Trouble setting Let's Encrypt certificates for Pangolin
-
I've recently gotten into self hosting. I have a VPS and a domain name and decided to set up Pangolin as a reverse proxy to my local homelab.
During the options in the installation, I was asked to provide an email address for "generating Let's Encrypt certificates". I don't have a clue what what role my email address plays into this nor what email I should provide for the setup, so I just gave one of my personal email address. Everything worked fine and the service was completely set up in the VPS.
However, logging into the dashboard, I was informed by my browser that the certificate of the website is self signed and visiting the page may be dangerous. Although I was later able to access the panel with https enabled, I felt this setup is not okay and decided I would need to fix it.
Unfortunately I have no idea how certificate issuing works. I tried to search for a solution online and read the docs for Pangolin and Traefik as well as rewatch the tutorial through which I set up Pangolin, but either they tend to skip explaining the email thing or go too much into detail without even explaining where to start. I also checked my inbox to see if the CA pinged me or something but to no avail.
I feel like I'm missing something in my setup which was apparent to everybody else. I would really appreciate if someone could help me ELI5 what the root cause of this 'email' problem is and how to fix it. I am willing to set up the service all over again or edit the config files if needed but I just need to know what to do.
-
I've recently gotten into self hosting. I have a VPS and a domain name and decided to set up Pangolin as a reverse proxy to my local homelab.
During the options in the installation, I was asked to provide an email address for "generating Let's Encrypt certificates". I don't have a clue what what role my email address plays into this nor what email I should provide for the setup, so I just gave one of my personal email address. Everything worked fine and the service was completely set up in the VPS.
However, logging into the dashboard, I was informed by my browser that the certificate of the website is self signed and visiting the page may be dangerous. Although I was later able to access the panel with https enabled, I felt this setup is not okay and decided I would need to fix it.
Unfortunately I have no idea how certificate issuing works. I tried to search for a solution online and read the docs for Pangolin and Traefik as well as rewatch the tutorial through which I set up Pangolin, but either they tend to skip explaining the email thing or go too much into detail without even explaining where to start. I also checked my inbox to see if the CA pinged me or something but to no avail.
I feel like I'm missing something in my setup which was apparent to everybody else. I would really appreciate if someone could help me ELI5 what the root cause of this 'email' problem is and how to fix it. I am willing to set up the service all over again or edit the config files if needed but I just need to know what to do.
Let's Encrypt is fully automated and will issue certificates as long as you provide an email address AND have a proper, working config. Don't get stuck on that email "issue", your problems will lie somewhere else.
As always when problems arise: check the log files.
-
Let's Encrypt is fully automated and will issue certificates as long as you provide an email address AND have a proper, working config. Don't get stuck on that email "issue", your problems will lie somewhere else.
As always when problems arise: check the log files.
I've gone through their automatic setup and followed the youtube tutorial from Lawrence Systems. I entered all the required information for the setup correctly (apart from the email maybe). The tutor got his dashboard page hosted with https properly enabled with no additional configuration and I expected mine to work the same. I've tried to regenerate the certificates according to the official docs, but I still get the same result. I honestly don't know where else the problem could've arised. As much as I hate it, I think I'll have to go through the logs after all.
-
I've gone through their automatic setup and followed the youtube tutorial from Lawrence Systems. I entered all the required information for the setup correctly (apart from the email maybe). The tutor got his dashboard page hosted with https properly enabled with no additional configuration and I expected mine to work the same. I've tried to regenerate the certificates according to the official docs, but I still get the same result. I honestly don't know where else the problem could've arised. As much as I hate it, I think I'll have to go through the logs after all.
The mail address is not the issue. You can enter any address you want there if you don't care about Let's Encrypt being able to reach you in case of problems (they won't).
Don't be afraid of the logs. You don't have to read or understand every line of them. You have an issue with your certificate? Search for certificate and read the lines above and below to get clues what might have gone wrong.
-
The mail address is not the issue. You can enter any address you want there if you don't care about Let's Encrypt being able to reach you in case of problems (they won't).
Don't be afraid of the logs. You don't have to read or understand every line of them. You have an issue with your certificate? Search for certificate and read the lines above and below to get clues what might have gone wrong.
Thank you for your assist. I found the underlying issue to be with the DNS from the domain provider. I switched to Cloudflare DNS and now it works flawlessly.
-
Thank you for your assist. I found the underlying issue to be with the DNS from the domain provider. I switched to Cloudflare DNS and now it works flawlessly.
for future reference there are a few ports that need to be open for let's encrypt to work, and it has a very small timeout (as you have found) so if the dns isn't great it fails. Cloudflare will cache your site/dns so usually works
-
for future reference there are a few ports that need to be open for let's encrypt to work, and it has a very small timeout (as you have found) so if the dns isn't great it fails. Cloudflare will cache your site/dns so usually works
Its just port 80. And letsencrypt provides a CIDR block so us paranoids who still restrict with firewalls can limit the exposure.
