I’ve recently gotten into self hosting. I have a VPS and a domain name and decided to set up Pangolin as a reverse proxy to my local homelab.
During the options in the installation, I was asked to provide an email address for “generating Let’s Encrypt certificates”. I don’t have a clue what what role my email address plays into this nor what email I should provide for the setup, so I just gave one of my personal email address. Everything worked fine and the service was completely set up in the VPS.
However, logging into the dashboard, I was informed by my browser that the certificate of the website is self signed and visiting the page may be dangerous. Although I was later able to access the panel with https enabled, I felt this setup is not okay and decided I would need to fix it.
Unfortunately I have no idea how certificate issuing works. I tried to search for a solution online and read the docs for Pangolin and Traefik as well as rewatch the tutorial through which I set up Pangolin, but either they tend to skip explaining the email thing or go too much into detail without even explaining where to start. I also checked my inbox to see if the CA pinged me or something but to no avail.
I feel like I’m missing something in my setup which was apparent to everybody else. I would really appreciate if someone could help me ELI5 what the root cause of this ‘email’ problem is and how to fix it. I am willing to set up the service all over again or edit the config files if needed but I just need to know what to do.
You must log in or # to comment.
How long did you wait to visit the site after adding it to pangolin? I ask, because if you set it up and go within 30 seconds of saving you may see the cert warning initially. It can LetsEncrypt time to verify a site and issue a cert. it’s usually pretty fast, but I’ve seen it take up to 30 seconds or a little longer.
I’ve hit the same thing where I setup a site through Pangolin and go to it too fast, but if I just close the tab and wait about 20 seconds then go again, it all comes up with a proper cert. hope that helps.
Let’s Encrypt is fully automated and will issue certificates as long as you provide an email address AND have a proper, working config. Don’t get stuck on that email “issue”, your problems will lie somewhere else.
As always when problems arise: check the log files.
I’ve gone through their automatic setup and followed the youtube tutorial from Lawrence Systems. I entered all the required information for the setup correctly (apart from the email maybe). The tutor got his dashboard page hosted with https properly enabled with no additional configuration and I expected mine to work the same. I’ve tried to regenerate the certificates according to the official docs, but I still get the same result. I honestly don’t know where else the problem could’ve arised. As much as I hate it, I think I’ll have to go through the logs after all.
As much as I hate it, I think I’ll have to go through the logs after all.
Selfhosting without checking the logs to hunt down errors? That’s not going to be pretty.
The mail address is not the issue. You can enter any address you want there if you don’t care about Let’s Encrypt being able to reach you in case of problems (they won’t).
Don’t be afraid of the logs. You don’t have to read or understand every line of them. You have an issue with your certificate? Search for certificate and read the lines above and below to get clues what might have gone wrong.
Thank you for your assist. I found the underlying issue to be with the DNS from the domain provider. I switched to Cloudflare DNS and now it works flawlessly.
for future reference there are a few ports that need to be open for let’s encrypt to work, and it has a very small timeout (as you have found) so if the dns isn’t great it fails. Cloudflare will cache your site/dns so usually works
The email used to be used to send you notices if your cert wasn’t renewed and other communications. They’ve just discontinued that feature, so the email isn’t super important.
It’s a good idea to provide a valid email address, but it’s not that important and doesn’t really matter for the purpose of issuing a certificate. It’s not part of the problem you’re having.
I’m not familiar with pangolin but it looks like they document how to set it up: https://docs.fossorial.io/Pangolin/Configuration/wildcard-certs
