TLJH | Need some help with setting up https and letsencrypt

Hi, I’m hoping there’s someone who can help me out with setting up https for my TLJH server. I’m on an Azure Ubuntu 18.04 VM.

I followed the instructions for setting up HTTPS with LetsEncrypt.

Here’s the relevant part of my config:

  enabled: true

However when I try to acces TLJH in the browser I now get an invalid certificate error (NET::ERR_CERT_AUTHORITY_INVALID to be specific) and it seems like TLJH wasn’t able to connect with LetsEncrypt. I followed the troubleshooting guide and I found the following error in the traefik logs:

Nov 25 21:24:24 machine traefik[16073]: time="2021-11-25T21:24:24Z" level=error msg="Unable to obtain ACME certificate for domains \"\" : unable to generate a certificate for the domains []: error: one or more domains had a problem:\n[] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: Invalid response from [2a03:3c00:a002:202::1000]: 
\"\\n<!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\">\\n<html><head>\\n<title>500 Internal Server Error</title>\\n</head><body>\\n<h1>Inte\"

But now I am somewhat lost as to how to fix this. Any thoughts or ideas?

Hi @Jasper2_0,

after I had some problems with lets encrypt I switched to the manual setup. Once you know how to do it, it is done quickly.

I set up my subdomain and then my provider also offers to create certificate and private key for the subdomain.
You then get two files that you copy to the virtual machine.

After that you only had to enter the following commands (replace the paths) and reload the hub:

sudo tljh-config set https.enabled true
sudo tljh-config set https.tls.key /etc/mycerts/mydomain.key
sudo tljh-config set https.tls.cert /etc/mycerts/mydomain.cert
sudo tljh-config reload proxy
sudo tljh-config reload hub`

Afterwards lets show the new settings:

sudo tljh-config show


  enabled: true
    key: /etc/mycerts/mydomain.key
    cert: /etc/mycerts/mydomain.cert


1 Like

A bit of a belated response, but after moving to a different TLD and going through the setup procedure another time, it worked like a charm.