2 Subdomains via Reserve Proxy auf gleichen Server zu verschiedenen Docker Containern

Log1X

Profi
Thread Starter
Mitglied seit
24.10.2021
Beiträge
35
Moin zusammen,

ich hoffe hier bin ich richtig.

Ich habe dazu einige Guids gefunden... Jedoch hat bis jetzt noch nichts funktioniert.


Ich habe einen Server, wo 2 verschiedene Docker laufen. Einmal Gitlab auf Port 8080
und Nextcloud auf Port 8081. (Beides interne Ports)

Zudem habe ich eine Domain, die auf den Server pointed.

Ich habe zu dieser Domain zudem noch 2 Subdomains eingerichtet.

gitlab.domain.de

und

nextcloud.domain.de

die Subdomains habe ich ebenfalls auf den gleichen Server geleitet.


Ich würde gerne erreichen, dass wenn ich gitlab.domain.de suche, dass ich automatisch zu dem Container mit dem Port 8080 geleitet werde.
und das gleiche natürlich auch mit nextcloud.domain.de auf Port 8081.

Dazu brauche ich einen Reserve Proxy.
Ich habe es bereits mit Nginx versucht... jedoch ohne Erfolg.

Hat einer von euch da eine Lösung? Über Nginx wäre natürlich cool.
Aber wenn ihr es für einen anderen Reserve Proxy wisst würde ich mich darüber ebenfalls freuen.




Also nochmal kurz zusammen gefasst.


gitlab.domain.de > 8080
nextcloud.domain > 8081



Über Hilfe würde ich mich echt freuen.

Danke schonmal
 
Wenn Du diese Anzeige nicht sehen willst, registriere Dich und/oder logge Dich ein.
Und was genau ist nun der Fehler/das Problem?

Im nginx, traefik oder jeden beliebigen Reverse Proxy entsprechend weiterleiten:
gitlab.domain.de > interneIP:8080
nextcloud.domain > interneIP:8081
 
Und was genau ist nun der Fehler/das Problem?

Im nginx, traefik oder jeden beliebigen Reverse Proxy entsprechend weiterleiten:
gitlab.domain.de > interneIP:8080
nextcloud.domain > interneIP:8081
Ich würde gerne wissen, wie man das beispielsweise mit nginx oder traefik genau umsetzt. Welche Konfigurationen wie angepasst werden müssen damit die Weiterleitung von den Subdomains auf interne Ports funktioniert.
 
gitlab.domain.de > 8080
nextcloud.domain > 8081
Dann leg das doch einfach so an? Wenn du eh schon Docker am laufen hast kannst du da ja auch gleich den Nginx Proxy-Manager anbinden. Links ist die aufgerufene Domain und rechts das Ziel...

1689770181838.png


Bei dir halt dann gitlab.domain.de auf dockerhost:8080 und nextcloud.domain auf dockerhost:8081
 
So würde ich die config in NGINX machen.
Je nachdem auf welcher Basis du arbeitest brauchst du vielleicht noch ein "include /etc/nginx/sites-enabled/*;" in der nginx.conf
upstream gitlab {
server interneip:8080;
keepalive 120;
}

server {
listen 443 ssl http2;
listen 443 quic;
listen [::]:443 ssl http2;
listen [::]:443 quic;
add_header Alt-Svc 'h3=":443"; ma=86400' always;
server_name gitlab.domain.de;

##cert
#ECC
ssl_certificate /var/acme/xxx_ecc/fullchain.cer;
ssl_certificate_key /var/acme/xxx_ecc/xxx.key;
#RSA
ssl_certificate /var/acme/xxx/fullchain.cer;
ssl_certificate_key /var/acme/xxx/xxx.key;

##Header
#HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
#No Searchengine Index
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;

##OCSP settings
ssl_stapling on;
ssl_stapling_verify on;

location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for';
proxy_pass http://gitlab;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_redirect off;
proxy_buffering off;
}
}
upstream nextcloud {
server interneip:8081;
keepalive 120;
}

server {
listen 443 ssl http2;
listen 443 quic;
listen [::]:443 ssl http2;
listen [::]:443 quic;
add_header Alt-Svc 'h3=":443"; ma=86400' always;
server_name gitlab.domain.de;

##cert
#ECC
ssl_certificate /var/acme/xxx_ecc/fullchain.cer;
ssl_certificate_key /var/acme/xxx_ecc/xxx.key;
#RSA
ssl_certificate /var/acme/xxx/fullchain.cer;
ssl_certificate_key /var/acme/xxx/xxx.key;

##Header
#HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
#No Searchengine Index
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;

##OCSP settings
ssl_stapling on;
ssl_stapling_verify on;

location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For '$proxy_add_x_forwarded_for';
proxy_pass http://nextcloud;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_redirect off;
proxy_buffering off;
}
}
 
Ich habe es erstmal mit dem Nginx Reserve Proxy Manager versucht. Dieser läuft in einem Docker Container zusammen mit einer MariaDB Datenbank. Dann habe ich alles so eingerichtet das es funktionieren sollte.

1689788668415.png



Jedoch bekomme ich diesen Fehler.

1689788804500.png



Hat da wer schon Erfahrungen damit?
 
Für den Docker Container, in welchem der Proxy Manager läuft, dürfte 127.0.0.1 nicht die korrekte Zieladresse sein. Versuch mal stattdessen die Adresse des Hostsystems zu nutzen, oder die direkte der Dockercontainer
 
Ahhh, danke. Da hatte ich einen Denkfehler... Danke. Habe 1000 mal drauf geguckt und nicht gesehen...
Beitrag automatisch zusammengeführt:

Weiß einer von euch wie ich im Nginx Reserve Proxy Manager ein Strato Zertifikat implementieren kann?
 
Zuletzt bearbeitet:
Kommt drauf an wie Strato das ausliefert. Aber grundsätzlich erstmal mein Beileid. Hab bei mir alles über die Let’s Encrypt laufen, oder ist das n Wildcard? Wenn nein und das ist privater Kram, noch mehr mein Beileid, das von Strato war bestimmt nicht kostenlos
 
Das Strato Zertifikat war kostenlos. Würde jedoch jetzt gerne alles mit Let´s Encrypt verschlüsseln... jedoch bekomme ich über den Proxy Manager immer eine "internal error"

hier sind die Logs von dem Docker:

[7/20/2023] [2:13:13 PM] [Nginx ] › ℹ info Reloading Nginx
[7/20/2023] [2:13:18 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #6: gitlab.domain.de
[7/20/2023] [2:13:18 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "xxx@gmail.com" --preferred-challenges "dns,http" --domains "gitlab.domain.de"
[7/20/2023] [2:13:19 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_6.conf
[7/20/2023] [2:13:19 PM] [Nginx ] › ℹ info Reloading Nginx
[7/20/2023] [2:13:19 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-6" --agree-tos --authenticator webroot --email "xxx@gmail.com" --preferred-challenges "dns,http" --domains "gitlab.domain.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.


Ich habe es mit diesen Einstellungen versucht.


1689862702428.png




Kann mir da einer helfen?


Danke
 
Fehlermeldung lesen und verstehen und in einer Stunde noch mal probieren :)
 
Ich hab mir die Fehlermeldung nochmal angeguckt... Ja. Du hats recht. Habe ich überlesen.

Jedoch bekomme ich jetzt diesen Fehler...


das ist der Docker log:

[7/20/2023] [4:20:17 PM] [Nginx ] › ℹ info Reloading Nginx
[7/20/2023] [4:20:22 PM] [SSL ] › ℹ info Requesting Let'sEncrypt certificates for Cert #7: gitlab.domain.de
[7/20/2023] [4:20:22 PM] [SSL ] › ℹ info Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --agree-tos --authenticator webroot --email "xxx@gmail.com" --preferred-challenges "dns,http" --domains "gitlab.domain.de"
[7/20/2023] [4:20:25 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_7.conf
[7/20/2023] [4:20:25 PM] [Nginx ] › ℹ info Reloading Nginx
[7/20/2023] [4:20:25 PM] [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --agree-tos --authenticator webroot --email "xxx@gmail.com" --preferred-challenges "dns,http" --domains "gitlab.domain.de"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.



und hier der log von let´s encrypt:


2023-07-20 16:30:02,134:dEBUG:certbot._internal.main:certbot version: 2.5.0
2023-07-20 16:30:02,135:dEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-07-20 16:30:02,135:dEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-9', '--agree-tos', '--authenticator', 'webroot', '--email', 'xxx@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'gitlab.domain.de']
2023-07-20 16:30:02,135:dEBUG:certbot._internal.main:discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-07-20 16:30:02,149:dEBUG:certbot._internal.log:Root logging level set at 30
2023-07-20 16:30:02,150:dEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-07-20 16:30:02,153:dEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7faeea0a6fd0>
Prep: True
2023-07-20 16:30:02,153:dEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7faeea0a6fd0> and installer None
2023-07-20 16:30:02,153:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-07-20 16:30:02,177:dEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1216148837', new_authzr_uri=None, terms_of_service=None), 1dbab4fd97b8b94814bea25391fcebab, Meta(creation_dt=datetime.datetime(2023, 7, 20, 14, 0, 25, tzinfo=<UTC>), creation_host='8f55bdca7970', register_to_eff=None))>
2023-07-20 16:30:02,178:dEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-07-20 16:30:02,180:dEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-07-20 16:30:02,601:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-07-20 16:30:02,602:dEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 16:30:02 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"D5laZGjKUfc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-07-20 16:30:02,603:dEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for gitlab.domain.de
2023-07-20 16:30:02,609:dEBUG:acme.client:Requesting fresh nonce
2023-07-20 16:30:02,609:dEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-07-20 16:30:02,751:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-07-20 16:30:02,752:dEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 16:30:02 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853FtgPbMVmvqmf3YaF_fjU7fahi0NPSm9kQbyQgGn_dTz0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-07-20 16:30:02,752:dEBUG:acme.client:Storing nonce: 853FtgPbMVmvqmf3YaF_fjU7fahi0NPSm9kQbyQgGn_dTz0
2023-07-20 16:30:02,752:dEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "gitlab.domain.de"\n }\n ]\n}'
2023-07-20 16:30:02,754:dEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIxNjE0ODgzNyIsICJub25jZSI6ICI4NTNGdGdQYk1WbXZxbWYzWWFGX2ZqVTdmYWhpME5QU205a1FieVFnR25fZFR6MCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "TTZhGgRUoybTuTZRpvNrJ9qkz6VxAUN96bqNFMza3eG1Cxa1x_I2YZhciZ7GXdCGNpuN4M-T5pSuVc-LzbbvOFoYbnDRJMR6iNmLakNoaCh-AUxOCBvsMIhj1w5qWuinqKiCCzlxX4Xe6ceE07h4HtplQ5tPgyiPufKEMnDjp7ADI_vKopdTqadhgaE7s5oy1yhFcf9EIeggH2KAcVANRRiJqHaxS2Y4aKGIoh7hk4M0myp4Hbl59a3GHAlOWsIxAB4eRoxl-hAVPpMKRKhEw6phLcBCpINKOKV72hbswuI92GsY5wAX-4mkPDcq6KbwKUqsOIEvVLmE93rYpiDtTg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImdpdGxhYi50ZWNoYmxhemUuZGUiCiAgICB9CiAgXQp9"
}
2023-07-20 16:30:02,931:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 345
2023-07-20 16:30:02,932:dEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 20 Jul 2023 16:30:02 GMT
Content-Type: application/json
Content-Length: 345
Connection: keep-alive
Boulder-Requester: 1216148837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1216148837/196178140397
Replay-Nonce: 2712KCasdvOGBA71TclMQOXh7tN3IZJM8ZBkAQSOTELD5sE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2023-07-27T16:30:02Z",
"identifiers": [
{
"type": "dns",
"value": "gitlab.domain.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/247364224947"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1216148837/196178140397"
}
2023-07-20 16:30:02,932:dEBUG:acme.client:Storing nonce: 2712KCasdvOGBA71TclMQOXh7tN3IZJM8ZBkAQSOTELD5sE
2023-07-20 16:30:02,932:dEBUG:acme.client:JWS payload:
b''
2023-07-20 16:30:02,934:dEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247364224947:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIxNjE0ODgzNyIsICJub25jZSI6ICIyNzEyS0Nhc2R2T0dCQTcxVGNsTVFPWGg3dE4zSVpKTThaQmtBUVNPVEVMRDVzRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ3MzY0MjI0OTQ3In0",
"signature": "TR7HBBQU6Dmi_ikS5at4LBzWSMEpoRxULOsBO6mGGfiBfHSQU46QmRCb1PJFV0zgmOej5vX-YxWKIe4SKn98GczFqwnQsZUkp0XON_Ud7E1il_DgIPz1ioAtrO6w9MuEVIuJhnpyzuEB7G5m1MOEs1mfGvO1anWdwPyqIFN1dl6kOzceF2_xSTN_bT4AxPsdaqHdn4-OYFMUpqdUCvunPMB1zi_-RezsVkxR5No3baCT5gR5CLQAvgELMVSX-Vwfwju6PMVGGw_usaPFmwZq0l2wbfPxL9hVzlzAi286ofKWPT5EcRe60JadjT45Sr4z9WZ8Ze0DdGcNjA6ADKiifg",
"payload": ""
}
2023-07-20 16:30:03,077:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247364224947 HTTP/1.1" 200 803
2023-07-20 16:30:03,077:dEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 16:30:03 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 1216148837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712TwM-km-9z0UIXAusVIChUNRacMA6uKHsMpYr3JumDcM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "gitlab.domain.de"
},
"status": "pending",
"expires": "2023-07-27T16:30:02Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/Plia0Q",
"token": "JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/XtPb2g",
"token": "JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/W6ut4Q",
"token": "JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc"
}
]
}
2023-07-20 16:30:03,078:dEBUG:acme.client:Storing nonce: 2712TwM-km-9z0UIXAusVIChUNRacMA6uKHsMpYr3JumDcM
2023-07-20 16:30:03,078:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-07-20 16:30:03,078:INFO:certbot._internal.auth_handler:http-01 challenge for gitlab.domain.de
2023-07-20 16:30:03,079:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2023-07-20 16:30:03,079:dEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2023-07-20 16:30:03,081:dEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc
2023-07-20 16:30:03,083:dEBUG:acme.client:JWS payload:
b'{}'
2023-07-20 16:30:03,084:dEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/Plia0Q:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIxNjE0ODgzNyIsICJub25jZSI6ICIyNzEyVHdNLWttLTl6MFVJWEF1c1ZJQ2hVTlJhY01BNnVLSHNNcFlyM0p1bURjTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjQ3MzY0MjI0OTQ3L1BsaWEwUSJ9",
"signature": "vxYnGIwrPtHEs7ISTbu0MUwmAseiC0s_9oWKNjFJbNWQNfd4EWbtyF-cTCyrR-vcoMt31O322-0UlroEihRDmkVgU49CZ-oUf6iSXOB1AiC-Yb6zzgr7pi8VFonkgiesPiSPqjBRKlrRRKoyiTRVyo4v6e2ZOH4MDnerSRzNyomUghL_Txi0cN45UK9ZYXMOiuarf3hCfYJyKV4mffgvkqxZyiVVIU3_KY4LlWGhJu9heZNjW5ax3Oh_fkG78F83p1wqzkKfaY9Ng38g7-mH4MNlnYb6PxQmnlyPKMZi1lFIrthZp1IzWwSYUYKjVpCM-RCP4yrtgOB0blp4mNLaKw",
"payload": "e30"
}
2023-07-20 16:30:03,232:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/247364224947/Plia0Q HTTP/1.1" 200 187
2023-07-20 16:30:03,233:dEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 16:30:03 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1216148837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/247364224947>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/Plia0Q
Replay-Nonce: 2712xKnxNrZfBr5DxuaYWOlbaaHyfnHkXp3_6aFcoTFRXcc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/Plia0Q",
"token": "JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc"
}
2023-07-20 16:30:03,233:dEBUG:acme.client:Storing nonce: 2712xKnxNrZfBr5DxuaYWOlbaaHyfnHkXp3_6aFcoTFRXcc
2023-07-20 16:30:03,234:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-07-20 16:30:04,235:dEBUG:acme.client:JWS payload:
b''
2023-07-20 16:30:04,237:dEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/247364224947:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTIxNjE0ODgzNyIsICJub25jZSI6ICIyNzEyeEtueE5yWmZCcjVEeHVhWVdPbGJhYUh5Zm5Ia1hwM182YUZjb1RGUlhjYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjQ3MzY0MjI0OTQ3In0",
"signature": "yRW43CMZz-b6bsBIu14w9aRKbwuETYGY-J2d3RECUivnGR58uoBLloNgytq2pgUqEdyPYctfd2RovYzrEhwuKsUbW9SxqBSk4QW0xjMNkiuKgEUAVpqYpVusZgws0UhaAkohFVCWThzudNP_zRK0ZJPpUv7PxF906SKXsQIIgfuB-hoUIY7HfrqOwZlJFzHvkRLiVXpyahkr2CixlZlkcupkyC4Xp6weUwe9ep9qIS0-Vkab21ZTqqw6GS86d4aUYtzM65DeiyhQ9_kLH6zIPxk_bs9xBKy_rwGfATQ_oMA8JJBcUaykylaccgabbsXS19fr-vPA3dIHkFD4NCNzEw",
"payload": ""
}
2023-07-20 16:30:04,380:dEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/247364224947 HTTP/1.1" 200 1044
2023-07-20 16:30:04,381:dEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 20 Jul 2023 16:30:04 GMT
Content-Type: application/json
Content-Length: 1044
Connection: keep-alive
Boulder-Requester: 1216148837
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712bLg_oFWMAlk_Rt4ukCOnyloR9tZn3yGKDciqLZ36Ads
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "gitlab.domain.de"
},
"status": "invalid",
"expires": "2023-07-27T16:30:02Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "212.227.xx.xx: Invalid response from http://gitlab.domain.de/.well-known/acme-challenge/JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc: 502",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/247364224947/Plia0Q",
"token": "JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc",
"validationRecord": [
{
"url": "http://gitlab.domain.de/.well-known/acme-challenge/JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc",
"hostname": "gitlab.domain.de",
"port": "80",
"addressesResolved": [
"212.227.xx.xx"
],
"addressUsed": "212.227.xx.xx"
}
],
"validated": "2023-07-20T16:30:03Z"
}
]
}
2023-07-20 16:30:04,381:dEBUG:acme.client:Storing nonce: 2712bLg_oFWMAlk_Rt4ukCOnyloR9tZn3yGKDciqLZ36Ads
2023-07-20 16:30:04,381:INFO:certbot._internal.auth_handler:Challenge failed for domain gitlab.domain.de
2023-07-20 16:30:04,382:INFO:certbot._internal.auth_handler:http-01 challenge for gitlab.domain.de
2023-07-20 16:30:04,382:dEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: gitlab.domain.de
Type: unauthorized
Detail: 212.227.xx.xx: Invalid response from http://gitlab.domain.de/.well-known/acme-challenge/JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc: 502

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-07-20 16:30:04,382:dEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-07-20 16:30:04,382:dEBUG:certbot._internal.error_handler:Calling registered functions
2023-07-20 16:30:04,382:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-07-20 16:30:04,383:dEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/JyMzJfoSPJ-WsZeQYR14d6EU6MJ-1nZWCUl4nuV02tc
2023-07-20 16:30:04,383:dEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-07-20 16:30:04,383:dEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1864, in main
return config.func(config, plugins)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1597, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-07-20 16:30:04,384:ERROR:certbot._internal.log:Some challenges have failed.
 
Hardwareluxx setzt keine externen Werbe- und Tracking-Cookies ein. Auf unserer Webseite finden Sie nur noch Cookies nach berechtigtem Interesse (Art. 6 Abs. 1 Satz 1 lit. f DSGVO) oder eigene funktionelle Cookies. Durch die Nutzung unserer Webseite erklären Sie sich damit einverstanden, dass wir diese Cookies setzen. Mehr Informationen und Möglichkeiten zur Einstellung unserer Cookies finden Sie in unserer Datenschutzerklärung.


Zurück
Oben Unten refresh