dokku-letsencrypt: CA marked some of the authorizations as invalid
Description of problem
I get an error when attempting to obtain a TLS certificate.
CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47734052
Challenge validation has failed, see error log.
How reproducible
I’ve attempted this twice with a fresh server using the Ubuntu Dokku 0.17.9 on 18.04 image on DigitalOcean.
Steps to Reproduce
- Clone heroku/ruby-getting-started repository
- Deploy to Dokku
- Run
dokku domains:add-global dokku.enberg.io dokku domains:set ruby-getting-started rubygettingstarted.dokku.enberg.io- Access
rubygettingstarted.dokku.enberg.iovia browser (works) - Run
dokku letsencrypt ruby-getting-started
Actual Results
=====> Let's Encrypt ruby-getting-started
-----> Updating letsencrypt docker image...
0.1.0: Pulling from dokku/letsencrypt
Digest: sha256:af5f8529c407645e97821ad28eba328f4c59b83b2141334f899303c49fc07823
Status: Image is up to date for dokku/letsencrypt:0.1.0
docker.io/dokku/letsencrypt:0.1.0
Done updating
-----> Enabling ACME proxy for ruby-getting-started...
[ ok ] Reloading nginx configuration (via systemctl): nginx.service.
-----> Getting letsencrypt certificate for ruby-getting-started...
- Domain 'rubygettingstarted.dokku.enberg.io'
darkhttpd/1.12, copyright (c) 2003-2016 Emil Mikulic.
listening on: http://0.0.0.0:80/
2020-04-06 09:56:54,239:INFO:__main__:1406: Generating new certificate private key
2020-04-06 09:56:56,704:ERROR:__main__:1388: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47731403
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for ruby-getting-started...
[ ok ] Reloading nginx configuration (via systemctl): nginx.service.
done
Expected Results
Successfully obtaining a TLS certificate
Environment Information
Ubuntu Dokku 0.17.9 on 18.04 1 vCPUs 1GB / 25GB Disk
dokku report ruby-getting-started output
-----> uname: Linux dokku-1 4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
-----> memory:
total used free shared buff/cache available
Mem: 985 476 144 11 364 355
Swap: 0 0 0
-----> docker version:
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:46 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:24:19 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
-----> docker daemon info:
Client:
Debug Mode: true
Server:
Containers: 21
Running: 3
Paused: 0
Stopped: 18
Images: 30
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-52-generic
Operating System: Ubuntu 18.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985.5MiB
Name: dokku-1
ID: IZIC:3KS3:W2XL:RPJL:JMSB:SQW7:BHNN:OANI:YR2G:BXK6:TXY7:YRW2
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
-----> sigil version: 0.5.0
-----> herokuish version:
herokuish: 0.5.11
buildpacks:
heroku-buildpack-multi v1.0.0
heroku-buildpack-ruby v214
heroku-buildpack-nodejs v170
heroku-buildpack-clojure v84
heroku-buildpack-python v167
heroku-buildpack-java v66
heroku-buildpack-gradle v31
heroku-buildpack-scala v87
heroku-buildpack-play v26
heroku-buildpack-php v173
heroku-buildpack-go v139
buildpack-nginx v12
-----> dokku version: dokku version 0.20.2
-----> dokku plugins:
plugn: 0.3.2
00_dokku-standard 0.20.2 enabled dokku core standard plugin
20_events 0.20.2 enabled dokku core events logging plugin
app-json 0.20.2 enabled dokku core app-json plugin
apps 0.20.2 enabled dokku core apps plugin
builder-dockerfile 0.20.2 enabled dokku core builder-dockerfile plugin
builder-herokuish 0.20.2 enabled dokku core builder-herokuish plugin
buildpacks 0.20.2 enabled dokku core buildpacks plugin
certs 0.20.2 enabled dokku core certificate management plugin
checks 0.20.2 enabled dokku core checks plugin
common 0.20.2 enabled dokku core common plugin
config 0.20.2 enabled dokku core config plugin
docker-options 0.20.2 enabled dokku core docker-options plugin
domains 0.20.2 enabled dokku core domains plugin
enter 0.20.2 enabled dokku core enter plugin
git 0.20.2 enabled dokku core git plugin
letsencrypt 0.9.3 enabled Automated installation of let's encrypt TLS certificates
logs 0.20.2 enabled dokku core logs plugin
network 0.20.2 enabled dokku core network plugin
nginx-vhosts 0.20.2 enabled dokku core nginx-vhosts plugin
plugin 0.20.2 enabled dokku core plugin plugin
postgres 1.11.2 enabled dokku postgres service plugin
proxy 0.20.2 enabled dokku core proxy plugin
ps 0.20.2 enabled dokku core ps plugin
repo 0.20.2 enabled dokku core repo plugin
resource 0.20.2 enabled dokku core resource plugin
scheduler-docker-local 0.20.2 enabled dokku core scheduler-docker-local plugin
shell 0.20.2 enabled dokku core shell plugin
ssh-keys 0.20.2 enabled dokku core ssh-keys plugin
storage 0.20.2 enabled dokku core storage plugin
tags 0.20.2 enabled dokku core tags plugin
tar 0.20.2 enabled dokku core tar plugin
trace 0.20.2 enabled dokku core trace plugin
=====> ruby-getting-started app information
App deploy source:
App dir: /home/dokku/ruby-getting-started
App locked: false
=====> ruby-getting-started buildpacks information
Buildpacks list:
=====> ruby-getting-started ssl information
Ssl dir: /home/dokku/ruby-getting-started/tls
Ssl enabled: false
Ssl hostnames:
Ssl expires at:
Ssl issuer:
Ssl starts at:
Ssl subject:
Ssl verified:
=====> ruby-getting-started checks information
Checks disabled list: none
Checks skipped list: none
=====> ruby-getting-started docker options information
Docker options build: --link dokku.postgres.railsdatabase:dokku-postgres-railsdatabase
Docker options deploy: --link dokku.postgres.railsdatabase:dokku-postgres-railsdatabase --restart=on-failure:10
Docker options run: --link dokku.postgres.railsdatabase:dokku-postgres-railsdatabase
=====> ruby-getting-started domains information
Domains app enabled: true
Domains app vhosts: rubygettingstarted.dokku.enberg.io
Domains global enabled: true
Domains global vhosts: dokku.enberg.io
=====> ruby-getting-started git information
Git deploy branch: master
Git global deploy branch: master
Git keep git dir: false
Git rev env var: GIT_REV
Git sha: 9ddca7b
=====> ruby-getting-started network information
Network attach post create:
Network attach post deploy:
Network bind all interfaces: false
Network web listeners: 172.17.0.4:5000
=====> ruby-getting-started nginx information
Nginx access log path: /var/log/nginx/ruby-getting-started-access.log
Nginx bind address ipv4:
Nginx bind address ipv6: ::
Nginx error log path: /var/log/nginx/ruby-getting-started-error.log
Nginx hsts: true
Nginx hsts include subdomains: true
Nginx hsts max age: 15724800
Nginx hsts preload: false
=====> ruby-getting-started proxy information
Proxy enabled: true
Proxy port map: http:80:5000
Proxy type: nginx
=====> ruby-getting-started ps information
Processes: 1
Deployed: true
Running: true
Restore: true
Restart policy: on-failure:10
Ps can scale: true
Status web.1: running (CID: f44e5d800ba3)
=====> ruby-getting-started scheduler-docker-local information
Scheduler docker local disable chown:
=====> ruby-getting-started storage information
Storage build mounts:
Storage deploy mounts:
Storage run mounts:
root@dokku-1:~#
How (deb/make/rpm) and where (AWS, VirtualBox, physical, etc.) was Dokku installed?:
Installed Dokku with the Dokku image available on DigitalOcean (Ubuntu Dokku 0.17.9 on 18.04).
Additional information
- App container inspect output (if applicable) via
dokku ps:inspect ruby-getting-started
[
{
"AppArmorProfile": "docker-default",
"Args": [
"web"
],
"Config": {
"AttachStderr": true,
"AttachStdin": false,
"AttachStdout": true,
"Cmd": [
"/start",
"web"
],
"Domainname": "",
"Entrypoint": null,
"Env": [
"PORT=5000",
"USER=herokuishuser",
"DYNO=web.1",
"CACHE_PATH=/cache",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"DEBIAN_FRONTEND=XXXXXX"
],
"Hostname": "f44e5d800ba3",
"Image": "dokku/ruby-getting-started:latest",
"Labels": {
"com.dokku.app-name": "ruby-getting-started",
"com.dokku.container-type": "deploy",
"com.dokku.dyno": "web.1",
"com.dokku.image-stage": "release",
"com.dokku.process-type": "web",
"dokku": "",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "dokku"
},
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"Created": "2020-04-06T09:42:40.600900011Z",
"Driver": "overlay2",
"ExecIDs": null,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/10190803a0f28ad1a1f87ca48978645b9f936237824280406c165c495aded917-init/diff:/var/lib/docker/overlay2/80ee19a572a52ea7794515566f75f4e39f21794a4c1f05c1eb7880c547db32e4/diff:/var/lib/docker/overlay2/df0898e10a7b7918fb9ba2913d99d16f3371118b09ceb1238180e6ad57b8dbbb/diff:/var/lib/docker/overlay2/1bc5e3cf0cb8b037b3289c8aa3e286fc96ebb44e4ded8a01b40ebd86dc346b75/diff:/var/lib/docker/overlay2/b1a334b210154462050eaf6c9381d1a909e37bd7ef026ad4052e1c413f75b3c9/diff:/var/lib/docker/overlay2/e0a3fc51b6ab5834e975389006ba655940278be2df6a7333cc87c7e8307c01b7/diff:/var/lib/docker/overlay2/121783b16d723429d75e3b798c48bb216feb2779d33fc0ebadaff944374e6d2a/diff:/var/lib/docker/overlay2/fe1ee050453e2545d8ffa39aa5d36fed8847aceb6b8c4daffb81bb25c9d28ca4/diff:/var/lib/docker/overlay2/668d28613c61f1f9bcb84c92239532062e92cc3366b93ab20cfd9e2614792077/diff:/var/lib/docker/overlay2/ed7828a7b1acca0b98cb5794190fc3710eea10d1202afefd10d30c6854a48f99/diff:/var/lib/docker/overlay2/49b889819d8540e32d99729c461b9e489d7718dc3e87239861e7cc91183c8c68/diff:/var/lib/docker/overlay2/28c5282e61b42d3bf49b808206bf4623eda685abd48de3b9a044bcb1a5982e95/diff:/var/lib/docker/overlay2/d9c9f38d19bec17779e58d097f8fa8c2e80bad3fd52a0385026f02567894eea7/diff:/var/lib/docker/overlay2/230473372ac144cde4935dbdc8aa8a809ba60b6469bd9ba6628fc2e417feaaef/diff:/var/lib/docker/overlay2/db0009fa1872bdfff7d5b8bae531af8505c41af1e0166c6dc7ff240bc83b7190/diff:/var/lib/docker/overlay2/695e301b570fc7bea0414c40cb77db1b32bcd94af1e9510e446532c1c3c7707e/diff:/var/lib/docker/overlay2/4b2b6aff132607a2e2b7b8e09d195bdc007557e1d64498f6a17c585c5d7669f1/diff:/var/lib/docker/overlay2/ae57224ccc7d8ffb29d19ac648b88548363d9f32479389919995c034b16e6439/diff:/var/lib/docker/overlay2/d26f5ed07ab4b5b1e02045fef67617a5081c5e444ea94743315043219f76af1a/diff:/var/lib/docker/overlay2/7a0e37f5663cd254deced74959dba052ae92d3be2e395d00f68b76131c4a34fd/diff:/var/lib/docker/overlay2/859d9c3dd8eaab52f727f14831611f257c392f3468ed662a61d87957ffcfa45b/diff:/var/lib/docker/overlay2/0fc17639d2125b45bc91ed5b219404fc839b77bfae46df4e734441265bc22efb/diff:/var/lib/docker/overlay2/68bf7ebc5ebcee92aeb532c4aa71628aa2211985cb36d70fa51ed25e3910e6f6/diff:/var/lib/docker/overlay2/d980fa21bf1c31ffa764ccae7273daaf521d5f6a69b281d6c62765a9149f2b1f/diff",
"MergedDir": "/var/lib/docker/overlay2/10190803a0f28ad1a1f87ca48978645b9f936237824280406c165c495aded917/merged",
"UpperDir": "/var/lib/docker/overlay2/10190803a0f28ad1a1f87ca48978645b9f936237824280406c165c495aded917/diff",
"WorkDir": "/var/lib/docker/overlay2/10190803a0f28ad1a1f87ca48978645b9f936237824280406c165c495aded917/work"
},
"Name": "overlay2"
},
"HostConfig": {
"AutoRemove": false,
"Binds": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceWriteIOps": null,
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Cgroup": "",
"CgroupParent": "",
"ConsoleSize": [
0,
0
],
"ContainerIDFile": "",
"CpuCount": 0,
"CpuPercent": 0,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpuShares": 0,
"CpusetCpus": "",
"CpusetMems": "",
"DeviceCgroupRules": null,
"DeviceRequests": null,
"Devices": [],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IOMaximumBandwidth": 0,
"IOMaximumIOps": 0,
"Init": true,
"IpcMode": "private",
"Isolation": "",
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"Links": [
"/dokku.postgres.railsdatabase:/ruby-getting-started.web.1/dokku-postgres-railsdatabase"
],
"LogConfig": {
"Config": {},
"Type": "json-file"
},
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"NanoCpus": 0,
"NetworkMode": "default",
"OomKillDisable": false,
"OomScoreAdj": 0,
"PidMode": "",
"PidsLimit": null,
"PortBindings": {},
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
],
"ReadonlyRootfs": false,
"RestartPolicy": {
"MaximumRetryCount": 10,
"Name": "on-failure"
},
"Runtime": "runc",
"SecurityOpt": null,
"ShmSize": 67108864,
"UTSMode": "",
"Ulimits": null,
"UsernsMode": "",
"VolumeDriver": "",
"VolumesFrom": null
},
"HostnamePath": "/var/lib/docker/containers/f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6/hostname",
"HostsPath": "/var/lib/docker/containers/f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6/hosts",
"Id": "f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6",
"Image": "sha256:d773ea497402630f65f13f2f8473aea5cd8760893ad87d2dd705c83cf3863bdf",
"LogPath": "/var/lib/docker/containers/f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6/f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6-json.log",
"MountLabel": "",
"Mounts": [],
"Name": "/ruby-getting-started.web.1",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "778867a70c4c1671efd473158a7fffa7706e5744f018c70b010701e340edcdf3",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"Networks": {
"bridge": {
"Aliases": null,
"DriverOpts": null,
"EndpointID": "778867a70c4c1671efd473158a7fffa7706e5744f018c70b010701e340edcdf3",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAMConfig": null,
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"Links": null,
"MacAddress": "02:42:ac:11:00:04",
"NetworkID": "2f33e23b5dc996fe749707484985c710fb80674d905d464335e00a157f410414"
}
},
"Ports": {},
"SandboxID": "f960b84962375ea3c76d2cad23a8379184b21736ddb602b645ca3fd57e1a6f3b",
"SandboxKey": "/var/run/docker/netns/f960b8496237",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null
},
"Path": "/start",
"Platform": "linux",
"ProcessLabel": "",
"ResolvConfPath": "/var/lib/docker/containers/f44e5d800ba3a35afcd7b1f70bf0a61830a7b340a306b2b51eec770d3c6ec7e6/resolv.conf",
"RestartCount": 0,
"State": {
"Dead": false,
"Error": "",
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"OOMKilled": false,
"Paused": false,
"Pid": 21888,
"Restarting": false,
"Running": true,
"StartedAt": "2020-04-06T09:42:41.468032881Z",
"Status": "running"
}
}
]
- The nginx configuration (if applicable) via
dokku nginx:show-config ruby-getting-started
server {
listen [::]:80;
listen 80;
server_name rubygettingstarted.dokku.enberg.io;
access_log /var/log/nginx/ruby-getting-started-access.log;
error_log /var/log/nginx/ruby-getting-started-error.log;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://ruby-getting-started-5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/ruby-getting-started/nginx.conf.d/*.conf;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
location /400-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 404 /404-error.html;
location /404-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 500 501 502 503 504 505 506 507 508 509 510 511 /500-error.html;
location /500-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
}
upstream ruby-getting-started-5000 {
server 172.17.0.4:5000;
}
-
Link to the exact repository being deployed (if possible/applicable): https://github.com/heroku/ruby-getting-started
-
Output of failing Dokku commands after running
dokku trace:on(BEWARE:trace:onwill print environment variables for some commands, be sure you’re not exposing any sensitive information when posting issues. You may replace these values with XXXXXX):
+ export DOKKU_HOST_ROOT=/home/dokku
+ DOKKU_HOST_ROOT=/home/dokku
+ export DOKKU_DISTRO
++ . /etc/os-release
++ echo ubuntu
+ DOKKU_DISTRO=ubuntu
+ export DOCKER_BIN=docker
+ DOCKER_BIN=docker
+ export DOKKU_IMAGE=gliderlabs/herokuish:latest
+ DOKKU_IMAGE=gliderlabs/herokuish:latest
+ export DOKKU_LIB_ROOT=/var/lib/dokku
+ DOKKU_LIB_ROOT=/var/lib/dokku
+ export PLUGIN_PATH=/var/lib/dokku/plugins
+ PLUGIN_PATH=/var/lib/dokku/plugins
+ export PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ export PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ export PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ export PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ export PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ export DOKKU_SYSTEM_GROUP=dokku
+ DOKKU_SYSTEM_GROUP=dokku
+ export DOKKU_SYSTEM_USER=dokku
+ DOKKU_SYSTEM_USER=dokku
+ export DOKKU_API_VERSION=1
+ DOKKU_API_VERSION=1
+ export DOKKU_NOT_IMPLEMENTED_EXIT=10
+ DOKKU_NOT_IMPLEMENTED_EXIT=10
+ export DOKKU_VALID_EXIT=0
+ DOKKU_VALID_EXIT=0
+ export DOKKU_PID=10564
+ DOKKU_PID=10564
+ export DOKKU_LOGS_DIR=/var/log/dokku
+ DOKKU_LOGS_DIR=/var/log/dokku
+ export DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ export DOKKU_CONTAINER_LABEL=dokku
+ DOKKU_CONTAINER_LABEL=dokku
+ export 'DOKKU_GLOBAL_BUILD_ARGS=--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ DOKKU_GLOBAL_BUILD_ARGS='--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ export 'DOKKU_GLOBAL_RUN_ARGS=--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ DOKKU_GLOBAL_RUN_ARGS='--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ parse_args letsencrypt ruby-getting-started
+ declare 'desc=top-level cli arg parser'
+ local next_index=1
+ local skip=false
+ args=("$@")
+ local args
+ local flags
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ [[ false == \t\r\u\e ]]
+ [[ letsencrypt == \-\-\a\p\p ]]
+ [[ letsencrypt =~ ^--.* ]]
+ next_index=2
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ [[ false == \t\r\u\e ]]
+ [[ ruby-getting-started == \-\-\a\p\p ]]
+ [[ ruby-getting-started =~ ^--.* ]]
+ next_index=3
+ [[ -z '' ]]
++ sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'
++ echo -e ''
+ export DOKKU_GLOBAL_FLAGS=
+ DOKKU_GLOBAL_FLAGS=
+ return 0
+ args=("$@")
+ skip_arg=false
+ [[ letsencrypt =~ ^--.* ]]
+ has_tty
+ declare 'desc=return 0 if we have a tty'
++ LC_ALL=C
++ /usr/bin/tty
+ [[ /dev/pts/0 == \n\o\t\ \a\ \t\t\y ]]
+ return 0
++ id -un
+ [[ root != \d\o\k\k\u ]]
+ [[ ! letsencrypt =~ plugin:* ]]
+ [[ letsencrypt != \s\s\h\-\k\e\y\s\:\a\d\d ]]
+ [[ letsencrypt != \s\s\h\-\k\e\y\s\:\r\e\m\o\v\e ]]
++ id -un
+ export SSH_USER=root
+ SSH_USER=root
+ sudo -u dokku -E -H /usr/bin/dokku letsencrypt ruby-getting-started
+ export DOKKU_HOST_ROOT=/home/dokku
+ DOKKU_HOST_ROOT=/home/dokku
+ export DOKKU_DISTRO
++ . /etc/os-release
++ echo ubuntu
+ DOKKU_DISTRO=ubuntu
+ export DOCKER_BIN=docker
+ DOCKER_BIN=docker
+ export DOKKU_IMAGE=gliderlabs/herokuish:latest
+ DOKKU_IMAGE=gliderlabs/herokuish:latest
+ export DOKKU_LIB_ROOT=/var/lib/dokku
+ DOKKU_LIB_ROOT=/var/lib/dokku
+ export PLUGIN_PATH=/var/lib/dokku/plugins
+ PLUGIN_PATH=/var/lib/dokku/plugins
+ export PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ export PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ export PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ export PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ export PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ export DOKKU_SYSTEM_GROUP=dokku
+ DOKKU_SYSTEM_GROUP=dokku
+ export DOKKU_SYSTEM_USER=dokku
+ DOKKU_SYSTEM_USER=dokku
+ export DOKKU_API_VERSION=1
+ DOKKU_API_VERSION=1
+ export DOKKU_NOT_IMPLEMENTED_EXIT=10
+ DOKKU_NOT_IMPLEMENTED_EXIT=10
+ export DOKKU_VALID_EXIT=0
+ DOKKU_VALID_EXIT=0
+ export DOKKU_PID=10574
+ DOKKU_PID=10574
+ export DOKKU_LOGS_DIR=/var/log/dokku
+ DOKKU_LOGS_DIR=/var/log/dokku
+ export DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ export DOKKU_CONTAINER_LABEL=dokku
+ DOKKU_CONTAINER_LABEL=dokku
+ export 'DOKKU_GLOBAL_BUILD_ARGS=--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ DOKKU_GLOBAL_BUILD_ARGS='--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ export 'DOKKU_GLOBAL_RUN_ARGS=--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ DOKKU_GLOBAL_RUN_ARGS='--label=org.label-schema.schema-version=1.0 --label=org.label-schema.vendor=dokku --label=dokku'
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ parse_args letsencrypt ruby-getting-started
+ declare 'desc=top-level cli arg parser'
+ local next_index=1
+ local skip=false
+ args=("$@")
+ local args
+ local flags
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ [[ false == \t\r\u\e ]]
+ [[ letsencrypt == \-\-\a\p\p ]]
+ [[ letsencrypt =~ ^--.* ]]
+ next_index=2
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ [[ false == \t\r\u\e ]]
+ [[ ruby-getting-started == \-\-\a\p\p ]]
+ [[ ruby-getting-started =~ ^--.* ]]
+ next_index=3
+ [[ -z '' ]]
++ sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'
++ echo -e ''
+ export DOKKU_GLOBAL_FLAGS=
+ DOKKU_GLOBAL_FLAGS=
+ return 0
+ args=("$@")
+ skip_arg=false
+ [[ letsencrypt =~ ^--.* ]]
+ has_tty
+ declare 'desc=return 0 if we have a tty'
++ LC_ALL=C
++ /usr/bin/tty
+ [[ /dev/pts/0 == \n\o\t\ \a\ \t\t\y ]]
+ return 0
++ id -un
+ [[ dokku != \d\o\k\k\u ]]
+ [[ letsencrypt =~ ^plugin:.* ]]
+ [[ letsencrypt == \s\s\h\-\k\e\y\s\:\a\d\d ]]
+ [[ letsencrypt == \s\s\h\-\k\e\y\s\:\r\e\m\o\v\e ]]
+ [[ -n '' ]]
+ dokku_auth letsencrypt ruby-getting-started
+ declare 'desc=calls user-auth plugin trigger'
+ export SSH_USER=root
+ SSH_USER=root
+ export SSH_NAME=default
+ SSH_NAME=default
++ wc -l
++ find /var/lib/dokku/plugins/enabled/20_events/user-auth
+ [[ 1 == 1 ]]
+ return 0
+ case "$1" in
+ execute_dokku_cmd letsencrypt ruby-getting-started
+ declare 'desc=executes dokku sub-commands'
+ local PLUGIN_NAME=letsencrypt
+ local PLUGIN_CMD=letsencrypt
+ local implemented=0
+ local script
+ argv=("$@")
+ local argv
+ case "$PLUGIN_NAME" in
++ readlink -f /var/lib/dokku/plugins/enabled/letsencrypt
+ [[ /var/lib/dokku/plugins/available/letsencrypt == *core-plugins* ]]
+ [[ -x /var/lib/dokku/plugins/enabled/letsencrypt/subcommands/default ]]
+ /var/lib/dokku/plugins/enabled/letsencrypt/subcommands/default letsencrypt ruby-getting-started
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ source /var/lib/dokku/core-plugins/available/nginx-vhosts/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
++ source /var/lib/dokku/core-plugins/available/common/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
++ source /var/lib/dokku/plugins/available/certs/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++ source /var/lib/dokku/plugins/available/config/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++ source /var/lib/dokku/plugins/available/domains/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++ source /var/lib/dokku/plugins/available/ps/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
+++ source /var/lib/dokku/plugins/available/config/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++++ source /var/lib/dokku/core-plugins/available/common/functions
+++++ set -eo pipefail
+++++ [[ -n 1 ]]
+++++ set -x
++ source /var/lib/dokku/plugins/available/nginx-vhosts/internal-functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/property-functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
+ source /var/lib/dokku/plugins/available/letsencrypt/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
++ source /var/lib/dokku/core-plugins/available/common/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
++ source /var/lib/dokku/core-plugins/available/config/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++ source /var/lib/dokku/core-plugins/available/certs/functions
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ source /var/lib/dokku/core-plugins/available/common/functions
++++ set -eo pipefail
++++ [[ -n 1 ]]
++++ set -x
++++ dirname /var/lib/dokku/plugins/available/letsencrypt/functions
+++ cd /var/lib/dokku/plugins/available/letsencrypt
+++ pwd
++ source /var/lib/dokku/plugins/available/letsencrypt/config
+++ set -eo pipefail
+++ [[ -n 1 ]]
+++ set -x
+++ export LETSENCRYPT_IMAGE=dokku/letsencrypt
+++ LETSENCRYPT_IMAGE=dokku/letsencrypt
+++ export LETSENCRYPT_IMAGE_VERSION=0.1.0
+++ LETSENCRYPT_IMAGE_VERSION=0.1.0
+++ export PLUGIN_DISABLE_PULL=
+++ PLUGIN_DISABLE_PULL=
+++ export PLUGIN_DISABLE_PULL_VARIABLE=LETSENCRYPT_DISABLE_PULL
+++ PLUGIN_DISABLE_PULL_VARIABLE=LETSENCRYPT_DISABLE_PULL
+++ export PLUGIN_IMAGE=dokku/letsencrypt
+++ PLUGIN_IMAGE=dokku/letsencrypt
+++ export PLUGIN_IMAGE_VERSION=0.1.0
+++ PLUGIN_IMAGE_VERSION=0.1.0
+++ dirname /var/lib/dokku/plugins/enabled/letsencrypt/subcommands/default
++ cd /var/lib/dokku/plugins/enabled/letsencrypt/subcommands/..
++ pwd
+ source /var/lib/dokku/plugins/enabled/letsencrypt/config
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
++ export LETSENCRYPT_IMAGE=dokku/letsencrypt
++ LETSENCRYPT_IMAGE=dokku/letsencrypt
++ export LETSENCRYPT_IMAGE_VERSION=0.1.0
++ LETSENCRYPT_IMAGE_VERSION=0.1.0
++ export PLUGIN_DISABLE_PULL=
++ PLUGIN_DISABLE_PULL=
++ export PLUGIN_DISABLE_PULL_VARIABLE=LETSENCRYPT_DISABLE_PULL
++ PLUGIN_DISABLE_PULL_VARIABLE=LETSENCRYPT_DISABLE_PULL
++ export PLUGIN_IMAGE=dokku/letsencrypt
++ PLUGIN_IMAGE=dokku/letsencrypt
++ export PLUGIN_IMAGE_VERSION=0.1.0
++ PLUGIN_IMAGE_VERSION=0.1.0
+ letsencrypt_default_cmd letsencrypt ruby-getting-started
+ declare 'desc=Validate an app'\''s domains and retrieve a certificate'
+ local cmd=letsencrypt
+ argv=("$@")
+ local argv
+ [[ letsencrypt == \l\e\t\s\e\n\c\r\y\p\t ]]
+ shift 1
+ [[ ! -z '' ]]
+ set -- letsencrypt ruby-getting-started
+ local app=ruby-getting-started
+ [[ -z ruby-getting-started ]]
+ dokku_log_info2 'Let'\''s Encrypt ruby-getting-started'
+ declare 'desc=log info2 formatter'
+ echo '=====> Let'\''s Encrypt ruby-getting-started'
=====> Let's Encrypt ruby-getting-started
++ get_available_port
++ declare 'desc=returns first currently unused port > 1024'
++ true
+++ shuf -i 1025-65535 -n 1
++ local port=18494
++ nc -z 0.0.0.0 18494
++ echo 18494
++ return 0
+ local acme_port=18494
+ letsencrypt_check_email ruby-getting-started
+ declare 'desc=Check if an e-mail address is provided globally or for the app'
+ local app=ruby-getting-started
+ verify_app_name ruby-getting-started
+ declare 'desc=verify app name format and app existence'
+ local APP=ruby-getting-started
+ is_valid_app_name ruby-getting-started
+ declare 'desc=verify app name format'
+ local APP=ruby-getting-started
+ [[ -z ruby-getting-started ]]
+ [[ ruby-getting-started =~ ^[a-z].* ]]
+ [[ ! ruby-getting-started =~ [A-Z] ]]
+ [[ ! ruby-getting-started =~ [:] ]]
+ return 0
+ [[ ! -d /home/dokku/ruby-getting-started ]]
+ return 0
++ config_export global
++ declare 'desc=returns export command for config variable of specified type (app/global)'
++ local CONFIG_TYPE=global
++ shift
++ local APP=
++ [[ global == \g\l\o\b\a\l ]]
++ APP=--global
++ config_sub export --global
++ declare 'desc=executes a config subcommand'
++ local name=export
++ shift
++ /var/lib/dokku/plugins/available/config/subcommands/export config:export --global
++ return 0
+ eval 'export CURL_CONNECT_TIMEOUT='\''90'\''
export CURL_TIMEOUT='\''600'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\'''
++ export CURL_CONNECT_TIMEOUT=90
++ CURL_CONNECT_TIMEOUT=90
++ export CURL_TIMEOUT=600
++ CURL_TIMEOUT=600
++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ config_export app ruby-getting-started
++ declare 'desc=returns export command for config variable of specified type (app/global)'
++ local CONFIG_TYPE=app
++ shift
++ local APP=ruby-getting-started
++ [[ app == \g\l\o\b\a\l ]]
++ shift
++ config_sub export ruby-getting-started
++ declare 'desc=executes a config subcommand'
++ local name=export
++ shift
++ /var/lib/dokku/plugins/available/config/subcommands/export config:export ruby-getting-started
++ return 0
+ eval 'export DATABASE_URL='\''postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase'\''
export DOKKU_APP_RESTORE='\''1'\''
export DOKKU_APP_TYPE='\''herokuish'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\''
export DOKKU_LETSENCRYPT_SERVER='\''staging'\''
export DOKKU_PROXY_PORT='\''80'\''
export DOKKU_PROXY_PORT_MAP='\''http:80:5000 '\''
export GIT_REV='\''9ddca7b694875499165eb56adffd3e29b38405c5'\''
export NO_VHOST='\''0'\'''
++ export DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
++ DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
++ export DOKKU_APP_RESTORE=1
++ DOKKU_APP_RESTORE=1
++ export DOKKU_APP_TYPE=herokuish
++ DOKKU_APP_TYPE=herokuish
++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ export DOKKU_LETSENCRYPT_SERVER=staging
++ DOKKU_LETSENCRYPT_SERVER=staging
++ export DOKKU_PROXY_PORT=80
++ DOKKU_PROXY_PORT=80
++ export 'DOKKU_PROXY_PORT_MAP=http:80:5000 '
++ DOKKU_PROXY_PORT_MAP='http:80:5000 '
++ export GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
++ GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
++ export NO_VHOST=0
++ NO_VHOST=0
+ local email=XXXXXX
+ '[' -z XXXXXX ']'
+ letsencrypt_update
+ declare 'desc=update the docker image used for ACME validation'
+ dokku_log_info1 'Updating letsencrypt docker image...'
+ declare 'desc=log info1 formatter'
+ echo '-----> Updating letsencrypt docker image...'
-----> Updating letsencrypt docker image...
+ docker pull dokku/letsencrypt:0.1.0
0.1.0: Pulling from dokku/letsencrypt
Digest: sha256:af5f8529c407645e97821ad28eba328f4c59b83b2141334f899303c49fc07823
Status: Image is up to date for dokku/letsencrypt:0.1.0
docker.io/dokku/letsencrypt:0.1.0
+ dokku_log_verbose 'Done updating'
+ declare 'desc=log verbose formatter'
+ echo ' Done updating'
Done updating
+ letsencrypt_acmeproxy_on ruby-getting-started 18494
+ declare 'desc=enable ACME proxy for an app'
+ local app=ruby-getting-started
+ verify_app_name ruby-getting-started
+ declare 'desc=verify app name format and app existence'
+ local APP=ruby-getting-started
+ is_valid_app_name ruby-getting-started
+ declare 'desc=verify app name format'
+ local APP=ruby-getting-started
+ [[ -z ruby-getting-started ]]
+ [[ ruby-getting-started =~ ^[a-z].* ]]
+ [[ ! ruby-getting-started =~ [A-Z] ]]
+ [[ ! ruby-getting-started =~ [:] ]]
+ return 0
+ [[ ! -d /home/dokku/ruby-getting-started ]]
+ return 0
+ local acme_port=18494
+ local app_root=/home/dokku/ruby-getting-started
+ local app_config_dir=/home/dokku/ruby-getting-started/nginx.conf.d
+ dokku_log_info1 'Enabling ACME proxy for ruby-getting-started...'
+ declare 'desc=log info1 formatter'
+ echo '-----> Enabling ACME proxy for ruby-getting-started...'
-----> Enabling ACME proxy for ruby-getting-started...
+ [[ -d /home/dokku/ruby-getting-started/nginx.conf.d ]]
+ sigil -f /var/lib/dokku/plugins/available/letsencrypt/templates/letsencrypt.conf.sigil ACME_PORT=18494
+ restart_nginx
+ declare 'desc=restart nginx for given distros'
+ fn-nginx-vhosts-nginx-init-cmd reload
+ declare 'desc=start nginx for given distros'
+ declare CMD=reload
+ local NGINX_INIT_NAME
+ NGINX_INIT_NAME=nginx
+ fn-nginx-vhosts-uses-openresty
+ declare 'desc=returns whether openresty is in use or not'
+ [[ -x /usr/bin/openresty ]]
+ return 1
+ case "$DOKKU_DISTRO" in
+ [[ -x /usr/bin/sv ]]
+ sudo /etc/init.d/nginx reload
[ ok ] Reloading nginx configuration (via systemctl): nginx.service.
+ letsencrypt_acme ruby-getting-started 18494
+ declare 'desc=perform actual ACME validation procedure'
+ local app=ruby-getting-started
+ local acme_port=18494
+ letsencrypt_create_root ruby-getting-started
+ declare 'desc=Ensure the let'\''s encrypt root directory exists'
+ local app=ruby-getting-started
+ verify_app_name ruby-getting-started
+ declare 'desc=verify app name format and app existence'
+ local APP=ruby-getting-started
+ is_valid_app_name ruby-getting-started
+ declare 'desc=verify app name format'
+ local APP=ruby-getting-started
+ [[ -z ruby-getting-started ]]
+ [[ ruby-getting-started =~ ^[a-z].* ]]
+ [[ ! ruby-getting-started =~ [A-Z] ]]
+ [[ ! ruby-getting-started =~ [:] ]]
+ return 0
+ [[ ! -d /home/dokku/ruby-getting-started ]]
+ return 0
+ local app_root=/home/dokku/ruby-getting-started
+ local le_root=/home/dokku/ruby-getting-started/letsencrypt
+ mkdir -p /home/dokku/ruby-getting-started/letsencrypt
+ dokku_log_info1 'Getting letsencrypt certificate for ruby-getting-started...'
+ declare 'desc=log info1 formatter'
+ echo '-----> Getting letsencrypt certificate for ruby-getting-started...'
-----> Getting letsencrypt certificate for ruby-getting-started...
++ letsencrypt_configure_and_get_dir ruby-getting-started
++ declare 'desc=assemble simp_le command line arguments and create a config hash directory for them'
++ local app=ruby-getting-started
++ verify_app_name ruby-getting-started
++ declare 'desc=verify app name format and app existence'
++ local APP=ruby-getting-started
++ is_valid_app_name ruby-getting-started
++ declare 'desc=verify app name format'
++ local APP=ruby-getting-started
++ [[ -z ruby-getting-started ]]
++ [[ ruby-getting-started =~ ^[a-z].* ]]
++ [[ ! ruby-getting-started =~ [A-Z] ]]
++ [[ ! ruby-getting-started =~ [:] ]]
++ return 0
++ [[ ! -d /home/dokku/ruby-getting-started ]]
++ return 0
++ local app_root=/home/dokku/ruby-getting-started
++ local le_root=/home/dokku/ruby-getting-started/letsencrypt
+++ config_export global
+++ declare 'desc=returns export command for config variable of specified type (app/global)'
+++ local CONFIG_TYPE=global
+++ shift
+++ local APP=
+++ [[ global == \g\l\o\b\a\l ]]
+++ APP=--global
+++ config_sub export --global
+++ declare 'desc=executes a config subcommand'
+++ local name=export
+++ shift
+++ /var/lib/dokku/plugins/available/config/subcommands/export config:export --global
+++ return 0
++ eval 'export CURL_CONNECT_TIMEOUT='\''90'\''
export CURL_TIMEOUT='\''600'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\'''
+++ export CURL_CONNECT_TIMEOUT=90
+++ CURL_CONNECT_TIMEOUT=90
+++ export CURL_TIMEOUT=600
+++ CURL_TIMEOUT=600
+++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
+++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
+++ config_export app ruby-getting-started
+++ declare 'desc=returns export command for config variable of specified type (app/global)'
+++ local CONFIG_TYPE=app
+++ shift
+++ local APP=ruby-getting-started
+++ [[ app == \g\l\o\b\a\l ]]
+++ shift
+++ config_sub export ruby-getting-started
+++ declare 'desc=executes a config subcommand'
+++ local name=export
+++ shift
+++ /var/lib/dokku/plugins/available/config/subcommands/export config:export ruby-getting-started
+++ return 0
++ eval 'export DATABASE_URL='\''postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase'\''
export DOKKU_APP_RESTORE='\''1'\''
export DOKKU_APP_TYPE='\''herokuish'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\''
export DOKKU_LETSENCRYPT_SERVER='\''staging'\''
export DOKKU_PROXY_PORT='\''80'\''
export DOKKU_PROXY_PORT_MAP='\''http:80:5000 '\''
export GIT_REV='\''9ddca7b694875499165eb56adffd3e29b38405c5'\''
export NO_VHOST='\''0'\'''
+++ export DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
+++ DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
+++ export DOKKU_APP_RESTORE=1
+++ DOKKU_APP_RESTORE=1
+++ export DOKKU_APP_TYPE=herokuish
+++ DOKKU_APP_TYPE=herokuish
+++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
+++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
+++ export DOKKU_LETSENCRYPT_SERVER=staging
+++ DOKKU_LETSENCRYPT_SERVER=staging
+++ export DOKKU_PROXY_PORT=80
+++ DOKKU_PROXY_PORT=80
+++ export 'DOKKU_PROXY_PORT_MAP=http:80:5000 '
+++ DOKKU_PROXY_PORT_MAP='http:80:5000 '
+++ export GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
+++ GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
+++ export NO_VHOST=0
+++ NO_VHOST=0
++ local server=staging
++ '[' -z staging ']'
++ '[' staging == default ']'
++ '[' staging == staging ']'
++ server=https://acme-staging-v02.api.letsencrypt.org/directory
+++ get_app_domains ruby-getting-started
+++ declare 'desc=return app domains'
+++ verify_app_name ruby-getting-started
+++ declare 'desc=verify app name format and app existence'
+++ local APP=ruby-getting-started
+++ is_valid_app_name ruby-getting-started
+++ declare 'desc=verify app name format'
+++ local APP=ruby-getting-started
+++ [[ -z ruby-getting-started ]]
+++ [[ ruby-getting-started =~ ^[a-z].* ]]
+++ [[ ! ruby-getting-started =~ [A-Z] ]]
+++ [[ ! ruby-getting-started =~ [:] ]]
+++ return 0
+++ [[ ! -d /home/dokku/ruby-getting-started ]]
+++ return 0
+++ local APP=ruby-getting-started
+++ local APP_VHOST_FILE=/home/dokku/ruby-getting-started/VHOST
+++ local GLOBAL_VHOST_PATH=/home/dokku/VHOST
+++ local GLOBAL_HOSTNAME_PATH=/home/dokku/HOSTNAME
++++ is_app_vhost_enabled ruby-getting-started
++++ declare 'desc=returns true or false if vhost support is enabled for a given application'
++++ source /var/lib/dokku/plugins/available/config/functions
+++++ set -eo pipefail
+++++ [[ -n 1 ]]
+++++ set -x
+++++ source /var/lib/dokku/core-plugins/available/common/functions
++++++ set -eo pipefail
++++++ [[ -n 1 ]]
++++++ set -x
++++ local APP=ruby-getting-started
++++ verify_app_name ruby-getting-started
++++ declare 'desc=verify app name format and app existence'
++++ local APP=ruby-getting-started
++++ is_valid_app_name ruby-getting-started
++++ declare 'desc=verify app name format'
++++ local APP=ruby-getting-started
++++ [[ -z ruby-getting-started ]]
++++ [[ ruby-getting-started =~ ^[a-z].* ]]
++++ [[ ! ruby-getting-started =~ [A-Z] ]]
++++ [[ ! ruby-getting-started =~ [:] ]]
++++ return 0
++++ [[ ! -d /home/dokku/ruby-getting-started ]]
++++ return 0
+++++ config_get ruby-getting-started NO_VHOST
+++++ declare 'desc=get value of given config var'
+++++ config_sub get ruby-getting-started NO_VHOST
+++++ declare 'desc=executes a config subcommand'
+++++ local name=get
+++++ shift
+++++ /var/lib/dokku/plugins/available/config/subcommands/get config:get ruby-getting-started NO_VHOST
++++ local NO_VHOST=0
++++ local APP_VHOST_ENABLED=true
++++ [[ 0 == \1 ]]
++++ echo true
+++ [[ true == \t\r\u\e ]]
+++ [[ -f /home/dokku/ruby-getting-started/VHOST ]]
+++ cat /home/dokku/ruby-getting-started/VHOST
++ local domains=rubygettingstarted.dokku.enberg.io
++ local domain_args=
++ for domain in $domains
++ dokku_log_verbose ' - Domain '\''rubygettingstarted.dokku.enberg.io'\'''
++ declare 'desc=log verbose formatter'
++ echo ' - Domain '\''rubygettingstarted.dokku.enberg.io'\'''
- Domain 'rubygettingstarted.dokku.enberg.io'
++ domain_args=' -d rubygettingstarted.dokku.enberg.io'
++ local 'config=--server https://acme-staging-v02.api.letsencrypt.org/directory --email XXXXXX -d rubygettingstarted.dokku.enberg.io'
+++ awk '{print $1}'
+++ sha1sum
+++ echo '--server https://acme-staging-v02.api.letsencrypt.org/directory --email XXXXXX -d rubygettingstarted.dokku.enberg.io'
++ local config_hash=5f542cb3d0af88560e656377333d357ec5803c05
++ local config_dir=/home/dokku/ruby-getting-started/letsencrypt/certs/5f542cb3d0af88560e656377333d357ec5803c05
++ mkdir -p /home/dokku/ruby-getting-started/letsencrypt/certs/5f542cb3d0af88560e656377333d357ec5803c05
++ echo '--server https://acme-staging-v02.api.letsencrypt.org/directory --email XXXXXX -d rubygettingstarted.dokku.enberg.io'
++ echo /home/dokku/ruby-getting-started/letsencrypt/certs/5f542cb3d0af88560e656377333d357ec5803c05
+ local config_dir=/home/dokku/ruby-getting-started/letsencrypt/certs/5f542cb3d0af88560e656377333d357ec5803c05
+ read -r -a config
++ config_export global
++ declare 'desc=returns export command for config variable of specified type (app/global)'
++ local CONFIG_TYPE=global
++ shift
++ local APP=
++ [[ global == \g\l\o\b\a\l ]]
++ APP=--global
++ config_sub export --global
++ declare 'desc=executes a config subcommand'
++ local name=export
++ shift
++ /var/lib/dokku/plugins/available/config/subcommands/export config:export --global
++ return 0
+ eval 'export CURL_CONNECT_TIMEOUT='\''90'\''
export CURL_TIMEOUT='\''600'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\'''
++ export CURL_CONNECT_TIMEOUT=90
++ CURL_CONNECT_TIMEOUT=90
++ export CURL_TIMEOUT=600
++ CURL_TIMEOUT=600
++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ config_export app ruby-getting-started
++ declare 'desc=returns export command for config variable of specified type (app/global)'
++ local CONFIG_TYPE=app
++ shift
++ local APP=ruby-getting-started
++ [[ app == \g\l\o\b\a\l ]]
++ shift
++ config_sub export ruby-getting-started
++ declare 'desc=executes a config subcommand'
++ local name=export
++ shift
++ /var/lib/dokku/plugins/available/config/subcommands/export config:export ruby-getting-started
++ return 0
+ eval 'export DATABASE_URL='\''postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase'\''
export DOKKU_APP_RESTORE='\''1'\''
export DOKKU_APP_TYPE='\''herokuish'\''
export DOKKU_LETSENCRYPT_EMAIL='\''XXXXXX'\''
export DOKKU_LETSENCRYPT_SERVER='\''staging'\''
export DOKKU_PROXY_PORT='\''80'\''
export DOKKU_PROXY_PORT_MAP='\''http:80:5000 '\''
export GIT_REV='\''9ddca7b694875499165eb56adffd3e29b38405c5'\''
export NO_VHOST='\''0'\'''
++ export DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
++ DATABASE_URL=postgres://postgres:b5002a21859a3dd706b1d8d56aef084a@dokku-postgres-railsdatabase:5432/railsdatabase
++ export DOKKU_APP_RESTORE=1
++ DOKKU_APP_RESTORE=1
++ export DOKKU_APP_TYPE=herokuish
++ DOKKU_APP_TYPE=herokuish
++ export DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ DOKKU_LETSENCRYPT_EMAIL=XXXXXX
++ export DOKKU_LETSENCRYPT_SERVER=staging
++ DOKKU_LETSENCRYPT_SERVER=staging
++ export DOKKU_PROXY_PORT=80
++ DOKKU_PROXY_PORT=80
++ export 'DOKKU_PROXY_PORT_MAP=http:80:5000 '
++ DOKKU_PROXY_PORT_MAP='http:80:5000 '
++ export GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
++ GIT_REV=9ddca7b694875499165eb56adffd3e29b38405c5
++ export NO_VHOST=0
++ NO_VHOST=0
+ local graceperiod=2592000
+ set +e
+ docker run --rm -p 18494:80 -v /home/dokku/ruby-getting-started/letsencrypt/certs/5f542cb3d0af88560e656377333d357ec5803c05:/certs dokku/letsencrypt:0.1.0 -f account_key.json -f account_reg.json -f fullchain.pem -f chain.pem -f cert.pem -f key.pem --valid_min 2592000 --server https://acme-staging-v02.api.letsencrypt.org/directory --email XXXXXX -d rubygettingstarted.dokku.enberg.io
darkhttpd/1.12, copyright (c) 2003-2016 Emil Mikulic.
listening on: http://0.0.0.0:80/
2020-04-06 10:03:25,094:INFO:__main__:1406: Generating new certificate private key
2020-04-06 10:03:29,340:ERROR:__main__:1388: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/47732561
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
+ local simple_result=2
+ set -e
+ [[ 2 == 0 ]]
+ [[ 2 == 1 ]]
+ dokku_log_info1 'Certificate retrieval failed!'
+ declare 'desc=log info1 formatter'
+ echo '-----> Certificate retrieval failed!'
-----> Certificate retrieval failed!
+ return
+ letsencrypt_acmeproxy_off ruby-getting-started
+ declare 'desc=disable ACME proxy for an app'
+ local app=ruby-getting-started
+ verify_app_name ruby-getting-started
+ declare 'desc=verify app name format and app existence'
+ local APP=ruby-getting-started
+ is_valid_app_name ruby-getting-started
+ declare 'desc=verify app name format'
+ local APP=ruby-getting-started
+ [[ -z ruby-getting-started ]]
+ [[ ruby-getting-started =~ ^[a-z].* ]]
+ [[ ! ruby-getting-started =~ [A-Z] ]]
+ [[ ! ruby-getting-started =~ [:] ]]
+ return 0
+ [[ ! -d /home/dokku/ruby-getting-started ]]
+ return 0
+ local app_root=/home/dokku/ruby-getting-started
+ local app_config_dir=/home/dokku/ruby-getting-started/nginx.conf.d
+ dokku_log_info1 'Disabling ACME proxy for ruby-getting-started...'
+ declare 'desc=log info1 formatter'
+ echo '-----> Disabling ACME proxy for ruby-getting-started...'
-----> Disabling ACME proxy for ruby-getting-started...
+ [[ -f /home/dokku/ruby-getting-started/nginx.conf.d/letsencrypt.conf ]]
+ rm /home/dokku/ruby-getting-started/nginx.conf.d/letsencrypt.conf
+ restart_nginx
+ declare 'desc=restart nginx for given distros'
+ fn-nginx-vhosts-nginx-init-cmd reload
+ declare 'desc=start nginx for given distros'
+ declare CMD=reload
+ local NGINX_INIT_NAME
+ NGINX_INIT_NAME=nginx
+ fn-nginx-vhosts-uses-openresty
+ declare 'desc=returns whether openresty is in use or not'
+ [[ -x /usr/bin/openresty ]]
+ return 1
+ case "$DOKKU_DISTRO" in
+ [[ -x /usr/bin/sv ]]
+ sudo /etc/init.d/nginx reload
[ ok ] Reloading nginx configuration (via systemctl): nginx.service.
+ dokku_log_verbose done
+ declare 'desc=log verbose formatter'
+ echo ' done'
done
+ implemented=1
+ [[ 1 -eq 0 ]]
+ [[ 1 -eq 0 ]]
+ exit 0
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 5
- Comments: 16 (3 by maintainers)
@isakemanuel In case it helps, I was having the same problem and managed to fix it by rebuilding the app (
dokku ps:rebuild myapp) and setting the ports again (dokku proxy:ports-add myapp http:80:5000).I was getting the same error. Apparently an extra domain was added to the application. I found out by following the final link in the error message:
2020-05-01 13:40:56,296:ERROR:__main__:1388: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/<SOME_UNIQUE_ID>Then I could see that it was expecting a certain DNS record that didn’t exist. Removing the invalid domain fixed it
I’ve run into the same problem, this solved it for me. TL;DR you need to make sure your host port runs on
801. Check your host and container ports
You can do this by running the command
dokku proxy:ports <YOUR APP>. This will return the ports like this2. Set the host port to 80
You can do this by running the command
dokku proxy:ports-set <YOUR APP> http:80:5000This will set your host port to 80 while your container port remains 5000.
3. Verify the host port runs on 80
Again run command
dokku proxy:ports <YOUR APP>. The port should then look like this:4. Rerun the
dokku letsencrypt <YOUR APP>commandHope that will help someone…
What worked for me was revoking the certificate and then generate a new one:
Everything checked out for me and yet still this error. I figured it was probably an issue in the zero downtime finery and decided to bypass it, which worked!
I temporarily replaced the
Dockerfilefor my app with one that looks like this (likely you’ll need to have tried and failed to have the dokku/letsencrypt image available):Note that the dokku proxy must be set up to use port 80. Mine incidentally did as my real image is on this port.
I added this option so the certs would be written to a volume:
After deploying this, I did
docker exec -ti myapp.web.1 shand ran (as cribbed from source of plugin):This succeeded and wrote out certs.