mushu8
Site Encrypt SSL in staging/prod failing to generate certificate
Hi,
I’m facing an issue generating a SSL certificate in my project using site_encrypt.
In CERT_MODE=local all fine but if I switch to staging or production I can only see the following log :
Creating new account (CA acme-staging-v02.api.letsencrypt.org)
Ordering a new certificate for domain ubiquitous-funicular.ch (CA acme-staging-v02.api.letsencrypt.org)
[…]
[error] Task #PID<0.3036.0> started from #PID<0.2817.0> terminating
** (MatchError) no match of right hand side value: {:error, #SiteEncrypt.Acme.Client.API.Session<https://acme-staging-v02.api.letsencrypt.org/directory>}
(site_encrypt 0.6.0) lib/site_encrypt/acme/client.ex:74: SiteEncrypt.Acme.Client.process_new_order/3
(site_encrypt 0.6.0) lib/site_encrypt/acme/client.ex:45: SiteEncrypt.Acme.Client.create_certificate/2
(site_encrypt 0.6.0) lib/site_encrypt/certification/native.ex:52: SiteEncrypt.Certification.Native.create_certificate/2
(site_encrypt 0.6.0) lib/site_encrypt/certification/job.ex:15: SiteEncrypt.Certification.Job.certify/1
(site_encrypt 0.6.0) lib/site_encrypt/certification/job.ex:26: SiteEncrypt.Certification.Job.certify_and_apply/1
(elixir 1.17.3) lib/task/supervised.ex:101: Task.Supervised.invoke_mfa/2
Function: #Function<0.66470241/0 in SiteEncrypt.Certification.Job.child_spec/1>
Args: []
on the other side, on my instance, I get a successful HTTP 200 answer when :
curl -v https://acme-v02.api.letsencrypt.org/directory
# or
curl -v https://acme-staging-v02.api.letsencrypt.org/directory
Any idea what could be the problem here ?
Marked As Solved
D4no0
Welp, I’m out of ideas. This config line looks suspicious though:
You don’t want to actually force https, as letsencrypt will try to reach your endpoint via http.
Also Liked
mushu8
Hi,
final word the issue was coming from my elastic ip health check which could not contact my server.
As soon as I configure it as HTTP 80 /health, the requests were received my the instance from the elastic ip.
I still came across some issues with setting up :site_encrypt correctly even after removing all automatic redirection from http to https.
Final word, I set up a nginx in from of my phoenix app and removed all https configuration from the phoenix app, made the http open at 4000 and let nginx handle SSL with a certbot plugin.
As bonus I stopped authorizing the app from opening a port on 80 and 443 in my CI/CD pipeline since nginx in handling that.
Thanks a lot @D4no0 for your help and @ruslandoga for the example
ruslandoga
![]()
In case you want some extra examples: I integrated site_encrypt into a project recently: Auto HTTPS in CE by ruslandoga · Pull Request #4491 · plausible/analytics · GitHub – and I used two custom plugs for ACME challenges and forcing TLS since I had trouble with making the default ones work. And I used client: :native as it provided helpful error messages. I also found GitHub - letsencrypt/pebble: A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority. · GitHub very useful during local development.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










