Traefik nodejs Docker and Certificate error

Marzio · November 22, 2023, 5:20pm

I repeated the configuration of a new site several times (nodeJS / Docker) on a Cloud Server with Ubuntu 22 (with Wappler latest Beta / MacOS 11)
Everything seems to work correctly, both in Local Development and Remote Production and no errors are reported.
Following the instructions exactly, I created the Traefik service, but unfortunately the site is always unsafe (both with Chrome and Safari) and the certificate is invalid
The SSH key set on the server is the same as the one chosen in Wappler Resource Management and is resident in a hidden folder on the Mac (id_ed25519.pub)
Is it possible to somehow intervene on the Certificate to make it reliable?

Schermata 2023-11-22 alle 11.38.58

Schermata 2023-11-22 alle 11.39.24

Apple · November 22, 2023, 5:29pm

Please update Wappler again to see if it fixes, you may need open the project settings and save it again to re-generate the docker-compose files

It’s the same issue as this one:

Marzio · November 23, 2023, 9:11am

I downloaded the latest version Wappler 6 and deployed everything again, I deleted and recreated traefik but the problem remains

Marzio · November 23, 2023, 9:21am

I don’t understand where I need to delete Staging

Apple · November 24, 2023, 12:53am

@George this was supposed to be fixed, is it fixed? Let’s Encrypt staging certificate?

Marzio · November 24, 2023, 3:02pm

I tried a few suggestions, although I didn’t quite understand how to do some of them
With Wappler 6 I deleted the project completely, even deleting the folder on the Mac.
Then I configured the project again and added the portainer and traefik services to the server
Unfortunately I continue to have problems with the certificate and even if I manually deleted the certificates I can no longer enter Portainer to restart
I really don’t know what to do at this point

Apple · November 24, 2023, 4:54pm

Marzio · November 24, 2023, 5:13pm

If I understood correctly

In Resource Manager / Server I opened Open SSH Terminal
I entered the command and gave OK
#- ‘–certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory’
Deploy Portainer
Deploy Traefik
Deploy all to remote
But the certificate is still the same unsafe

Apple · November 24, 2023, 6:44pm

This exceeds my knowledge so someone else will have to help you

Cheese · November 24, 2023, 7:22pm

What happens if you try the domain without www?

Make sure to clear your cache, or even better use Tor or another browser to try and connect.

Cheese · November 24, 2023, 7:26pm

Also check the Ubuntu firewall is allowing connections to port 443? Some hosts deploy ufw by default with minimal configuration. You can check by connecting via SSH and typing in:

ufw status verbose

If you do not see port 443 then add it:

ufw allow 443

Apple · November 24, 2023, 7:33pm

Here’s a fun fact, Docker bypasses iptables, so allowing or blocking won’t make a difference

Found it the hard way…

Cheese · November 24, 2023, 7:39pm

Interesting @Apple.

I know Lets-encrypt requires access to port 443 to verify the domain. When we renew our certificates we have to bypass Cloudflare to allow their authentication service Certbot through. Was thinking along the same lines that port 443 being closed maybe causing an issue.

Marzio · November 24, 2023, 9:04pm

With or without WWW same result
Tested with identical results on different browsers (Safari, Chrome, Opera, FireFox, ecc…), With desktop or mobile (Mac, iOS, Android)
IP ports 80 and 443 are open

Schermata 2023-11-24 alle 22.07.21

Marzio · November 24, 2023, 10:06pm

@George
It would seem that the problem is only due to the fact that the Certificate is not reliable or is missing
Schermata 2023-11-24 alle 23.03.13

George · November 25, 2023, 9:14am

I assume that you have used the new Resource Manager to deploy Traefik on your server.

So just choose to open the docker-compose file for the services:

There you will see the tsaging server, so just delete this line:

Save the file and deploy your Traefik again:

George · November 25, 2023, 9:21am

Seems the fix didn’t make it fully and also on existing installations the reference to the staging server have to be removed manually.

We will make sure that the fix is implemented in the next update

Marzio · November 25, 2023, 10:06am

Thanks George
I modified as per your suggestion, but unfortunately the problem remains:
But I noticed that the index page is not updated. Probably with the various attempts I must have made some mess. So now I delete the project and recreate it with Wappler
Then I’ll let you know if everything works

Marzio · November 25, 2023, 10:24am

However, after Niko’s comment I actually reassigned the SSH key and now that problem is overcome
Instead, the problem of the certificate remains
This is the correct editor file

But perhaps in SSH Terminal there is this reference to Staging

Nico_Kivinen · November 25, 2023, 10:35am

If you’re using wildcard * A record, try if .domain.com or www.domain.com entry fixes that