bernhard Posted January 25, 2024 Share Posted January 25, 2024 I'm hosting uptime-kuma on my server as docker container behind a reverse proxy. The domain is set to redirect http://uptime.example.com to https://uptime.example.com Unfortunately my proxy does not let the letsencrypt request through and fails: [23-Jan-2024 10:19:05] INFO | check domain "example.com' [23-Jan-2024 10:19:05] INFO | certificate is valid until 2024-02-03 16:45:10 (11 days left) [23-Jan-2024 10:19:05] INFO | certificate is in renewal period [23-Jan-2024 10:19:05] INFO | renew cert [23-Jan-2024 10:19:05] INFO | Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (PRODUCTION). [23-Jan-2024 10:19:05] INFO | Getting endpoint URLs. [23-Jan-2024 10:19:05] INFO | Account "foo" already registered. Continue. [23-Jan-2024 10:19:05] INFO | Requesting Key ID. [23-Jan-2024 10:19:05] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct". [23-Jan-2024 10:19:06] INFO | Start certificate generation. [23-Jan-2024 10:19:06] INFO | Token stored at: /home/panel/www/.well-known/acme-challenge/local-check-123456 [23-Jan-2024 10:19:06] INFO | URL: http://example.com/.well-known/acme-challenge/local-check-123456 | HTTP code: 200 | HTTP body (first 100 chars): <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" conte [23-Jan-2024 10:19:06] ERROR | a Let's Encrypt error occurred: Local resolving checks failed for domain "example.com". Please ensure that your domain is locally resolvable! This is the proxy setup for HTTPS: # dont proxy letsencrypt requests ProxyPass /.well-known ! # uptime kuma directives ProxyPass / http://localhost:3001/ RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:3001/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:3001/$1 [P,L] Any ideas? AI is not smart enough to help me ? Link to comment Share on other sites More sharing options...
bernhard Posted January 25, 2024 Author Share Posted January 25, 2024 Ok... AI did indeed help with this problem again! I told cursor "@[link to this topic] can you help bernhard?" and it gave me instructions what I can do and check. So it told me to place a file in /.well-known/foo.txt to check if my rules work. That was a great "idea" because I was able to check the rules without issuing a cert all the time. I also had a look at PW's .htaccess file and looked how it is done there. Mixing everything together with some trial&error brought me to the working solution: RewriteEngine on # don't proxy requests to the .well-known folder RewriteCond %{REQUEST_URI} ^/\.well-known/.* RewriteRule ^ - [L] # send other requests to uptime kuma RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:3001/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:3001/$1 [P,L] Maybe it helps someone else ? 3 Link to comment Share on other sites More sharing options...
dotnetic Posted January 26, 2024 Share Posted January 26, 2024 AI will change humanity just like the internet did Link to comment Share on other sites More sharing options...
Recommended Posts