1

Site was working fine, until I tried to activate letsencrypt.

Seems like it installed without issue.

dokku letsencrypt myapp.mysub.mydomain.net
=====> Let's Encrypt myapp.mysub.mydomain.net
-----> Updating letsencrypt docker image...
latest: Pulling from dokkupaas/letsencrypt-simp_le
Digest: sha256:398e9173f8e9662df66cb6d0dfa6c6ac07f1e3d65b7994177d487d36eb9b10be
Status: Image is up to date for dokkupaas/letsencrypt-simp_le:latest
      done updating
-----> Enabling ACME proxy for myapp.mysub.mydomain.net...
-----> Getting letsencrypt certificate for myapp.mysub.mydomain.net...
       - Domain 'myapp.mysub.mydomain.net'
darkhttpd/1.12, copyright (c) 2003-2016 Emil Mikulic.
listening on: http://0.0.0.0:80/
2017-01-29 19:19:28,060:INFO:__main__:1305: myapp.mysub.mydomain.net was successfully self-verified
2017-01-29 19:19:28,156:INFO:__main__:1313: Generating new certificate private key
2017-01-29 19:19:29,577:INFO:__main__:391: Saving fullchain.pem
2017-01-29 19:19:29,578:INFO:__main__:391: Saving chain.pem
2017-01-29 19:19:29,578:INFO:__main__:391: Saving cert.pem
2017-01-29 19:19:29,578:INFO:__main__:391: Saving key.pem
-----> Certificate retrieved successfully.
-----> Installing let's encrypt certificates
-----> Unsetting myapp.mysub.mydomain.net
-----> Unsetting DOKKU_NGINX_PORT
-----> Setting config vars
      DOKKU_PROXY_PORT_MAP: http:80:5000
-----> Setting config vars
      DOKKU_PROXY_PORT_MAP: http:80:5000 https:443:5000
-----> Setting config vars
      DOKKU_NGINX_PORT: 80
-----> Setting config vars
      DOKKU_NGINX_SSL_PORT: 443
-----> Configuring myapp.mysub.mydomain.net...(using built-in template)
-----> Creating https nginx.conf
-----> Running nginx-pre-reload
      Reloading nginx
-----> Configuring myapp.mysub.mydomain.net...(using built-in template)
-----> Creating https nginx.conf
-----> Running nginx-pre-reload
      Reloading nginx
-----> Disabling ACME proxy for myapp.mysub.mydomain.net...
      done

No errors in nginx or dokku app log files.

I've googled ERR_CONNECTION_TIMED_OUT after dokku letsencrypt without luck. Any pointers to troubleshooting info?

I can regain access to the site only after a revoke and cleanup.

netplusdesign
  • 11
  • Typically you should share configuration files when you ask this sort of question. I don't know anything about Dokku - is it serving content directly or is there a web server in front of it? – Tim Jan 29 '17 at 22:31
  • The script offered by letsencrypt changes your settings. You want to check your settings to see whether it looks all good or not. Without that info, it will be difficult for us to know what could be wrong. It could be that Nginx does not restart properly (look at Nginx logs). – Alexis Wilke Jan 29 '17 at 22:59
  • Thanks, I tried a few more things. I tried using lets encrypt outside dokku to serve some static webpages, uses the same nginx server. Similar issue. I can access them before but not after lets encrypt. 1 exception, I can still access the page using http. So nginx is not doing what I think it's suppose to do by forcing https. So it appears this is a nginx config issue. I'm just not sure where to start to figure this out. – netplusdesign Jan 30 '17 at 14:01

1 Answers1

0

I was using ufw to open the https port, but AWS was overriding. I had to use the UI to open the port. Ugh.

netplusdesign
  • 11