Linuxserver/letsencrypt possible port forwarding issue

General
1

I’m trying to get linuxserver/letsencrypt working.
I was not able to use 80/443 as they was already in use so I used 8080 /444

docker run -d \
     --name=lets-encrypt \
     --cap-add=NET_ADMIN \
     --restart always \
     --net=iotvlan \
	 --ip=192.168.3.48 \
     -v /home/pi/homeassistant/ssl/config:/config \
     -e EMAIL=myemail \
     -e URL=mydomain \
     -e VALIDATION=http \
     -e PUID=1000 \
     -e PGID=1000 \
     -e TZ=Europe/Dublin \
     -p 8080:80 \
     -p 444:443 \
       linuxserver/letsencrypt

now the issue might be with the port fowarding.
first the docker is running in a another VLAN using macvlan and specific IP

so I forwarded 80 to Docker IP (and not the one its get from the gateway’s DHCP) to 8080
and same 443 > Docker IP > 444

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

[s6-init] ensuring user provided files have correct perms...exited 0.

[fix-attrs.d] applying ownership & permissions fixes...

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] 01-envfile: executing... 

[cont-init.d] 01-envfile: exited 0.

[cont-init.d] 10-adduser: executing... 


-------------------------------------

          _         ()

         | |  ___   _    __

         | | / __| | |  /  \ 

         | | \__ \ | | | () |

         |_| |___/ |_|  \__/



Brought to you by linuxserver.io

-------------------------------------


To support the app dev(s) visit:

Certbot: https://supporters.eff.org/donate/support-work-on-certbot


To support LSIO projects visit:

https://www.linuxserver.io/donate/

-------------------------------------

GID/UID

-------------------------------------


User uid:    1000

User gid:    1000

-------------------------------------


[cont-init.d] 10-adduser: exited 0.

[cont-init.d] 20-config: executing... 

[cont-init.d] 20-config: exited 0.

[cont-init.d] 30-keygen: executing... 

using keys found in /config/keys

[cont-init.d] 30-keygen: exited 0.

[cont-init.d] 50-config: executing... 

Variables set:


0


0

TZ=Europe/Dublin

URL=domain.fr

SUBDOMAINS=

EXTRA_DOMAINS=

ONLY_SUBDOMAINS=false

VALIDATION=http

DNSPLUGIN=

EMAIL=mymail@domain,fr

STAGING=


No subdomains defined

E-mail address entered: mymail@domain,fr

http validation is selected

nerating new certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for mydomain.fr

Waiting for verification...

Challenge failed for domain mydomain.fr

http-01 challenge for mydomain.fr

Cleaning up challenges

Some challenges have failed.

IMPORTANT NOTES:

 - The following errors were reported by the server:


   Domain: kevin75.fr

   Type:   dns

   Detail: No valid IP addresses found for mydomain.fr

 - Your account credentials have been saved in your Certbot

   configuration directory at /etc/letsencrypt. You should make a

   secure backup of this folder now. This configuration directory will

   also contain certificates and private keys obtained by Certbot so

   making regular backups of this folder is ideal.

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
2

Check your dns settings: No valid IP addresses found for mydomain.fr

1 Like
3

Check and confirm your dns records here: https://dnschecker.org/

1 Like
4

I realise the issue , my setting was “e URL=mydomain.com” instead of my dyndns.mydomain.com,
I changed the settings and have a new error, which is probably a firewall issue with UNIFI (my gatway)
however I though settings port forwarding would created the firewall rules automatically

PS: is that ok to use the sub domain in URL or should I use only the domain (even-though it’s doesn’t point to my IP) and then my subdomain after?

URL=sub.domain.fr

SUBDOMAINS=

EXTRA_DOMAINS=

ONLY_SUBDOMAINS=false

VALIDATION=http

DNSPLUGIN=

EMAIL=my@domain.fr

STAGING=


No subdomains defined


http validation is selected

Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created

nerating new certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for sub.domain.fr

Waiting for verification...

Challenge failed for domain sub.domain.fr

http-01 challenge for sub.domain.fr

Cleaning up challenges

Some challenges have failed.

IMPORTANT NOTES:

 - The following errors were reported by the server:


   Domain: sub.domain.fr

   Type:   connection

   Detail: Fetching

   http://sub.domain.fr/.well-known/acme-challenge/G9F9gd9900HHDFK778sfVHHKSF88990Sgsg8:

   Connection refused


   To fix these errors, please make sure that your domain name was

   entered correctly and the DNS A/AAAA record(s) for that domain

   contain(s) the right IP address. Additionally, please check that

   your computer has a publicly routable IP address and that no

   firewalls are preventing the server from communicating with the

   client. If you're using the webroot plugin, you should also verify

   that you are serving files from the webroot path you provided.

 - Your account credentials have been saved in your Certbot

   configuration directory at /etc/letsencrypt. You should make a

   secure backup of this folder now. This configuration directory will

   also contain certificates and private keys obtained by Certbot so

   making regular backups of this folder is ideal.

ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Tried with the main domain and sub domain but same issue

5

For port issues, make sure you set STAGING=true before you keep trying further, or you’ll get throttled.

Then see here: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/