Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Lets encrypt failing on me

    Support
    certificates letsencrypt
    2
    2
    240
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpotter702 last edited by girish

      Hello folks,

      I had it issuing good certs, but I had to kill that server and spin up a new one. With this new instance, I'm doing the same thing, but its only falling back to a self signed cert now. Please see my logs and help would be most appreciated. I'm using Cloudfalre Global API method and choosing Prod Wildcard. This is the error right before it fails:

      Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert:

      And here is the full log of the event:
      checkCerts
      Nov 19 21:39:09 box:settings initCache: pre-load settings
      Nov 19 21:39:09 box:taskworker Starting task 46. Logs are at /home/yellowtent/platformdata/logs/tasks/46.log
      Nov 19 21:39:09 box:tasks update 46: {"percent":1,"message":"Ensuring certs of my.purchasing.team"}
      Nov 19 21:39:09 box:reverseproxy ensureCertificate: my.purchasing.team cert does not exist
      Nov 19 21:39:09 box:reverseproxy ensureCertificate: getting certificate for my.purchasing.team with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"potter.jason@gmail.com"}
      Nov 19 21:39:09 box:cert/acme2 getCertificate: attempt 1
      Nov 19 21:39:09 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:09 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:10 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:10 box:cert/acme2 sendSignedRequest: using nonce 0102PdcGurIqBMonW7RI5yn6QbZZzA6Og4bD7sQcZ1napnw for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:10 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:10 box:cert/acme2 sendSignedRequest: using nonce 0101f5JeVl7SEOEArPc6QQYUrMc6Bu29bkeldkpInsIVw-E for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:10 box:cert/acme2 getCertificate: attempt 2
      Nov 19 21:39:10 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:10 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:10 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0101Nm_b8c1vMsJggeUjYsVInB_Iiuh66TxvJzxuCy8fs08 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:11 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0102pGNISIKlY6Ne4308t2u5xJ2QHR2i7ypdntEKp5dxxq8 for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:11 box:cert/acme2 getCertificate: attempt 3
      Nov 19 21:39:11 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:11 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:11 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0002gScWLsKRatFyL1MziFsrdGIhXLql6F-Dy1MRnhxIpPM for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:11 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0002JTYqZHfzYxzN0ARR-HIJ5GCO8iGPQFPWyaQp7PcApQs for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:12 box:reverseproxy ensureCertificate: error: Failed to send new order. Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert: /home/yellowtent/platformdata/nginx/cert/.purchasing.team.cert
      Nov 19 21:39:12 box:reverseproxy ensureCertificate: renewal of my.purchasing.team failed. using fallback certificates for purchasing.team
      Nov 19 21:39:12 box:tasks update 46: {"percent":51,"message":"Ensuring certs of your.purchasing.team"}
      Nov 19 21:39:12 box:reverseproxy ensureCertificate: your.purchasing.team cert does not exist
      Nov 19 21:39:12 box:reverseproxy ensureCertificate: getting certificate for your.purchasing.team with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"potter.jason@gmail.com"}
      Nov 19 21:39:12 box:cert/acme2 getCertificate: attempt 1
      Nov 19 21:39:12 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:12 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:12 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:12 box:cert/acme2 sendSignedRequest: using nonce 00018F_zGIlrPdLOrxTHooFI9bYT44j1VCXXIcAYv1uc63Y for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:12 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:12 box:cert/acme2 sendSignedRequest: using nonce 0101xg4MHIhmz1ELkpsliLeqMMJJ3Us6EFkLQMp8irJcxLc for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:12 box:cert/acme2 getCertificate: attempt 2
      Nov 19 21:39:12 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:12 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:12 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 0102RXrZtuvwl0ZAzXcZ-vIW9xhR2Dz2ofNrddh0tQmar0s for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:13 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 0001Mtwhwo88-f3pNFyHnulY8nQY-D2kLwY9I8JY5ebKNI8 for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:13 box:cert/acme2 getCertificate: attempt 3
      Nov 19 21:39:13 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
      Nov 19 21:39:13 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
      Nov 19 21:39:13 box:cert/acme2 registerUser: registering user
      Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 01022s16KNDTHAUDZGrXbSRSbWX_slAv6vBqTiYkBCsM5r4 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      Nov 19 21:39:13 box:cert/acme2 newOrder: *.purchasing.team
      Nov 19 21:39:14 box:cert/acme2 sendSignedRequest: using nonce 00029Ri5TwTJTIu77h4voLkYbkOntGJuf9dOX9lOHC8K8yM for url https://acme-v02.api.letsencrypt.org/acme/new-order
      Nov 19 21:39:14 box:reverseproxy ensureCertificate: error: Failed to send new order. Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert: /home/yellowtent/platformdata/nginx/cert/
      .purchasing.team.cert
      Nov 19 21:39:14 box:reverseproxy ensureCertificate: renewal of your.purchasing.team failed. using fallback certificates for purchasing.team
      Nov 19 21:39:14 box:reverseproxy renewCerts: Renewed certs of []
      Nov 19 21:39:14 box:reverseproxy cleanupCerts: start
      Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Jan 17 18:03:54 2024 GMT daysLeft=788.517127962963
      Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/potterlabs.xyz.host.cert notAfter=Jan 29 02:46:13 2024 GMT daysLeft=799.8798477662037
      Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/purchasing.team.host.cert notAfter=Jan 26 14:49:29 2024 GMT daysLeft=797.3821161805555
      Nov 19 21:39:14 box:reverseproxy cleanupCerts: done
      Nov 19 21:39:14 box:taskworker Task took 4.248 seconds
      Nov 19 21:39:14 box:tasks setCompleted - 46: {"result":null,"error":null}
      Nov 19 21:39:14 box:tasks update 46: {"percent":100,"result":null,"error":null}

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @jpotter702 last edited by

        @jpotter702 this is fixed in 7.0.4. Settings -> Check For Updates -> Update. Then, Domains -> Renew all Certs.

        G 1 Reply Last reply Reply Quote 0
        • Forked by  girish girish 
        • Locked by  girish girish 
        • First post
          Last post
        Powered by NodeBB