-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installation script does not anticipate Let's Encrypt failure #111
Comments
What's your environment? Are you using a VPS with a publicly available IP address or is it a local installation on a private network? If it's a cloud hosted VPS, I suggest you just clear the config and try to set up again:
This will remove all existing configs. |
@githubsaturn Thank you, that helped. It was an old CAA DNS record which was blocking the Let's Encrypt certificate generation I think. I would still suggest that if If no one picks up on this, then I'll put a merge request in to add a note to https://github.com/caprover/caprover-website/blob/master/docs/get-started.md |
This is the current intended behavior. I'm not sure what happened in your case. The only situation when The process of serversetup is:
Did you override any configs? Like skipVerifyingDomains? |
All I did was launch a new droplet with the Digital Ocean Marketplace app, and then run |
Hmm... that's weird. Force HTTPS only gets enabled if HTTPS has already succeeded. https://github.com/caprover/caprover/blob/513b781038fb0d65cbd88bffd978deaa31482f28/src/user/system/CaptainManager.ts#L687-L695 |
I got the same error when doing the setup of CapRover on a Digital Ocean Droplet. I defined an A-record for my domain name to point to the droplet. However, I did not define a CAA record (as it is not mentioned in the docs). Could it be that a CAA record (such as |
Does your root domain has CAA? If so, it's intended to fail because your root domain contains CAA for DNSSEC and your subdomain doesn't. It's a DNS feature and it's related to Let'sEncrypt. You can read more about it here: https://letsencrypt.org/docs/caa/#servfail If you have further questions regarding this, Let'sEncrypt forums is a better place: https://community.letsencrypt.org/ Examples: |
Thank you for the link : I waited for an hour for the CAA record to take effect, I set it on my root domain and tested it using the command |
What is the problem?
Having used the Digital Ocean Marketplace app, I am having two issues with the installation script. They are not directly related - happy to open separate issues if it makes it easier to work with.
1. I seem to be stuck in a loop, which the installation script does not anticipate.
Steps to reproduce the problem:
I ran the installation script
caprover serversetup
and it generated an error when the Let's Encrypt certificate generation fails (Error 1107
andSome challenges have failed
). I cannot re-runcaprover serversetup
because the script considers that it has succeeded and prevents further running of it:You may have already setup the server with root domain: mydomain.com! Use caprover login to log into an existing server.
Then when I use
caprover login
, I get an error message (Something bad happened
andError: self signed certificate
).Visiting http(s)://captain.mydomain.com just loads a page saying
Nothing here yet :/
and a link to the documentation. Visiting http(s)://mydomain.com:3000 loads nothing at this point.I'd be happy to try to regenerate the certificates, but I could not see anything in the documentation for the CLI app. Can ACME certbot be called directly?
2. Clearer terminology would be helpful.
Steps to reproduce the problem:
When running the
caprover serversetup
script, you are asked fornew CapRover password (min 8 characters)
. But when you runcaprover login
you are asked for aCapRover machine password
and then aCapRover machine name, with whom the login credentials are stored locally
and suggestscaptain-01
. Maybe this is obvious to people with more experience, but given that at this point I have not provided a machine name, username or anything else yet, it was not for me.Output of
uname -a && lsb_release -a && free -h
on your server:The text was updated successfully, but these errors were encountered: