-
Notifications
You must be signed in to change notification settings - Fork 26
Why my SSL Certificate is not being generated?
Infinite OS automatically generates SSL certificates for your applications using Let's Encrypt.
This article will guide you to troubleshoot the most common issues when generating an SSL certificate.
Make sure that your domain is pointing to the correct IP address. You can do this by running the following command:
dig +short myapp.netNote
Replace myapp.net with your domain name.
If you see an empty answer or an IP address that is not the one you expect, then you need to update your DNS records.
Maybe you prefer some graphical interface to check your DNS records. You can use a tool like whatsmydns.com to check the DNS propagation.
If something goes wrong during SSL certificate generation, Infinite OS will log those failures.
In this example, we will use podman to see the container logs, but you can also use docker or any other container management tool.
podman logs myapp-containerNote
Replace myapp-container with the name of your container.
{"level":"info","time":"2025-04-15T16:45:36Z","message":"ReplaceWithValidSslError (myapp.net): GenerateValidSslCertError: {\"stdErr\":\"Saving debug log to /var/log/letsencrypt/letsencrypt.log\\nPlugins selected: Authenticator webroot, Installer None\\nPerforming the following challenges:\\nhttp-01 challenge for myapp.net\\nUsing the webroot path /app/html for all unmatched domains.\\nWaiting for verification...\\nChallenge failed for domain myapp.net\\nhttp-01 challenge for myapp.net\\nCleaning up challenges\\nSome challenges have failed.\\n\",\"exitCode\":1}"}The example logs above shows us that the HTTP Challenge for the domain has failed:
Challenge failed for domain myapp.net
http-01 challenge for myapp.net
This means that Let's Encrypt was not able to verify that you own the domain. Time to dig deeper.
You can find this log inside the container, at /var/log/letsencrypt/letsencrypt.log.
Here goes an example:
- The following errors were reported by the server:
Domain: myapp.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
myapp.net - check that a DNS record exists for this
domain; DNS problem: NXDOMAIN looking up AAAA for
myapp.net - check that a DNS record exists for this
domain
This log tells us that the domain www.myapp.net is not resolving to an IP address. This is a DNS issue.
If you created the DNS entry recently, it may take a while to propagate. You can check the DNS propagation using a tool like whatsmydns.com.
If the DNS entry is correct and the propagation isn't complete yet, all you can do for now is to grab a cup of coffee (or tea if you prefer) and wait for the DNS to propagate 😄
Tip
Other errors can happen. Found one? Let's us know!
Infinite OS will take care of generating the SSL certificate for you within a 15 minutes time range. However, if you're in a rush, you can try to run the certbot command manually.
certbot certonly --webroot --webroot-path /app/html --agree-tos --register-unsafely-without-email --cert-name myapp.net -d myapp.net -d www.myapp.netNote
Replace /app/html with the path to your webroot, and myapp.net with your domain name.
If the command fails, it will tell you what went wrong, similar to the logs we saw before.
If the command succeeds, you can find the SSL certificate at /etc/letsencrypt/live/myapp.net/:
-
fullchain.pemis the certificate with it's CA Bundle -
privkey.pemis the private key
As this was a manual process, don't forget to import the files to Infinite OS manually.