SSL problem - Installation on a local host server

Good morning,

I would like to ask for help here because I installed seatable enterprise on a hosted vm locally behind a firewall.

So I proceeded with the installation following the procedure in the guide, and I created a public DNS declaration.

Except that the vm being on a private LAN I had to set up a port forwarding towards my vm.

The dns declaration therefore points to my firewall which, from a port that I have assigned, redirects to the https port of the vm and therefore caddy.

Except that by typing the URL on a browser I end up with an SSL error.

Is this method possibly functional or is there a reason why it will not work?

Thanks.

Did you forward the ports 80 and 443?
Please execute:

docker logs caddy

This should show you, why caddy could not get a certificate for the domain.
Best regards
Christoph

Since the http and https ports on my firewall are already used for administration, I created a redirection rule for any connection to my firewall on port 2653 to port 443 of my vm.

I do not actually redirect the http because the seatable server is configured to work in https, do I necessarily have to redirect the http port too?

From outside I try as url: https://seatable-itni.ddns.net:2653

Here are the logs:

{“level”:“info”,“ts”:1733495627.5655549,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“seatable-itni .ddns .net”,“challenge_type”:“tls-alpn-01”,“ca”:“https ://acme-staging-v02 .api .letsencrypt .org/directory”}
{“level”:“error”,“ts”:1733495628.5160923,“logger”:“http.acme_client”,“msg”:“challenge failed”,“identifier”:“seatable-itni .ddns .net”,“challenge_type”:“tls-alpn-01”,“problem”:{“type”:“urn:ietf:params:acme:error:unauthorized”,“title”:“”,“detail”:“Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge”,“instance”:“”,“subproblems”:}}
{“level”:“error”,“ts”:1733495628.5161452,“logger”:“http.acme_client”,“msg”:“validating authorization”,“identifier”:“seatable-itni .ddns .net”,“problem”:{“type”:“urn:ietf:params:acme:error:unauthorized”,“title”:“”,“detail”:“Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge”,“instance”:“”,“subproblems”:},“order”:“https ://acme-staging-v02 .api .letsencrypt .org/acme/order/174866534/21087162874”,“attempt”:1,“max_attempts”:3}
{“level”:“info”,“ts”:1733495629.8318624,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“seatable-itni .ddns .net”,“challenge_type”:“http-01”,“ca”:“https ://acme-staging-v02 .api .letsencrypt .org/directory”}
{“level”:“error”,“ts”:1733495640.3100283,“logger”:“http.acme_client”,“msg”:“challenge failed”,“identifier”:“seatable-itni .ddns .net”,“challenge_type”:“http-01”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“185.118.19.181: Fetching http ://seatable-itni .ddns .net/.well-known/acme-challenge/fU47-2MIaKxqs2BE6uHAy6He6IIAr70xp4dlsbNO2kQ: Timeout during connect (likely firewall problem)”,“instance”:“”,“subproblems”:}}
{“level”:“error”,“ts”:1733495640.3100753,“logger”:“http.acme_client”,“msg”:“validating authorization”,“identifier”:“seatable-itni .ddns .net”,“problem”:{“type”:“urn:ietf:params:acme:error:connection”,“title”:“”,“detail”:“185.118.19.181: Fetching http ://seatable-itni .ddns .net/.well-known/acme-challenge/fU47-2MIaKxqs2BE6uHAy6He6IIAr70xp4dlsbNO2kQ: Timeout during connect (likely firewall problem)”,“instance”:“”,“subproblems”:},“order”:“https ://acme-staging-v02 .api .letsencrypt .org/acme/order/174866534/21087163424”,“attempt”:2,“max_attempts”:3}
{“level”:“error”,“ts”:1733495640.3101056,“logger”:“tls.obtain”,“msg”:“could not get certificate from issuer”,“identifier”:“seatable-itni .ddns .net”,“issuer”:“acme-v02 .api .letsencrypt .org-directory”,“error”:“HTTP 400 urn:ietf:params:acme:error:connection - 185.118.19.181: Fetching http ://seatable-itni .ddns .net/.well-known/acme-challenge/fU47-2MIaKxqs2BE6uHAy6He6IIAr70xp4dlsbNO2kQ: Timeout during connect (likely firewall problem)”}
{“level”:“error”,“ts”:1733495640.310177,“logger”:“tls.obtain”,“msg”:“will retry”,“error”:“[seatable-itni .ddns .net] Obtain: [seatable-itni .ddns .net] solving challenge: seatable-itni .ddns .net: [seatable-itni .ddns .net] authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - 185.118.19.181: Fetching http ://seatable-itni .ddns .net/.well-known/acme-challenge/fU47-2MIaKxqs2BE6uHAy6He6IIAr70xp4dlsbNO2kQ: Timeout during connect (likely firewall problem) (ca=https ://acme-staging-v02 .api .letsencrypt .org/directory)”,“attempt”:4,“retrying_in”:300,“elapsed”:354.435576573,“max_duration”:2592000}
{“level”:“info”,“ts”:1733495940.310495,“logger”:“tls.obtain”,“msg”:“obtaining certificate”,“identifier”:“seatable-itni .ddns .net”}
{“level”:“info”,“ts”:1733495940.3122277,“logger”:“http”,“msg”:“using ACME account”,“account_id”:“https ://acme-staging-v02 .api .letsencrypt .org/acme/acct/174866534”,“account_contact”:}
{“level”:“info”,“ts”:1733495941.125942,“logger”:“http.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“seatable-itni .ddns .net”,“challenge_type”:“tls-alpn-01”,“ca”:“https ://acme-staging-v02 .api .letsencrypt .org/directory”}

The certbot challenge requires port 80.

This was indeed the cause of the problem, I don’t use let’s encrypt often so I wasn’t aware of this.

Thank you both because it works now.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.