AyDy9PPhMrCn3f2E9e2eYgLHBKZ3iMK3jKWOsGtgN3xjp_RXdWY8pEMqrUGgNU52awf1Vdd22bn_c5uhSWNsbjR5q96o5Ube0IXglVRge44tQsdSNisw7LPUdpnIhnXbMIpCYrtedVehRsxv4bSCO3vgAsg8HgRbbtbaakY3DYmTYa_-oWkUhStUX8-cN_z0ZSFKtD1-fys1O5GTP7z6hbP6k_mhNF0yuhWbdJ2dgJ6FrR6MuTXy42F7MEkmW_hs93LBSveATsaCpkKSJISECa6t7nTkgKM6q3VM1QVEVJBXBSEVUqUax0e81Xlvw",
  "payload": ""
}
2023-05-31 13:43:19,847:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/232702648627 HTTP/1.1" 200 1027
2023-05-31 13:43:19,848:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 31 May 2023 13:43:19 GMT
Content-Type: application/json
Content-Length: 1027
Connection: keep-alive
Boulder-Requester: 1136520607
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1AADqu236d9F6Uw5N2U_W3AvXGg2DE6YAK22_J4WZEEAY4g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my.domain.com"
  },
  "status": "invalid",
  "expires": "2023-06-07T13:43:17Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "182.92.176.221: Invalid response from http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/232702648627/_xtK8A",
      "token": "Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc",
      "validationRecord": [
        {
          "url": "http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc",
          "hostname": "my.domain.com",
          "port": "80",
          "addressesResolved": [
            "182.92.176.221"
          ],
          "addressUsed": "182.92.176.221"
        }
      ],
      "validated": "2023-05-31T13:43:18Z"
    }
  ]
}
2023-05-31 13:43:19,848:DEBUG:acme.client:Storing nonce: 1AADqu236d9F6Uw5N2U_W3AvXGg2DE6YAK22_J4WZEEAY4g
2023-05-31 13:43:19,849:INFO:certbot._internal.auth_handler:Challenge failed for domain my.domain.com
2023-05-31 13:43:19,849:INFO:certbot._internal.auth_handler:http-01 challenge for my.domain.com
2023-05-31 13:43:19,849:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: my.domain.com
  Type:   unauthorized
  Detail: 182.92.176.221: Invalid response from http://my.domain.com/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-05-31 13:43:19,850:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-05-31 13:43:19,850:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-05-31 13:43:19,850:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-05-31 13:43:19,850:DEBUG:certbot._internal.plugins.webroot:Removing /storage/certificates/.well-known/acme-challenge/Rhso2S7e9D9JhGRxfAmVr9887-83K6z5XkmJflJVpMc
2023-05-31 13:43:19,851:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-05-31 13:43:19,851:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-05-31 13:43:19,853:ERROR:certbot._internal.log:Some challenges have failed.

👍 Expected behavior

Generate SSL certificate correctly

👎 Actual Behavior

SSL certificate not generated correctly

🎲 Appwrite version

Version 1.3.x

💻 Operating system

Linux

🧱 Your Environment

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

@wilhantian wilhantian added the bug Something isn't working label May 31, 2023
@wilhantian
Copy link
Author

I entered the appwrite worker certificates docker container and created the /storage/certificates/.well-know/acme-challenge/test file

then accessed http://my.domain.com/.well-known/acme-challenge/test

The browser displays {"message": "Not Found", "code": 404, "type": "general_route_not_found", "version": "1.3.5"}

@wilhantian
Copy link
Author

I seem to have found the problem.

Two days ago, the routing matching function of the Utopia framework was modified,
causing App::get('/.well-known/acme-challenge'), unable to process routing request for 'http://my.domain.com/.well-known/acme-challenge/test',

Change App::get('/.well-known/acme-challenge') to App::get('/.well-known/acme-challenge/:token') and it will work

@joeyouss
Copy link

joeyouss commented Jun 5, 2023

Hi
Thank you for opening this. Glad you found out the reason. Can you please close the issue if no more help is needed here?

@istornz
Copy link

istornz commented Jul 18, 2023

I seem to have found the problem.

Two days ago, the routing matching function of the Utopia framework was modified, causing App::get('/.well-known/acme-challenge'), unable to process routing request for 'http://my.domain.com/.well-known/acme-challenge/test',

Change App::get('/.well-known/acme-challenge') to App::get('/.well-known/acme-challenge/:token') and it will work

I think I had the same issue, where did you change that line ? Appwrite need an update with this ?

Thanks :)

@wilhantian
Copy link
Author

upgrade latest version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants