Awesome! I have a domain you can borrow, just let me know which IP to point it at. You’ll have to make sure ports 80 and 443 are forwarded within your home to your computer. You can DM me the IP address.
Edit: Either host or hosts is fine! They are both better than tlshost(s).
tls.NewListener() returns an unstarted listener, but tls.Listen() is a started listener. You want an unstarted one.
I have created a domain for myself now.I created an A DNS record echo.leastsignificantbit.co.za and pointed it to a Google VM server external IP Address. After that I setup caddy with the net plugin on the server with the following Caddyfile:
I start caddy with the net plugin and Let’s Encrypt prompts for my email. After that I receive an error: 2017/03/31 22:44:01 [echo.leastsignificantbit.co.za] failed to get certificate: [echo.leastsignificantbit.co.za] error presenting token: Could not start HTTPS server for challenge -> listen tcp :443: bind: permission denied [EDIT: after tracking this message in the source code it looks like it’s a message from the ACME client]
I do have port 443 open on the server firewall, but nothing is listening on that port.
I tried the same on my dev machine behind my personal internet after pointing the dns record to my personal internet IP address but I get the same error.
Thanks @matt,
I run as root (sudo) now but get a different error now: failed to get certificate: acme: Error 400 - urn:acme:error:connection - Could not connect to echo.leastsignificantbit.co.za
I pointed the domain above to my local internet and forwarded port traffic to my laptop.
Also, when if I dig +short echo.leastsignificantbit.co.za I get the correct IP address.
I tried to a different server (running on Google cloud) and pointed play.leastsignificantbit.co.za to the external IP on that server. When I run caddy on there I get a different (but similar) error: failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for play.significantbit.co.za
Again, if I dig +short play.leastsignificantbit.co.za I get the correct IP address.
If I switch off tls in the Caddyfile I can telnet into both domain names and on the listening port.
Any ideas what I might be doing wrong? Could it be something to do with my hosting company and their DNS?
For ACME-related errors, there’s more output than that, there should be more lines saying what the result of their DNS lookup was, etc. But yeah, so far it looks like they had trouble connecting to your machine.
Want me to try it? DM me when you want me to try connecting from my machine. If I can’t, then it’s definitely an issue with your network configuration.
failed to get certificate: acme: Error 400 - urn:acme:error:connection - Could not connect to echo.leastsignificantbit.co.za
This means that the ACME server found a server on the other end of echo.leastsignificantbit.co.za, but couldn’t open a HTTP(S) connection to it.
This one is different - it tells me that your own DNS server is updating quicker than the one that LetsEncrypt is using for their ACME servers. I expect the solution will be to wait for a little while for DNS propagation to complete.
I don’t know if LE uses Google’s public DNS or not, but anecdotally, I’ve found that if dig @8.8.8.8 +short example.com resolves, LetsEncrypt can run it.
Excellent, this is great news!! My home internet just come back online, so when I get a chance I will take a look. But don’t let me slow you down!
As you prepare to make this available, remember to start simple. Only include by default the plugins / directives that should be included in core; the rest can be external if you wish.
Have I given you access to the new Caddy website yet? If not, I will DM you with the information so you can submit it there when you are ready.