Hello everyone, i have just set up my miab instance. but I’m having issues with the cert provisioning. i have other services running on my network so i use traefik. i think this is interfering with the cert process as it redirects all traffic to https. i cannot change this without taking all my other services offline. This is the error i am getting:
“Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: *** Type: unauthorized Detail: ..*.**: Invalid response from *****/.well-known/acme-challenge/o-yFUanRteUz7RG5JBDAtnR_vE70GYUPn_GS26NaXmM: 404”
i’ve put *'s in as i cannot post links yet.
does anyone have any ideas that could help me? i’d really appreciate it.
Is this a new MIAB install? Is propagation finished? Check DNS propagation(https://www.whatsmydns.net/) and try later. I see TTL is 1 day in the screenshot that is 24 hours.
I suppose you are using the External DNS option i.e. MIAB is not managing your DNS settings.
Please read carefully which records need to be replicated on Cloudflare. Please REMOVE if you have enabled DNSSEC record from your domain registrar FIRST. Try to provision the certificates after the DNS has propagated depending on the TTL on Cloudflare. Otherwise let MIAB manage your dns settings and for this you only need 2 A records ns1.box and ns2.box and 2 NS records ns1.yourdomain.com and ns2.yourdomain.com at the registrar.
The ACME challenge only works over htttp so you need to remove all redirects.
that is correct. I can’t let MIAB manage dns as the ports cannot be forwarded as ports 80 and 443 are in use for my other services(on a different domain) that run through traefik. I have not set up DNSSEC yet.
Just add the new domains via MIAB>> Users>> Add New User>> user@newdomain.com
It will update the dns and add the new domain. Of course you need to point the domains to the MIAB IP, both A and AAAA records, at the registrar. No need for new glue records for the additional domains. Read the setup guide >> how to add multiple domains to MIAB.