NooBody Posted May 16, 2020 Posted May 16, 2020 Hi Guys, I've been running Cloud C2 for a while now in the Azure cloud since I have a paid subscription. I've setup a VM with DNS alias from Azure to myserver.mycompany.com and opened all the relevant firewall ports from my ISP (limited for now). Running the service now using systemctl and works fine using 8080 however when I try https/443 and try to connect I get the following error - 2020/05/16 08:31:33 http: TLS handshake error from x.x.x.x:51597: acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx" for domain "myserver.mycompany.co.uk": no viable challenge type found Any ideas? Am thinking could be either IPv6, DNS or something Azure like casing the issues... As I've done mine specifically to a host rather than just the Domain as Darren did recently on the show - myserver.mycompany.co.uk. 1799 IN CNAME cloudc2server.somewhere.cloudapp.azure.com. cloudc2server.somewhere.cloudapp.azure.com. 9 IN A xx.xx.xx.xx Cheers Bob
Void-Byte Posted May 17, 2020 Posted May 17, 2020 Hey NooBody, Could you please run certbot manually and see if you can even request a certificate? If you can't then adjust your network settings.
NooBody Posted May 17, 2020 Author Posted May 17, 2020 Hi Void-Byte, Thanks for the quick response 🙂 So installed certbot and tested against my host.domain see below - ./certbot-auto certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Plugins selected: Authenticator webroot, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): myserver.mydomain.co.uk Obtaining a new certificate Performing the following challenges: http-01 challenge for my server.mydomain.co.uk Input the webroot for my server.mydomain.co.uk: (Enter 'c' to cancel): /tmp Waiting for verification... Challenge failed for domain my server.mydomain.co.uk http-01 challenge for my server.mydomain.co.uk Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: myserver.mydomain.co.uk Type: connection Detail: Fetching http://myserver.mydomain.co.uk/.well-known/acme-challenge/ec9VwCSkBLAHDEBLAHETC ETC: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. Now not sure if this is because I'm pointing directly to a server.domain rather that just a domain but didn't want to interfere with my company website... Also a couple of things on the potential firewall issue here 1. Is it really a firewall issue or more the fact the CloudC2 is using 8080 and not port 80 for the check? 2. Where is the check coming from Lets Encrypt or this machine I'm running it on? If so I may just need to open the FW range up from my ISP to LetsEncrypt or wider... Thanks for all your help with this! Regards B0b
Void-Byte Posted May 17, 2020 Posted May 17, 2020 Hey NooBody, Certbot requires either port 443 or 80 to verify the challenge. I'd recommend opening 80 to get your cert put back.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.