mushu8

mushu8

Site Encrypt SSL in staging/prod failing to generate certificate

Hi,

I’m facing an issue generating a SSL certificate in my project using site_encrypt.
In CERT_MODE=local all fine but if I switch to staging or production I can only see the following log :

Creating new account (CA acme-staging-v02.api.letsencrypt.org)
Ordering a new certificate for domain ubiquitous-funicular.ch (CA acme-staging-v02.api.letsencrypt.org)
[…]
[error] Task #PID<0.3036.0> started from #PID<0.2817.0> terminating
** (MatchError) no match of right hand side value: {:error, #SiteEncrypt.Acme.Client.API.Session<https://acme-staging-v02.api.letsencrypt.org/directory>}
(site_encrypt 0.6.0) lib/site_encrypt/acme/client.ex:74: SiteEncrypt.Acme.Client.process_new_order/3
(site_encrypt 0.6.0) lib/site_encrypt/acme/client.ex:45: SiteEncrypt.Acme.Client.create_certificate/2
(site_encrypt 0.6.0) lib/site_encrypt/certification/native.ex:52: SiteEncrypt.Certification.Native.create_certificate/2
(site_encrypt 0.6.0) lib/site_encrypt/certification/job.ex:15: SiteEncrypt.Certification.Job.certify/1
(site_encrypt 0.6.0) lib/site_encrypt/certification/job.ex:26: SiteEncrypt.Certification.Job.certify_and_apply/1
(elixir 1.17.3) lib/task/supervised.ex:101: Task.Supervised.invoke_mfa/2
Function: #Function<0.66470241/0 in SiteEncrypt.Certification.Job.child_spec/1>
Args: []

on the other side, on my instance, I get a successful HTTP 200 answer when :

curl -v https://acme-v02.api.letsencrypt.org/directory
# or
curl -v https://acme-staging-v02.api.letsencrypt.org/directory

Any idea what could be the problem here ?

Marked As Solved

D4no0

D4no0

Welp, I’m out of ideas. This config line looks suspicious though:

You don’t want to actually force https, as letsencrypt will try to reach your endpoint via http.

Also Liked

mushu8

mushu8

Hi,
final word the issue was coming from my elastic ip health check which could not contact my server.
As soon as I configure it as HTTP 80 /health, the requests were received my the instance from the elastic ip.

I still came across some issues with setting up :site_encrypt correctly even after removing all automatic redirection from http to https.

Final word, I set up a nginx in from of my phoenix app and removed all https configuration from the phoenix app, made the http open at 4000 and let nginx handle SSL with a certbot plugin.
As bonus I stopped authorizing the app from opening a port on 80 and 443 in my CI/CD pipeline since nginx in handling that.

Thanks a lot @D4no0 for your help and @ruslandoga for the example

ruslandoga

ruslandoga

:wave:

In case you want some extra examples: I integrated site_encrypt into a project recently: Auto HTTPS in CE by ruslandoga · Pull Request #4491 · plausible/analytics · GitHub – and I used two custom plugs for ACME challenges and forcing TLS since I had trouble with making the default ones work. And I used client: :native as it provided helpful error messages. I also found GitHub - letsencrypt/pebble: A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority. · GitHub very useful during local development.

Where Next?

Popular in Questions Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
beno
I will often find my self writing things similar to: case some_value do nil -&gt; something() "" -&gt; something() _ -&gt; somethi...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
tduccuong
Hi, is there any work on GUI with Elixir, that is similar to Electron/Javascript? My idea is to bundle Phoenix and BEAM into a single se...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
Lily
In templates/appointment/index.html.eex: &lt;%= for appointment &lt;- @appointments do %&gt; &lt;tr&gt; &lt;td&gt;&lt;%= appoi...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New

Other popular topics Top

danschultzer
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch. This project took far...
548 29603 241
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement