Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certbot / Let's encrypt fails on OpenShift deployment #149

Open
uniqueg opened this issue Apr 17, 2020 · 0 comments
Open

Certbot / Let's encrypt fails on OpenShift deployment #149

uniqueg opened this issue Apr 17, 2020 · 0 comments
Labels
priority: low Low priority type: bug Something isn't working type: security Related to security workload: hours Likely takes hours to resolve

Comments

@uniqueg
Copy link
Member

uniqueg commented Apr 17, 2020

Describe the bug
OpenShift deployment of cwl-WES with helm install wes . -f values.yaml in deployment/ successfully deploys the app. However, even though the certbot container starts up, the challenge endpoint is not reachable and no certificates are obtained.

Expected behavior
The challenge endpoint should be reachable.

Additional context
The container log reads:

Inputs:
 EMAIL: cert.author@cert.author.host.org
 DOMAINS: cwlwes.c03.k8s-popup.csc.fi
 SECRET: mytls-secret
 ROUTE: cwlwes
Current Kubernetes namespce: wes
Starting HTTP server... 
Wait a little so that service will see us
Starting certbot...
Saving debug log to /tmp/log/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cwlwes.c03.k8s-popup.csc.fi
Using the webroot path /tmp/challenge for all unmatched domains.
Waiting for verification...
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cwlwes.c03.k8s-popup.csc.fi
   Type:   unauthorized
   Detail: Invalid response from
   https://cwlwes.c03.k8s-popup.csc.fi/.well-known/acme-challenge/BANT3RlR7XoaP3tGq_E5Rc43D1c9McX3N36DOFz__0g 
Challenge failed for domain cwlwes.c03.k8s-popup.csc.fi
http-01 challenge for cwlwes.c03.k8s-popup.csc.fi
Cleaning up challenges
Some challenges have failed.
   [195.148.30.237]: "{\n  \"detail\": \"The requested URL was not
   found on the server. If you entered the URL manually please check
   your spelling and try"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /tmp/cfg. You should make a secure
   backup of this folder now. This configuration directory will also
   contain certificates and private keys obtained by Certbot so making
   regular backups of this folder is ideal.
Certbot finished. Killing http server...
Finiding certs. Exiting if certs are not found ...
ls: /tmp/cfg/live/cwlwes.c03.k8s-popup.csc.fi: No such file or directory
@uniqueg uniqueg added priority: low Low priority type: security Related to security workload: hours Likely takes hours to resolve labels Apr 17, 2020
@uniqueg uniqueg added the type: bug Something isn't working label Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: low Low priority type: bug Something isn't working type: security Related to security workload: hours Likely takes hours to resolve
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uniqueg