Not able to access app with Certificate
Hi
I followed the guide and still can not get the apps working with lets encryot.
My files are:
/home/galan/runtipi# cat user-config/tipi-compose.yml
version: "3.9"
services:
runtipi-reverse-proxy:
environment:
- CF_DNS_API_TOKEN=mytoken
Note: The token has been verified with curl
/home/galan/runtipi# cat state/settings.json
{
"internalIp": "192.168.8.13",
"appsRepoUrl": "https://github.com/runtipi/runtipi-appstore",
"domain": "example.com",
"appDataPath": "/home/galan/runtipi",
"localDomain": "panel.galan.app",
/home/galan/runtipi# cat traefik/traefik.yml
api:
dashboard: true
insecure: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false
file:
directory: /etc/traefik/dynamic
watch: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http:
tls:
certResolver: myresolver
certificatesResolvers:
myresolver:
acme:
email: xxx@galan.cc
storage: /shared/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
log:
level: WARNING"guestDashboard": false,
"allowAutoThemes": false,
"allowErrorMonitoring": false,
"persistTraefikConfig": true,
"port": 80,
"sslPort": 443,
"listenIp": "192.168.8.13",
"timeZone": "Europe/Brussels",
"eventsTimeout": 5,
"advancedSettings": true,
"forwardAuthUrl": "http://runtipi:3000/api/auth/traefik",
"logLevel": "warn",
"themeBase": "gray",
"themeColor": "blue"
Example for an app (Happens the same in all of them).
I can see acme requests created (twice)
If I'm trying to access from a different browser than the one with runtipi open "Hmmm… can't reach this page
https://speed.galan.app/ is unreachable.
ERR_ADDRESS_UNREACHABLE"
Ping
PING speed.galan.app (192.168.8.13): 56 data bytes
64 bytes from 192.168.8.13: icmp_seq=0 ttl=64 time=0.819 ms
64 bytes from 192.168.8.13: icmp_seq=1 ttl=64 time=0.989 ms
8 Replies
Hi, only to check if someone can help ?
Your stuff is hard to read, could you edit the message and put it in code blocks?
Hi, edited in code mode
Your mistake is adding the sudomains in your dns config
It will prevent Cloudflare to make the DNS challenge I believe
Keep only the *
I´ve deleted all the subdomain entries and old acme entries in Cloudflare, y restarted runtipi and is creating the acme entries in cloudflare, but still the same error when im trying to go to any app via domain.
Do we have any site where I can check logs or see why it is not applying the certificate?
I found an error in the log
runtipi-reverse-proxy | 2025-09-30T14:38:40Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [monitoring.galan.app]: error: one or more domains had a problem:\n[monitoring.galan.app] propagation: time limit exceeded: last error: authoritative nameservers: NS derek.ns.cloudflare.com.:53 did not return the expected TXT record [fqdn: _acme-challenge.monitoring.galan.app., value: N3xf1IqQ7OdmP4X3rjRtdDptMOWKWnaRA5iXTJ3zSpk]: \n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["monitoring.galan.app"] providerName=myresolver.acme routerName=beszel-migrated@docker rule=Host(
monitoring.galan.app)
I can see that runtipi creates the entry, but for some reason after 2 minutes the entry is deleted, so most probably letsencrupt doesnt have time to obtain the certificateMaybe you just have to wait for your changes to propagate, it can be quite long after you added the first time
So far no working, same error, any help ?
try setting delayBeforeCheck to something other then 0. i use 3 (seconds)