27 Jan 2024 |
| @lehmanator:gnulinux.club removed their display name Sam Lehman. | 16:59:42 |
| @lehmanator:gnulinux.club left the room. | 17:03:22 |
29 Jan 2024 |
| Sam Lehman joined the room. | 11:03:10 |
| Sam Lehman set a profile picture. | 11:06:04 |
31 Jan 2024 |
Train | Whenever I try to get a certificate, it always tries to use my local DNS:
lego --email email --dns domain --domains domain run
2024/01/31 13:09:58 [INFO] [domain] acme: Obtaining bundled SAN certificate
2024/01/31 13:09:58 [INFO] [domain] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/XXXXXXXXXX
2024/01/31 13:09:58 [INFO] [domain] acme: Could not find solver for: tls-alpn-01
2024/01/31 13:09:58 [INFO] [domain] acme: Could not find solver for: http-01
2024/01/31 13:09:58 [INFO] [domain] acme: use dns-01 solver
2024/01/31 13:09:58 [INFO] [domain] acme: Preparing to solve DNS-01
2024/01/31 13:09:59 [INFO] [domain] acme: Trying to solve DNS-01
2024/01/31 13:09:59 [INFO] [domain] acme: Checking DNS record propagation using [127.0.0.53:53]
2024/01/31 13:10:01 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/01/31 13:10:01 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:03 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:05 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:07 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:09 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:11 [INFO] [domain] acme: Waiting for DNS record propagation.
| 19:13:23 |
Train | Is it normal to use a loopback address such as this one: 127.0.0.53:53 | 19:13:48 |
Train | * Is it normal to use a loopback address such as this one: 127.0.0.53:53? | 19:17:30 |
ajs124 | if you're using systemd resolved, yes | 22:02:01 |
1 Feb 2024 |
m1cr0man | In reply to @atra1n:matrix.org Is it normal to use a loopback address such as this one: 127.0.0.53:53? Yes and you can also set it through the ACME options :) | 00:36:31 |
7 Feb 2024 |
| netpleb joined the room. | 21:27:59 |
netpleb | i am getting : 2024/02/07 21:34:52 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-v02.api.letsencrypt.org: Temporary failure in name resolution with self-hosted bind (followed the manual) dns-01 validation | 21:38:12 |
K900 | Sounds like DNS | 21:39:09 |
netpleb | In reply to @k900:0upti.me Sounds like DNS right, so I just thought of one thing which might fix it (i feel like i have tried everything already)...but this server actually gets its public ip via a wireguard interface, and I used wg-quick in that interface and did set the dns = [ <some server> ] option. I am going to remove that and cross my fingers! :-) | 21:40:35 |
netpleb | hmm, sadly that did not seem to solve it | 21:44:40 |
netpleb | what logs should i post which would help diagnose? | 21:44:54 |
netpleb | Redacted or Malformed Event | 21:46:52 |
K900 | Do you actually have working DNS? | 21:49:31 |
K900 | Like, can you ping that domain name? | 21:49:39 |
netpleb | yes, I can ping that domain name no problem | 21:50:12 |
netpleb | [root@netpleb-public-services:~]# systemctl status acme-netpleb.com.service
○ acme-netpleb.com.service - Renew ACME certificate for netpleb.com
Loaded: loaded (/etc/systemd/system/acme-netpleb.com.service; linked; preset: enabled)
Active: inactive (dead)
TriggeredBy: ● acme-netpleb.com.timer
Feb 07 21:48:41 netpleb-public-services systemd[1]: Dependency failed for Renew ACME certificate for netpleb.com.
Feb 07 21:48:41 netpleb-public-services systemd[1]: acme-netpleb.com.service: Job acme-netpleb.com.service/start failed with result 'dependency'.
[root@netpleb-public-services:~]# ping netpleb.com
PING netpleb.com (38.45.103.128) 56(84) bytes of data.
64 bytes from ns1.netpleb.com (38.45.103.128): icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from ns1.netpleb.com (38.45.103.128): icmp_seq=2 ttl=64 time=0.064 ms
^C
--- netpleb.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1064ms
rtt min/avg/max/mdev = 0.041/0.052/0.064/0.011 ms
| 21:51:06 |
K900 | Not that | 21:51:36 |
K900 | acme-v02.api.letsencrypt.org | 21:51:46 |
K900 | Can you ping that? | 21:51:49 |
netpleb | hmm, nope! wtf, I can ping google.com just fine though. What is going on? | 21:53:15 |
K900 | You have a DNS problem | 21:55:01 |
K900 | Have fun | 21:55:03 |
netpleb | I am obviously not an expert in these things (though getting to know/learn Nix, both the language and the OS has been overall a rewarding experience). How is it possible that I can ping google but not letsencrypt? | 21:58:24 |
netpleb | * ... | 21:59:26 |
K900 | Something about your DNS config is broken | 22:01:14 |
K900 | That's not really a NixOS problem | 22:01:23 |