[QUESTION] follow the youtube tutorial and the ssl test fail and log does not give a lot of info #319
-
Hello, Follow the installation on youtube the same versions and could not run the SSL test successfully. jrcs/letsencrypt-nginx-proxy-companion I ran and ran the logs. I check the jrcs/letsencrypt-nginx-proxy-companion and apparently is a legacy registry, I do not know if that is the cause? Do you mind help me find out why is the test unsuccessfully ? This is the end of the log. Info: running acme-companion version v2.1.0 and the log stop there I also tried the the version 2.0 for jrcs/letsencrypt-nginx-proxy-companion |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 4 replies
-
I found out it was the ufw firewall that was get in the wat of the communication between the containers. I follow this https://github.com/chaifeng/ufw-docker and manage the docker containers to be able to talk with each other. I disable the ufw and manage to get the SSL certification without problems. however, when I use the ufw, I am getting the following problem:
I replaced domain with my real one Not sure how to config it correctly :( maybe the container letsencrypt-auto needs an external door for verifying? I am allowing incoming traffic on 80 and 443. not sure how to proceed from here. |
Beta Was this translation helpful? Give feedback.
-
Hello @Victorhpinheiro! If you are planning on using this repo (I did a quick look at it) you must really know what you are doing and understand IpTables which you probably do, if you got this far. If all settings are correct using this ufw-docker, you should face no trouble to issue your certificate. The Lets Encrypt service uses port 80 and 443 to check the veracity of your domain and issue the ssl. I myself just use regular docker network once my clients only access through ftp and ssh using a bastion ssh container I put it together, so, even if they share the same docker network, the comunication between app/site's container is done by ssh keys and won't have access to each other. For large server/clients or agencies I use it's own servers so, no worries that much about this access. One last thing I do for security is to hide all IP addresses (at least the most possible) using CloudFlare services... and some more other stuff. Hope it helped in some way. Cheers! |
Beta Was this translation helpful? Give feedback.
-
Hello, Evert! I have tested again your nginx proxy automation by selecting the newest versions. Now I am getting errors with the Let's Encrypt. For example, I have installed the proxy automation and the Docker Wordpress package of your repositories. Now the wordpress website is not displaying because from the logs of the letsencrypt-auto container I see the following:
And from the side of the Docker Wordpress site container I get the following error:
Do you know how to overcome this? |
Beta Was this translation helpful? Give feedback.
Hello @Victorhpinheiro!
If you are planning on using this repo (I did a quick look at it) you must really know what you are doing and understand IpTables which you probably do, if you got this far. If all settings are correct using this ufw-docker, you should face no trouble to issue your certificate. The Lets Encrypt service uses port 80 and 443 to check the veracity of your domain and issue the ssl.
I myself just use regular docker network once my clients only access through ftp and ssh using a bastion ssh container I put it together, so, even if they share the same docker network, the comunication between app/site's container is done by ssh keys and won't have access to each other. For…