Https on digital ocean with ubuntu 14.04


(Leland Kwong) #1

I can’t quite figure out why it fails to get a certificate. The log output is:

Activating privacy features...2016/11/05 00:36:15 [INFO][lelandkwong.com] acme: Obtaining bundled SAN certificate
2016/11/05 00:36:15 [INFO][lelandkwong.com] acme: Trying to solve HTTP-01
2016/11/05 00:36:21 [lelandkwong.com] failed to get certificate: acme: Error 400 - urn:acme:error:connection - Could not connect to lelandkwong.com
Error Detail:
	Validation for lelandkwong.com:80
	Resolved to:
		159.203.246.76
	Used: 159.203.246.76

Any ideas would be appreciated.

Thanks!


(Matt Holt) #2

Looks like your port 80 is inaccessible for some reason. :thinking:


(Leland Kwong) #3

I reinstalled caddy with the dns option.

my caddyfile is:

lelandkwong.com, www.lelandkwong.com
tls {
  dns digitalocean
}

This time I got this:

Activating privacy features...2016/11/05 19:53:15 [INFO][lelandkwong.com] acme: Obtaining bundled SAN certificate
2016/11/05 19:53:16 [INFO][lelandkwong.com] acme: Could not find solver for: http-01
2016/11/05 19:53:16 [INFO][lelandkwong.com] acme: Trying to solve DNS-01
2016/11/05 19:53:16 [lelandkwong.com] failed to get certificate: Error presenting token: HTTP 401: unauthorized: Unable to authenticate you.

(Leland Kwong) #4

Actually, I realized I need to set credentials for the environment variable, I’ll try that first.


(Leland Kwong) #5

I’m so clueless at this server stuff. What does it mean to set the environment variable for ‘digital ocean’ with DO_AUTH_TOKEN?


(Matt Holt) #6

In order to use Digital Ocean’s API, you need an auth token from your DO account. So you can get that from your DO account under API settings or something (you might have to create one).

But yeah, once you set that env var, it should work for you! (Assuming your domain’s nameservers are at DigitalOcean.)


(Leland Kwong) #7

Thanks Matt. After tons of trial and error, I finally got https working! :slight_smile:


(Leland Kwong) #8

Thought I’d add that this helped me get things going.


(Nikolas) #9

Glad to hear my little script helped you, @Leland-Kwong :slight_smile:


(Миша Радионов) #10

Just stuck with same 403 error and then figured out that I didn’t allow write access in DO panel. I know it’s silly but can be helpful to somebody.