Some days ago i installed for my self Passbolt Pro On Premise on Ubuntu 20.04 LTS with my own SSL Certificate. This works fine.
Now i tryed to install Passbolt CE for a Customer on an vServer. But it is not possible to installed it with Let’s Encrpyt.
The A and AAAA Records are made 2 days ago for the subdomain which i use for this Server. The IPv4 and IPv6 Address is correct. I checked this several times.
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for passbolt.xyz.com
Waiting for verification...
Challenge failed for domain passbolt.xyz.com
http-01 challenge for passbolt.xyz.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: passbolt.xyz.com
Type: unauthorized
Detail: Invalid response from
http://passbolt.xyz.com/.well-known/acme-challenge/qAzVjThKKITHOOrQF9YeRy04z979cUPYsZmqStLLWcg
[2a03::::::::::::]: "<html>\r\n<head><title>404
Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
what can i do?
Hey @Holla_Die_Waldfee
Check the NGINX configuration to make sure it is handling calls on port 80 to that path properly. Most likely LE is writing the validation file in a location other than your root project path. You could add an NGINX location for that specific path.
Hi garrett, thx for your reply.
It looks like this is an error in the installation script from passbolt. I can reproduce the error on another virutal machine with Ubuntu 20.04 LTS.
I think LE is writing the validation file into the wrong direction, because Passbolt is reachable under port 80 and i get an 404 error page with the validiation link.
How can i change the direction for the LE validation file?
@Holla_Die_Waldfee We are recommending a package-based install for Ubuntu now, btw. Can you post your NGINX config file? And have you determined where LE is writing the validation file? What location is that?
1 Like
Hi @Holla_Die_Waldfee
I was able to reproduce your problem. When Let’s Encrypt generate a certificate, the certbot agent generate a file in http://domain.tld/.well-known/acme-challenge/long-random-name and the Let’s Encrypt servers try to communicate with this URL in HTTP on 80/TCP port.
If both IPv4/IPv6 of domain.tld are available, Let’s Encrypt will always prefer the IPv6 address.
In the /etc/nginx/sites-enabled folder, we can find 2 configuration files with these directives:
nginx-passbolt.conf:
listen 80;
default.conf
listen 80 default_server;
listen [::]:80 default_server;
It means the passbolt configuration file listen “only” on IPv4 and the default one listen on both IPv4/IPv6.
I can propose to you to add a line listen [::]:80 before the listen 80 line on /etc/nginx/sites-enabled/nginx-passbolt.conf file.
Then you should be able to generate your certificate. Let us know if it fixes your issue, we will update the nginx configuration file.
Regards.
1 Like
thanks to _jc! Adding the line
listen [::]:80;
before the existing “listen 80;” line solved the problem. Here the first lines from the nginx-passbolt.conf file, so that others can find it quickly:
#
# Passbolt.conf - Nginx configuration file to run the Passbolt software.
#
server {
listen [<your_ipv6_address>]:80;
listen 80;
# Managed by Passbolt
server_name passbolt.<yourdomain>.xyz;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
@garrett: i used the Ubuntu package-based installer. So the problem is in the package.
2 Likes
I’m glad to hear your problem has been solved ! We will update the Debian / Ubuntu package accordingly thanks to your feedback.
Enjoy your new passbolt instance and don’t hesitate to reach us in any case 