| [10:04:31] | * realityloop has quit (Quit: Leaving..) |
| [10:08:13] | * ybabel has quit (Ping timeout: 268 seconds) |
| [11:03:48] | * gusaus has quit (Quit: gusaus) |
| [17:20:02] | * reaper013 has joined #aegir |
| [17:35:56] | * ybabel has joined #aegir |
| [22:10:04] | * shaneonabike1 has joined #aegir |
| [23:09:52] | * shaneonabike1 has quit (Quit: Leaving.) |
| [23:25:55] | * v20th has joined #aegir |
| [23:47:26] | * reaper013 has quit (Quit: Page closed) |
| [00:15:01] | * jerryitt has joined #aegir |
| [00:27:56] | * fatguylaughing_ has joined #aegir |
| [01:05:55] | * theMusician has joined #aegir |
| [01:53:16] | * v20th has quit (Quit: Leaving) |
| [02:48:50] | * gusaus has joined #aegir |
| [04:24:27] | * v20th has joined #aegir |
| [04:50:21] | * theMusician has quit (Quit: theMusician) |
| [06:37:54] | <jonpugh> | colan: you around? getting a 404 on my acme-challenge with hosting_https |
| [06:38:00] | <jonpugh> | sorry 403 |
| [06:38:37] | <colan[m]> | jonpugh: hey. what's the message LE is returning? |
| [06:39:19] | <jonpugh> | oh wait, different message now... |
| [06:39:28] | <jonpugh> | "detail": "Could not connect to prompt.hms... ", |
| [06:39:36] | <jonpugh> | because that's a private DNS url |
| [06:39:49] | <colan[m]> | Usually, it's that they can't find the site via DNS, or Web server permissions don't allow access to the challenge dir. |
| [06:39:56] | <colan[m]> | Sounds like the first one. ;) |
| [06:40:06] | <jonpugh> | ok, wait seeing the first alias going throughh |
| [06:40:27] | <jonpugh> | but that's after I had to manually undo a VHOST :443 |
| [06:40:38] | <jonpugh> | I guess I might have had old test certs in there |
| [06:41:43] | <jonpugh> | but it looks like the first one worked, the main domain is public dns: + Challenge is valid! |
| [06:42:06] | <jonpugh> | but then "Failed to generate Let's Encrypt certificates. " |
| [06:42:25] | <jonpugh> | and I guess it doesn't write the files? because I get more errors down the road about missing certs, and then apache can't restart |
| [06:43:01] | <colan[m]> | Try and stick to the instructions in the README (add aliases first), but you can now enable it on site creation with the latest dev if you're on Nginx. Patches welcome for Apache! ;) Issue: https://gitlab.com/aegir/hosting_https/issues/28 |
| [06:43:33] | <colan[m]> | jonpugh: So maybe delete certs, add alias, then try again? |
| [06:44:00] | <jonpugh> | yeah... |
| [06:44:17] | <jonpugh> | I usually use a site alias for the production vhost |
| [06:44:42] | <jonpugh> | we'll want to make this work without. Is it hosting_https.module that bails on saving the certificates if they don't all pass? |
| [06:44:49] | <jonpugh> | perhaps they should save them if at least one passes? |
| [06:46:21] | <colan[m]> | It's LE. In the certificate request, you specify which names you want on it. They all have to pass to get the cert. |
| [06:46:39] | <colan[m]> | So we're requesting the site name along with all aliases. |
| [06:47:52] | <colan[m]> | Maybe don't add that alias yet. |
| [06:48:06] | <colan[m]> | But then it won't be on the cert. |
| [06:51:49] | <jonpugh> | I'm getting a good log message but NET::ERR_CERT_AUTHORITY_INVALID |
| [06:57:27] | <colan[m]> | jonpugh: Are you in Staging mode? You'll get that with the fake cert. |
| [06:57:38] | <jonpugh> | I was, but I changed it back to production |
| [06:57:47] | * ybabel has quit (Quit: ybabel) |
| [06:58:04] | <colan[m]> | Watch the rate limits then. :) |
| [07:29:08] | * gusaus has quit (Ping timeout: 240 seconds) |
| [08:05:09] | * v20th has quit (Ping timeout: 258 seconds) |
| [08:16:37] | * v20th has joined #aegir |
| [08:24:36] | * v20th has quit (Remote host closed the connection) |
| [08:25:07] | * v20th has joined #aegir |
| [09:23:40] | * mstenta has quit (Ping timeout: 240 seconds) |
| [09:47:21] | * theMusician has joined #aegir |
