Certificate Not Valid

Hi!
I’ve been trying to solve this by myself for the past 2 days, but can’t seem to find a solution.
Basically the issue I am having is that after following the steps here Server Setup | Docs on a Lightsail instance and a Vultr instance, everything works fine except that I am getting an error of "certificate is not valid" when visiting with chrome

image

I am able to access N8N but some services I need to run require https which isn’t working.

When I try to install Letsencrypt on my own I am able to get a valid certificate using the following command

sudo certbot --apache --agree-tos --preferred-challenges http -d domain-name.com

The thing is that works for apache server, but as soon as I run the docker container I get the "bad certificate" back.

Any help will be appreciated,
Thanks!

1 Like

Hi @yakito

I’m using n8n with NGINX reverse proxy, It works very well for me.

Are you running n8n on the main domain or subdomain?

Because according to this thread, If you’re running on the main domain, You have to get a certificate for both the www and non-www versions.

1 Like

If you look at the certificate warning in Chrome it normally tells you what the issue is, it could be what @mcnaveen has suggested and the certificate being used is for the wrong domain.

2 Likes

Thanks a lot @mcnaveen @jon

I am using N8N on a subdomain. When I stop the container and run the command above, I do get a valid certificate, but as soon as I start the container again the valid certificate changes to the invalid one from the installation.

Basically either I have apache running with a valid certificate or I have n8n with an invalid certificate.
The only error I see from chrome is that the certificate was not approved by third parties.
image

How can I tell the container to use the certificate I installed with the following command (which seems to work?)

Thanks a lot again!

That looks like Traefik was not able to generate the certificate, I think you can tell traefik which certificates to use but it should ideally be managing it for you.

Have you looked at the logs for Traefik to see if it shows any errors?

1 Like

You are THE BEST! Think I have it! Here are the logs

**[email protected]**:**~**$ sudo docker logs ubuntu_traefik_1

time="2022-01-19T20:57:17Z" level=info msg="Configuration loaded from flags."

time="2022-01-19T20:57:27Z" level=error msg="Unable to obtain ACME certificate for domains \"my-domain.com\": cannot get ACME client acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden" providerName=mytlschallenge.acme [email protected] rule="Host(`my-domain.com`)"

time="2022-01-20T11:38:03Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure

time="2022-01-20T11:38:03Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=websecure

time="2022-01-20T11:38:03Z" level=error msg="accept tcp [::]:8080: use of closed network connection" entryPointName=traefik

time="2022-01-20T11:38:03Z" level=error msg="Error while starting server: accept tcp [::]:8080: use of closed network connection" entryPointName=traefik

time="2022-01-20T11:38:03Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web

time="2022-01-20T11:38:03Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web

2022/01/20 11:38:03 reverseproxy.go:490: httputil: ReverseProxy read error during body copy: unexpected EOF

time="2022-01-20T11:42:49Z" level=info msg="Configuration loaded from flags."

time="2022-01-20T11:42:55Z" level=error msg="Unable to obtain ACME certificate for domains \"my-domain.com\": cannot get ACME client acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden" [email protected] providerName=mytlschallenge.acme rule="Host(`my-domain.com`)"

So I guess I should change my email somewhere and reinstall the certificate and it should work!
:grinning:

You got it, So in your .env file you probably still have:

[email protected]

It will be at the bottom if you just did a copy / paste, Update that, restart the container and you should be good to go after a minute or so.

3 Likes

Thank you sooo much! have a wonderful day!

3 Likes

Glad it works! :heart:

2 Likes