lua doesn't capture authorization requests

Question

lua doesn't capture authorization requests

Closed this issue 7 years ago · 1 comments

I've installed the validation plugin by following the procedure. Initially the script worked but after a while it didn't.

Environment:

Installed 2 Haproxy servers with a floating IP in front
HA-Proxy version 1.6.3 2015/12/25
Operating system: Ubuntu Xenial
2 NGINX back-end web servers

Steps to reproduce:

Haproxy runs in chroot mode
Configured the global and front-end sections according to the instructions
Restarted Haproxy
Haproxy seems to load the lua plugin: haproxy1 haproxy-systemd-wrapper[432]: [info] 126/114103 (433) : [acme] http-01 plugin v0.1.1
If I generate a certificate it does create the tokens in the folder: /var/lib/haproxy/.well-known/acme-challenge/ on the Haproxy server
I ran the letsencrypt/certbot client to generate new certificates, with the results in de log dump below:
It seems that the authorization request is directly forwarded from the Haproxy system to the back-end servers and that the lua doesn't capture and process these requests. On the back-end webservers I see incoming requests from Let's Encrypt looking for the http://domainx.com/.well-known/acme-challenge/nYD1_fbMcn5Op0XoWI5XJsIQsSgAJ-SfieuLW5hNf3U

Start log<<
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domainx.net
http-01 challenge for www.domainx.net
http-01 challenge for ads.domainx.net
http-01 challenge for domainx.com
Using the webroot path /var/lib/haproxy for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. domainx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domainx.com/.well-known/acme-challenge/nYD1_fbMcn5Op0XoWI5XJsIQsSgAJ-SfieuLW5hNf3U: "

<title>404 Not Found</title>

404 Not Found

", www.domainx.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.domainx.net/.well-known/acme-challenge/AN9zePHcugsfYs6hAbia2jnDkZYqLnyUvWxkLHhXH0g: " <title>404 Page Not Found</title> <style type="text/css">

body {
background-color: #fff;
margin: 40px;
font-fa"

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: domainx.com
Type: unauthorized
Detail: Invalid response from
http://domainx.com/.well-known/acme-challenge/nYD1_fbMcn5Op0XoWI5XJsIQsSgAJ-SfieuLW5hNf3U:
"
<title>404 Not Found</title>
404 Not Found

"
Domain: www.domainx.net
Type: unauthorized
Detail: Invalid response from
http://www.domainx.net/.well-known/acme-challenge/AN9zePHcugsfYs6hAbia2jnDkZYqLnyUvWxkLHhXH0g:
"
<title>404 Page Not Found</title> <style type="text/css">
body {
background-color: #fff;
margin: 40px;
font-fa"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

End log<<

Answer 1 · 2017-05-07T12:30:59.000Z

Sorry, problem solved. It had to do with an automatic redirect. I've also added the lua config to the https frontend. It now processes the requests properly. Case closed.