Drone missing certificate

Similar to Autocert unable to authorize our drone instance is having issues to handshake using autocert.

We migrated from Jenkins to Drone a while back, without any issues. We are very happy with the software, thanks for the great work.

Upon getting back from easter our certificate had expired, we could access the drone via http but not using https.

Our drone using configured using docker compose and we are using - DRONE_TLS_AUTOCERT=true.

We retried stopping and starting the docker container, my belief was that drone would automatically renew the certificate.
We also tried changing our docker image from version 1 to latest.
We also wiped the EC2 instance that the drone docker is running on and recreated it (we are using terraform).

However, none of these steps changed anything. Running docker logs ... on the instance gives

2021/04/06 14:06:31 http: TLS handshake error from "https://acme-v02.api.letsencrypt.org/acme/authz-v3/[redacted]": acme/autocert: unable to satisfy [redacted] for domain [redacted]: no viable challenge type found
2021/04/06 14:06:31 http: TLS handshake error from [redacted]: acme/autocert: missing certificate

Visiting the "https://acme-v02.api.letsencrypt.org/acme/authz-v3/[redacted] address tells us that the status is “deactivated” and there are three types of challanges; http-01, dns-01, tls-alpn-01, all of which are pending.

Given that our environment did not change, neither the EC2 instance we were running on or the drone docker container changes I suspect that something outside our control has changed. My hope was that a new version would resolve this but since this has not been the case I’m I bit lost in terms of where to look next. Any help would be greatly appreciated.


Turns out our firewall was preventing ingress from the letsencrypt. Opening access and restarting the container solved the issue.

This issue can be closed.