I just installed boringproxy on a fresh server but after giving dns and email I get the following error: “no solvers available for remaining challenges”
What I was trying:
Install boringproxy on a fresh Ubuntu 20.04 LTS Server with a dedicated dns.
What I expected:
→ Successfully acquired admin certificate
Here my last commands:
28 wget https://github.com/boringproxy/boringproxy/releases/download/v0.8.2/boringproxy-linux-x86_64
31 chmod +x boringproxy-linux-x86_64
33 mv boringproxy-linux-x86_64 boringproxy
34 sudo setcap cap_net_bind_service=+ep boringproxy
36 sudo ufw allow 80 443
37 sudo ufw status
44 sudo nano /etc/ssh/sshd_config (changed GateWay to clientspecified)
45 sudo service sshd restart
46 sudo service sshd status
47 ./boringproxy server
Additionnal error message that I get now after 4 attempts: creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/ (ca=https://acme-v02.api.letsencrypt.org/directory)
Hey @matbgn, thanks for the detailed report. I see a couple things.
Based on the warnings printed, your IPv6 address isn’t accessible from the internet on ports 80/443. boringproxy is probably trying to get the certs over IPv6. I don’t use ufw, but maybe it only opens IPv4 by default?
Also, you’re sure the DNS records are pointing to your IP? You’ll need AAAA records for IPv6 in addition to the A records for IPv4.
Unfortunately since you hit the LetsEncrypt rate limit, you’ll need to wait a while before attempting again. I really need to add a CLI argument to allow switching to the LetsEncrypt staging server, so people can debug these issues without getting rate limited. I’ll try to get that in the next release.
Oh one other common issue is even though you’re opening the ports on the VPS, your VPS provider may be blocking the ports. AWS for example blocks by default, and you need to add a security group to open ports. I think DigitalOcean has everything open.
I’ve been meaning to set up a GitHub sponsor/Patreon but haven’t gotten around to it yet. I’d prefer to have an actual product to sell, which is my focus with TakingNames.io, but I recognize that some people will prefer purely self-hosted solution and still want to support the project.
I am curious though. I’m currently working on adding a tunneling service to TakingNames.io which would be very similar to boringproxy (they will implement the same protocol). The goal is to make it very easy to connect your domains to services through tunnels, all from a single web UI. Is this something you would pay a $5/mo subscription for, or do you prefer self-hosting the server component? What are the various considerations for you? Any feedback you can give is very helpful.
Hey @matbgn just a heads up that the master branch now has a flag for using the Let’s Encrypt staging servers (-acme-use-staging) and it will be included in the next release.
Thanks a lot for the staging flag appreciate a lot since then!
I mostly try to host all my stuff but for instance the service provided by SimpleLogin.io is so right to me in regards with costs and efforts that I decided to give them my money and all the project is open source so I still have the guarantee that I can blindness invest on them (cause I will be, with sufficient efforts, able to reproduce it by my-self)
