dadatuputi/bitwarden_gcloud

letsencrypt fails

pheppy opened this issue · 3 comments

pheppy commented

docker-compose up ends up error messages:

proxy           | {"level":"error","ts":1613599644.6069458,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"bitwarden.<mydomain>.net","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:connection","error":"Fetching http://bitwarden.<mydomain>.net/.well-known/acme-challenge/KkUwBaSArywzemlOmNLY8omg8pCWQmfz6blwNmvpKz4: Timeout during connect (likely firewall problem)"}
proxy           | {"level":"error","ts":1613599644.6087248,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"bitwarden.<mydomain>.net","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://bitwarden.<mydomain>.net/.well-known/acme-challenge/KkUwBaSArywzemlOmNLY8omg8pCWQmfz6blwNmvpKz4: Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/18150164/242579938","attempt":2,"max_attempts":3}
proxy           | {"level":"error","ts":1613599646.1697505,"logger":"tls.obtain","msg":"will retry","error":"[bitwarden.<mydomain>.net] Obtain: [bitwarden.<mydomain>.net] solving challenges: bitwarden.<mydomain>.net: no solvers available for remaining challenges (configured=[tls-alpn-01 http-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/18150164/242580083) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":400.909904751,"max_duration":2592000}```

This was expected according to https://bradford.la/2020/self-host-bitwarden-on-google-cloud/
But installing DDNS should fix the problem. The DDNS config seams to work, but does not resolve the problem

ddns            | /config/ddclient.conf MODIFY 
ddns            | ddclient has been restarted
ddns            | Setting up watches.
ddns            | Watches established.
ddns            | SUCCESS:  bitwarden.<mydomain>.net -- Updated Successfully to <my_ipaddress>

I have cloudfare set up as DNS. I tried direct DNS and I tried proxied. I turned off cloudfare encryption. All the same result.

pheppy commented

Adding a Firewall Rule in this Google Cloud instance voor tls: 80, 443 for range 0.0.0.0/0
Did solve the problem. Although it took some time (10 minutes) for letsencrypt to work.

travisterrell commented

Man, what a great coincidence that you shared this just yesterday. I'm sure I would've eventually thought to open the firewall, but this definitely saved me some time. Thanks!

ninadphadke-zz commented

Funnily enough, even though the instance was created with allow-http and allow-https tags & I manually checked both boxes in the UI (which created two firewall rules, one for 80 and the other for 443), it was only after I added manually added a rule that together opened these two ports that it worked.