[GH-ISSUE #297] No cert generated #155

New issue

Closed

opened 2026-03-13 15:57:54 +03:00 by kerem · 8 comments

kerem commented 2026-03-13 15:57:54 +03:00

Owner

Copy link

Originally created by @blackbasket on GitHub (Mar 10, 2022).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/297

Hi guys,

I did a fresh install of acme-dns.

I am unable to connect using https. If I change the config to 80/none, the curl request is good.

With 443/letsencrypt(staging) I always receive error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error.

Shouldn't the required cert being generated automatically? Or what do I have to do?

I cannot find anything concerning this, what helps.

Regards,
Marcel

Originally created by @blackbasket on GitHub (Mar 10, 2022). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/297 Hi guys, I did a fresh install of acme-dns. I am unable to connect using https. If I change the config to 80/none, the curl request is good. With 443/letsencrypt(staging) I always receive `error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error`. Shouldn't the required cert being generated automatically? Or what do I have to do? I cannot find anything concerning this, what helps. Regards, Marcel

kerem closed this issue 2026-03-13 15:57:59 +03:00

kerem commented 2026-03-13 15:58:05 +03:00

Author

Owner

Copy link

@saschaludwig commented on GitHub (Apr 3, 2022):

I had the same problems.
My DNS/NS entries in my main zone were wrong, and additionally I ran into a rate limit on the letsencrypt server.

<!-- gh-comment-id:1086947418 --> @saschaludwig commented on GitHub (Apr 3, 2022): I had the same problems. My DNS/NS entries in my main zone were wrong, and additionally I ran into a rate limit on the letsencrypt server.

kerem commented 2026-03-13 15:58:10 +03:00

Author

Owner

Copy link

@gbonnefille commented on GitHub (Apr 4, 2022):

While configuring the tools, it is highly recommended to use the staging environment.

<!-- gh-comment-id:1087190668 --> @gbonnefille commented on GitHub (Apr 4, 2022): While configuring the tools, it is highly recommended to use the [staging environment](https://letsencrypt.org/docs/staging-environment/).

kerem commented 2026-03-13 15:58:15 +03:00

Author

Owner

Copy link

@saschaludwig commented on GitHub (Apr 4, 2022):

While configuring the tools, it is highly recommended to use the staging environment.

I did this and received a valid staging cert, but one of my DNS servers was out of sync and had other/old records. Looks like I got luck with the staging environment, just asked the correct nameserver and the production server did ask the outdated one. ;-)

<!-- gh-comment-id:1087410790 --> @saschaludwig commented on GitHub (Apr 4, 2022): > While configuring the tools, it is highly recommended to use the [staging environment](https://letsencrypt.org/docs/staging-environment/). I did this and received a valid staging cert, but one of my DNS servers was out of sync and had other/old records. Looks like I got luck with the staging environment, just asked the correct nameserver and the production server did ask the outdated one. ;-)

kerem commented 2026-03-13 15:58:21 +03:00

Author

Owner

Copy link

@gbonnefille commented on GitHub (Apr 4, 2022):

While configuring the tools, it is highly recommended to use the staging environment.

I did this and received a valid staging cert, but one of my DNS servers was out of sync and had other/old records. Looks like I got luck with the staging environment, just asked the correct nameserver and the production server did ask the outdated one. ;-)

How fast did you get banned from Let's Encrypt?
I remember my first attempts with cert-manager, whithout knowing staging environment, and I was banned in... few seconds :D

<!-- gh-comment-id:1087431142 --> @gbonnefille commented on GitHub (Apr 4, 2022): > > While configuring the tools, it is highly recommended to use the [staging environment](https://letsencrypt.org/docs/staging-environment/). > > I did this and received a valid staging cert, but one of my DNS servers was out of sync and had other/old records. Looks like I got luck with the staging environment, just asked the correct nameserver and the production server did ask the outdated one. ;-) How fast did you get banned from Let's Encrypt? I remember my first attempts with cert-manager, whithout knowing staging environment, and I was banned in... few seconds :D

kerem commented 2026-03-13 15:58:26 +03:00

Author

Owner

Copy link

@blackbasket commented on GitHub (Apr 5, 2022):

Ok, I have gotten a cert now... I had to change the listing IP from localhost...

[general]
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
listen = "172.31.50.40:53"
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both4"

But I still do not get any logs... I want to log into a file, but do not receive any logs in the console as well (with stdout logtype of course)...

# debug messages from CORS etc
debug = true

[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "TODO"
# file path for logfile TODO
logfile = "/tmp/acme-dns.log"
# format, either "json" or "text"
logformat = "text"

<!-- gh-comment-id:1088640569 --> @blackbasket commented on GitHub (Apr 5, 2022): Ok, I have gotten a cert now... I had to change the listing IP from localhost... ``` [general] # DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53 # In this case acme-dns will error out and you will need to define the listening interface # for example: listen = "127.0.0.1:53" listen = "172.31.50.40:53" # protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6" protocol = "both4" ``` But I still do not get any logs... I want to log into a file, but do not receive any logs in the console as well (with stdout logtype of course)... ``` # debug messages from CORS etc debug = true [logconfig] # logging level: "error", "warning", "info" or "debug" loglevel = "debug" # possible values: stdout, TODO file & integrations logtype = "TODO" # file path for logfile TODO logfile = "/tmp/acme-dns.log" # format, either "json" or "text" logformat = "text" ```

kerem commented 2026-03-13 15:58:31 +03:00

Author

Owner

Copy link

@saschaludwig commented on GitHub (Apr 5, 2022):

want to log into a file

That is not possible right now, as the config says:
# possible values: stdout, TODO file & integrations
so the only option is stdout

Depending on the OS you use, you can get logfiles via systemd or just run acmedns on the commandline in foreground:
$ journalctl -u acme-dns -f

<!-- gh-comment-id:1088686932 --> @saschaludwig commented on GitHub (Apr 5, 2022): > want to log into a file That is not possible right now, as the config says: `# possible values: stdout, TODO file & integrations` so the only option is stdout Depending on the OS you use, you can get logfiles via systemd or just run acmedns on the commandline in foreground: `$ journalctl -u acme-dns -f`

kerem commented 2026-03-13 15:58:36 +03:00

Author

Owner

Copy link

@blackbasket commented on GitHub (Apr 5, 2022):

Thanks, @saschaludwig ... I got this wrong... I like Win & Mac ;) I will try with journalctl...

<!-- gh-comment-id:1089033174 --> @blackbasket commented on GitHub (Apr 5, 2022): Thanks, @saschaludwig ... I got this wrong... I like Win & Mac ;) I will try with `journalctl`...

kerem commented 2026-03-13 15:58:41 +03:00

Author

Owner

Copy link

@blackbasket commented on GitHub (Apr 9, 2022):

Thank you @saschaludwig ... it was a DNS config issue, I overlook many times...

<!-- gh-comment-id:1093759693 --> @blackbasket commented on GitHub (Apr 9, 2022): Thank you @saschaludwig ... it was a DNS config issue, I overlook many times...

kerem referenced this issue 2026-03-13 16:17:57 +03:00

[PR #155] auth: using headers is optional #328

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix_dockerhub

dockerhub

readme2.0

goreleaser_action

refactoring

linter_update_config

update_deps_122

dependabot/go_modules/github.com/valyala/fasthttp-1.34.0

deps_bump

update_goreleaser

update_golint

deps_update

update_dockerfile

v2.0.2

v2.0.1

v2.0

v1.1

v1.0

v0.8

v0.7.2

v0.7.1

v0.7

v0.6

v0.5

v0.4

v0.3.2

v0.3.1

v0.3

v0.2

v0.1

Labels

Clear labels   

Documentation

  

Documentation

  

bug

  

enhancement

  

feature request

  

feature request

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

security

  

security

  

testing

No labels

Documentation

Documentation

bug

enhancement

feature request

feature request

help wanted

pull-request

question

security

security

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/acme-dns#155

No description provided.