Lets encrypt auto provision


Hello all,
I moved my box to my home, so 1 IP adress for 2 vm.
Thinking about idea to have some way to select domains for which I want to auto-provision certificate.
So for example:
domain xxx.eu - enabled auto provision
domain yyy.de - disabled auto provison

Because box probably auto generate request to authority, and it fails.


It failed on request? How so? Do you have a log? if yyy.de is hosted outside the box then it shouldn’t matter…


yes, domains xxx.eu and yyy.de are hosted on second vm. See log mailed to me from box…

xxx.eu, www.xxx.eu, yyy.de, www.yyy.de: Something unexpected went wrong: [NeedToInstallFile('http://xxx.eu/.well-known/acme-challenge/jUbbrMMKQWrYeqJ8zqqHqS-GXd3YzPL4xzsC4lR3CW8', 'jUbbrMMKQWrYeqJ8zqqHqS-GXd3YzPL4xzsC4lR3CW8.fNVLAHVeMNSsYi1W3GtgZPgAjud8bet87SjtcPPLtbw', 'jUbbrMMKQWrYeqJ8zqqHqS-GXd3YzPL4xzsC4lR3CW8'), NeedToInstallFile('http://www.xxx.eu/.well-known/acme-challenge/yBJ3DNaRKu4Fk8k-2xed5ouLn0WmsTrbkyACNXW2DT8', 'yBJ3DNaRKu4Fk8k-2xed5ouLn0WmsTrbkyACNXW2DT8.fNVLAHVeMNSsYi1W3GtgZPgAjud8bet87SjtcPPLtbw', 'yBJ3DNaRKu4Fk8k-2xed5ouLn0WmsTrbkyACNXW2DT8'), NeedToInstallFile('http://yyy.de/.well-known/acme-challenge/jRAkgFnXLP-X5cSTLay1cOYlU-OXM1kKry1WWAQPrMs', 'jRAkgFnXLP-X5cSTLay1cOYlU-OXM1kKry1WWAQPrMs.fNVLAHVeMNSsYi1W3GtgZPgAjud8bet87SjtcPPLtbw', 'jRAkgFnXLP-X5cSTLay1cOYlU-OXM1kKry1WWAQPrMs'), NeedToInstallFile('http://www.yyy.de/.well-known/acme-challenge/oItEZelCA9TmtNc6iJB4TREgGgLH5WDn0U79X9fuxMI', 'oItEZelCA9TmtNc6iJB4TREgGgLH5WDn0U79X9fuxMI.fNVLAHVeMNSsYi1W3GtgZPgAjud8bet87SjtcPPLtbw', 'oItEZelCA9TmtNc6iJB4TREgGgLH5WDn0U79X9fuxMI')]


if yyy.de’s web hosting is not on MIAB then MIAB cannot provision certificates for it. You have to do that from the web server you have them on.


I know that, other vm using Letsencrypt too…
Im concerning if thats cert request isnt noisy for letsencrypt authority?
Beccause, im thinking, that box create and send request to ca, ca cant validate file on web root and so on…


if you have an A record setup for the domain, MIAB does not get the cert for it because web services are hosted else where.


yes, you are right :slight_smile:
but I have one public ip and two webservers on it…
so, EVERY night at 3:00am I receiving provisioning error…