SCIM Bridge SSL Error

PaulBeaudry
PaulBeaudry
Community Member

Hello,

I'm attempting to deploy the SCIM bridge on our own server infrastructure and it appears I'm running into some errors regarding the SSL certification process. Here are the output of the logs when I run "service logs --raw -f op-scim_scim".

2022-02-28T21:20:57.477241328Z 9:20PM ERR certificate manager error error="[op-scim.mydomain.ca] Obtain: [op-scim.mydomain.ca] solving challenges: op-scim.mydomain.ca: no solvers available for remaining challenges (configured=[tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[http-01 dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/45633488/1905540918) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)" application=op-scim attempt=3 build=203011 component=CertificateManager elapsed=430.97403 retry_time=120 subcomponent=certmagic version=2.3.1

2022-02-28T21:23:11.033579701Z 9:23PM ERR certificate manager error error= application=op-scim attempt=0 build=203011 component=CertificateManager elapsed=0 retry_time=0 subcomponent=certmagic version=2.3.1

2022-02-28T21:24:11.436807225Z 9:24PM ERR certificate manager error error= application=op-scim attempt=1 build=203011 component=CertificateManager elapsed=0 retry_time=0 subcomponent=certmagic version=2.3.1

2022-02-28T21:24:12.708542065Z 9:24PM ERR certificate manager error error="[op-scim.mydomain.ca] solving challenges: op-scim.mydomain.ca: no solvers available for remaining challenges (configured=[tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[http-01 dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/45633488/1905561148) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)" application=op-scim attempt=0 build=203011 component=CertificateManager elapsed=0 retry_time=0 subcomponent=certmagic version=2.3.1

2022-02-28T21:24:12.709818849Z 9:24PM ERR certificate manager error error="[op-scim.mydomain.ca] Obtain: [op-scim.mydomain.ca] solving challenges: op-scim.mydomain.ca: no solvers available for remaining challenges (configured=[tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[http-01 dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/45633488/1905561148) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)" application=op-scim attempt=4 build=203011 component=CertificateManager elapsed=626.2067 retry_time=300 subcomponent=certmagic version=2.3.1

Any help would be appreciated. Thanks in advance!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @PaulBeaudry. Thanks for reaching out. My name is De Ville and I am part of the provisioning team.

    Thank you for providing the log output. From the logs I can see that you are running the latest available version of the SCIM bridge (2.3.1). This is great since we included some fixes related to the certificate issuing via Let's Encrypt.

    I wanted to confirm a few things, which will help me provide better guidance:
    1. Can you confirm that your DNS record is configured correctly for your domain? I.e. that the domain is pointing to the IP address of the host where your SCIM bridge is deployed.
    2. Can you confirm that the SCIM bridge is publicly accessible on the internet? Let's Encrypt will reach out to the SCIM bridge with a challenge before issuing a new certificate for the domain.
    3. Do you have any additional environment variables or config options set? From the logs I can see that Let's Encrypt is running in test mode and is using the staging servers (acme-staging-v02) instead of the production servers (acme-v02). The environment variable that controls this behavior is called OP_LETSENCRYPT_TEST_MODE.

    In most cases the SCIM bridge should be able to obtain a certificate from Let's Encrypt when the DNS record is correct and the SCIM bridge can be accessed publicly.

This discussion has been closed.