You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello RADAR team. I've been having a bit of trouble with installation. I use an SSL certificate from ACM. Here is the following error I receive at the end of installation:
==> Requesting Let's Encrypt SSL certificate for digitalphenotypingmit.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for digitalphenotypingmit.com
Using the webroot path /data/letsencrypt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. digitalphenotypingmit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://digitalphenotypingmit.com/.well-known/acme-challenge/Cc8Cd4XD_xhPRwOMCp3l7oM2_SG7gInHHh1YV0DZav4 [54.159.14.8]: 503
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: digitalphenotypingmit.com
Type: unauthorized
Detail: Invalid response from
http://digitalphenotypingmit.com/.well-known/acme-challenge/Cc8Cd4XD_xhPRwOMCp3l7oM2_SG7gInHHh1YV0DZav4
[54.159.14.8]: 503
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Here is what I've learned from the letsencrypt forums:
First of all, the 503 error is due to the webserver not being up. So something is going wrong in the installation that is not properly setting up the webserver.
This may be due to failing health checks in my ELB. This is because my ELB marks my instance as unhealthy when there is no webserver, and since installation sets up both the webserver and certificate immediately after each other, my ELB is not fast enough to check its health, resulting in a 503 error by the time letsencrypt tries creating the certificate. My attempted solution: I temporarily set up an httpd web server so my ELB will think my instance is healthy. I then increased the health check to every 10 minutes (so it won't immediately go unhealthy). I then shut down the httpd server and start the installation. Unfortunately, instead of a 503 error, this gave me a 408 error.
Someone recommended me to not use letsencrypt and instead use AWS certificate manager. Now, I do have an Amazon certificate, but I don't see a config option for me to use it. Does anyone know if it's possible for me to use an Amazon certificate instead of letsencrypt, and how I would be able to do that?
The text was updated successfully, but these errors were encountered:
First of all, if the radar-docker stack is running behind a reverse proxy (httpd), then the lets encrypt of the radar-docker stack should not be used, instead httpd should be configured to have a valid certificate. You can use lets encrypt or AWS for that, whatever you prefer. To have this behaviour, set ENABLE_HTTPS=no in .env and forward to port 80 of the radar-docker stack. You will need to update etc/webserver/nginx.conf to match the etc/webserver/nginx.nossl.conf.template. If possible, you don't need to have httpd running but you can directly expose radar-docker nginx server to the internet.
If nginx is already directly connected to the internet, indeed the webserver needs to be running for the letsencrypt step. Since you're already at a long way through the installation, what you can do is set SELF_SIGNED_CERT=yes in .env, then run sudo bin/radar-cert-renew. Now change it back to SELF_SIGNED_CERT=no, run sudo bin/radar-docker up -d webserver and then run sudo bin/radar-cert-renew again.
Hello RADAR team. I've been having a bit of trouble with installation. I use an SSL certificate from ACM. Here is the following error I receive at the end of installation:
Here is what I've learned from the letsencrypt forums:
The text was updated successfully, but these errors were encountered: