LetsEncrypt working for IP but not Domain (greenlock, express)

Question

I am using the following server script to run both http, https servers and redirect all http requests to https.

When I access the server both locally and remotely from IP addresses, the requests redirect to https and api works with an unsecure warning.

But when I access the same routes via domain, I get "Site cannot be Reached" error.

Although, accessing http://example.com/test-route redirects to https://example.com/test-route, I am still getting Site can't be reached error.

import http from 'http';
import https from 'https';
import redirectHttps from 'redirect-https';
import greenlock from 'greenlock';
import app from '../app';

var le = greenlock.create({
  server: 'staging', // using https://acme-v01.api.letsencrypt.org/directory in prod
  configDir: 'certs',
  approveDomains: (opts, certs, cb) => {
    if (certs) {
      opts.domains = ['example.com']
    } else {
      opts.email = 'me@mymail.com',
      opts.agreeTos = true;
    }
    cb(null, {
      options: opts,
      certs: certs
    });
  },
});


http.createServer(le.middleware(redirectHttps())).listen(80, function() {
  console.log("Server Running On http @ port " + 80);
});

https.createServer(le.httpsOptions, le.middleware(app)).listen(443, function() {
  console.log("Server Running On https @ port " + 443);
});

Answer 1

There's a number of reasons that this could be happening, and a lot has been updated in the library since you posted this question.

I've spent a lot of time recently updating the documentation and examples:

• https://git.coolaj86.com/coolaj86/greenlock-express.js

I'd suggest taking a look at the video tutorial:

• https://youtu.be/e8vaR4CEZ5s

And check each of the items in the troubleshooting section. For reference:

What if the example didn't work?

Double check the following:

• Public Facing IP for http-01 challenges
  • Are you running this as a public-facing webserver (good)? or localhost (bad)?
  • Does ifconfig show a public address (good)? or a private one - 10.x, 192.168.x, etc (bad)?
  • If you're on a non-public server, are you using the dns-01 challenge?
• correct ACME version
  • Let's Encrypt v2 (ACME v2) must use version: 'draft-11'
  • Let's Encrypt v1 must use version: 'v01'
• valid email
  • You MUST set email to a valid address
  • MX records must validate (dig MX example.com for 'john@example.com')
• valid DNS records
  • You MUST set approveDomains to real domains
  • Must have public DNS records (test with dig +trace A example.com; dig +trace www.example.com for [ 'example.com', 'www.example.com' ])
• write access
  • You MUST set configDir to a writeable location (test with touch ~/acme/etc/tmp.tmp)
• port binding privileges
  • You MUST be able to bind to ports 80 and 443
  • You can do this via sudo or setcap
• API limits
  • You MUST NOT exceed the API usage limits per domain, certificate, IP address, etc
• Red Lock, Untrusted
  • You MUST change the server value in production
  • Shorten the 'acme-staging-v02' part of the server URL to 'acme-v02'

Please post an issue at the repository if you're still having trouble and I'll do my best to help you sort things out. Make sure to upgrade to the latest version because it has better debug logging.