Runtipi•13mo ago

Tipi tries to generate Certificates for local IPs(?)

I discovered this in my logs just now, not sure since when this is happening. Currently on v3.6.0

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:9091]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:9091\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:9091"] providerName=myresolver.acme routerName=transmission@docker rule=Host(`192.168.1.35:9091`)

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:9091]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:9091\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:9091"] providerName=myresolver.acme routerName=transmission@docker rule=Host(`192.168.1.35:9091`)

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:32400]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:32400\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:32400"] providerName=myresolver.acme routerName=plex@docker rule=Host(`192.168.1.35:32400`)

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:32400]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:32400\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:32400"] providerName=myresolver.acme routerName=plex@docker rule=Host(`192.168.1.35:32400`)

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:8168]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:8168\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:8168"] providerName=myresolver.acme routerName=sabnzbd@docker rule=Host(`192.168.1.35:8168`)

runtipi-reverse-proxy  | 2024-09-04T19:11:57Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [192.168.1.35:8168]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"192.168.1.35:8168\": Domain name contains an invalid character" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["192.168.1.35:8168"] providerName=myresolver.acme routerName=sabnzbd@docker rule=Host(`192.168.1.35:8168`)

4 Replies

Stavros•13mo ago

Hello That's a known misconfiguration on our end nothing to worry about

Unknown User•12mo ago

Message Not Public

Stavros•12mo ago

Yes of course, we are planning on fixing it as soon as possible Although it may not be that easy due to how tipi is designed to work You see, traefik is configured to generate a domain for the APP_DOMAIN environment variable each app has in its app.env, the app domain environment variable can be either the expose domain you set in the settings or the ip address and port of the app, this means that if you don't expose an app traefik will assume your domain is the ip and port and of course fail This will get fixed when we migrate the appstore from the docker compose files to our new compose JSON format, we are trying to migrate all apps but it's not an easy process

Unknown User•12mo ago

Message Not Public

Gaming

Programming

Tipi tries to generate Certificates for local IPs(?)

Did you find this page helpful?