when strting in HTTP mode, the service is not listening

[guydou]

I started the service in a rancher (v1.6.2) the template version is 0.4.0

I configured it with HTTP mode

The service starts and prints:

level=info msg="Make sure that HTTP requests for '/.well-known/acme-challenge' for all certificate domains are forwarded to the container running this application"

I tried to see if it listens on that port,

so I exec to that container and I saw it doesn't listen on any port:

 # netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
#

thanks

[laoshancun]

same issue.

[failedguidedog]

+1

[jeffreyces]

Same issue.

[gpmeenen]

+1

[protheusfr]

+1

[farzeni]

same here

[protheusfr]

Any fix planned ?

[mostlyjason]

+1

[paprickar]

+1
Issue also happen with rancher (v1.6.2) the template version is 0.5.0

[mfournier]

I'm not sure this is actually an issue. IME priori to the log message above, the service logs:
level=info msg="Using HTTP challenge: Sleeping for 120 seconds before requesting certificate".

After 120s, the port gets bound. About at the same moment this log line gets printed out: level=info msg="Trying to obtain SSL certificate ([...]) from Let's Encrypt Production CA".

Then once the chit-chat with letsencrypt's servers is over, the port gets closed again.

Seems like a reasonable behaviour to me.

[Yiivgeny]

+1

[laoshancun]

maybe you should upgrade to janeczku/rancher-letsencrypt:v0.5.0,it works fine for me.

[anderson012]

Issue also happen with rancher (v1.6.10) the template version is 0.5.0

[anderson012]

after updating the version I just needed to leave port 80 visible to the world and TADA, worked perfectly

[olivierb2]

+1
update : seems to work now, but not sure why.

[achih]

+1
rancher(v1.6.0)
rancher-letsencrypt:v0.5.0

[Geo719]

+1
rancher (v1.6.12)
rancher-letsencrypt:v0.5.0

I updated rancher from 1.6.10 to .1.6.12 and it does not work anymore.

• I recreated the LB with domain.tld 80 /.well-known/acme-challenge 80 rancher-letsencrypt
• /etc/letsencrypt is on NFS mounted and working (files are mounted)

But only 503 on http://domain.tld/.well-known/acme-challenge
or
http://domain.tld/.well-known/acme-challenge/

LOG: Error obtaining certificate: acme: Error 400 - urn:acme:error:connection - Fetching http://<domain.tld>/.well-known/acme-challenge/Rk_Zo0-TQsVZhFysd16Is8--oK__I9jcgyx634kyvjE: Connection refused

any suggestions?

!Confused...
It just started working?! Weird... I did nothing...?!

[defcon8]

+1 !!

/.well-known/acme-challenge, does not get routed properly by the load balancer. When accessing the URL manualy from a webbrowser, the original balancer rule beneith is applied.

Rancher: 1.6.14
Lets Encrypt: 0.5.0

[pdanysz]

I have the same issue:
Racher: 1.6.14
Lets: 0.5.0

But is workaround for this.
I downgraded to 0.4.0 and works, my certs created successfully.

2/9/2018 6:37:40 PMlevel=info msg="Starting Let's Encrypt Certificate Manager v0.4.0 3c41d73"
…
2/9/2018 6:40:25 PMlevel=info msg="Certificate obtained successfully"
2/9/2018 6:40:26 PMlevel=info msg="Updated Rancher certificate 'SSL Certs'"
2/9/2018 6:40:28 PMlevel=info msg="Updated load balancer 'DC-LoadBalancer' with changed certificate"
2/9/2018 6:40:28 PMlevel=info msg="Certificate renewal scheduled for 2018/04/20 12:00 UTC"