Request over port 80 A (IPv4) record did not succeed
I built my docker Django app with Django-cookiecutter ( It makes a bootstrap application that is ready for production). The application works fine on my local machine with no errors. I pushed the production images to AWS ECR and used docker context ecs to deploy the application. Domain converdfile.com is registered at namecheap. Created a hosted zone converdfile.com on AWS. On https://dnschecker.org, the A and CNAME, NS and SOA records show as propagated (with the expected four NS values). I imported my SSL certificate to AWS ACM and attached it to the Network load balancer that was created for me when I deployed the docker-compose file. It is attached to port 443. I used https://decoder.link/sslchecker to check my SSL certificate and it works fine. The hosted zone A and CNAME record both point to the NLB that was created. When I go to convertdfile.com it gives me a 404 error page I used https://letsdebug.net/ to test what is wrong and it said
www.convertdfile.com has an A (IPv4) record (35.153.250.60) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with www.convertdfile.com/35.153.250.60: Get "http://www.convertdfile.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
I checked my logs and found out that there is something wrong with my traefik container it displayed this at first
"Unable to obtain ACME certificate for domains \"convertdfile.com\": unable to generate a certificate for the domains [convertdfile.com]: error: one or more domains had a problem:\n[convertdfile.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 54.210.108.238: Fetching http://convertdfile.com/.well-known/acme-challenge/TMGKwtblVaaHETrz1QkZvNl9s3rLNBJ5Wyza_9DDU5o: Timeout during connect (likely firewall problem), url: \n" routerName=flower-secure-router@file rule="Host(`convertdfile.com`)" providerName=letsencrypt.acme
then later changed to this
Cannot retrieve the ACME challenge for token letsdebug-test: cannot find challenge for token letsdebug-test" providerName=letsencrypt.acme
I have troubleshooter all I can think of and don't know what else to do I checked the security group attached to it and it allows in coming traffic on the loadbalncer.
Here is docker-compose file
version: '3'
volumes:
production_postgres_data: {}
production_postgres_data_backups: {}
production_traefik: {}
services:
django: &django
image: public.ecr.aws/t6g1j7b6/image_converter:django
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
command: /start
networks:
- proxy
- default
postgres:
image: public.ecr.aws/t6g1j7b6/image_converter:postgres
volumes:
- production_postgres_data:/var/lib/postgresql/data:Z
- production_postgres_data_backups:/backups:z
env_file:
- ./.envs/.production/.postgres
traefik:
image: public.ecr.aws/t6g1j7b6/image_converter:traefik
depends_on:
- django
volumes:
- production_traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
- "0.0.0.0:5555:5555"
networks:
proxy:
and here is my traefik.yml file
log:
level: INFO
entryPoints:
web:
# http
address: ":80"
http:
# https://docs.traefik.io/routing/entrypoints/#entrypoint
redirections:
entryPoint:
to: web-secure
web-secure:
# https
address: ":443"
flower:
address: ":5555"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
acme:
email: "pawo@fessburn.com"
storage: /etc/traefik/acme/acme.json
# https://docs.traefik.io/master/https/acme/#httpchallenge
httpChallenge:
entryPoint: web
http:
routers:
web-secure-router:
rule: "Host(`convertdfile.com`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: django
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
flower-secure-router:
rule: "Host(`convertdfile.com`)"
entryPoints:
- flower
service: flower
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
middlewares:
csrf:
# https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
headers:
hostsProxyHeaders: ["X-CSRFToken"]
services:
django:
loadBalancer:
servers:
- url: http://django:5000
flower:
loadBalancer:
servers:
- url: http://flower:5555
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
providers:
# https://docs.traefik.io/master/providers/file/
file:
filename: /etc/traefik/traefik.yml
watch: true
If there is something I am doing wrong or missing please help out. I have been on this for almost a week now. I am a beginner and don't have anywhere else to turn to.
- Mais recentes
- Mais votos
- Mais comentários
As per your configuration, your NLB accepts connections just on 443(https). As per the logs, the request was made through 80(http) which the NLB is not setup to handle. Could you kindly post the NLB logs and where exactly you are seeing the cert error?
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos