Solved VULTR Let's encrypt renewal error 401
-
Hey everyone,
Getting emails from Let's Encrypt about cert renewal errors.
Manual renewal from the Cloudron dashboard also fails.(No IPV6 network assigned for this server)
(Dashboard domain and top domain are different. www.xxxx vs my.xxxx)Apologies for my noobness.
Any suggestions on how to fix this? Please help. Dashboard renewal Logs below.
checkCerts
May 26 10:24:48 box:cert/acme2 newOrder: .xxxxxx.space
May 26 10:24:48 box:cert/acme2 sendSignedRequest: using nonce 0102j-SCBFx99KuaeSHqaloDeFpNvxFk5tJl09WFv-jHgxA for url https://acme-v02.api.letsencrypt.org/acme/new-order
May 26 10:24:49 box:cert/acme2 newOrder: created order .xxxxxx.spacee {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":".xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
May 26 10:24:49 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:49 box:cert/acme2 prepareChallenge: http: false
May 26 10:24:49 box:cert/acme2 sendSignedRequest: using nonce 0102W23OIPCeJZW25MpM2IxPZxz6TBYEMgiFfBNu_CGog5k for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
May 26 10:24:49 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *.xxxxxx.space at domain .xxxxxx.space is _acme-challenge
May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
May 26 10:24:49 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:49 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:49 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert
May 26 10:24:50 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
May 26 10:24:50 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
May 26 10:24:50 box:tasks update 580: {"percent":51,"message":"Ensuring certs of www..xxxxxx.space"}
May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space certificate already exists at /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.key
May 26 10:24:50 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167249872685185
May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space cert requires renewal
May 26 10:24:50 box:reverseproxy ensureCertificate: getting certificate for www..xxxxxx.space with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"email@emailco.com"}
May 26 10:24:50 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
May 26 10:24:50 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
May 26 10:24:50 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
May 26 10:24:51 box:cert/acme2 ensureAccount: registering user
May 26 10:24:51 box:cert/acme2 sendSignedRequest: using nonce 0101VXJ7-ucc7hHNeF5KBatcgPr_GQkjxz9QSsfDZVGmKW4 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
May 26 10:24:51 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:24:51 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
May 26 10:24:52 box:cert/acme2 sendSignedRequest: using nonce 01015hsgSSLrDCNtgHS7-uIeGXO7EDUO072wVtWI9vEIEA for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:24:52 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
May 26 10:24:52 box:cert/acme2 newOrder: *..xxxxxx.space
May 26 10:24:53 box:cert/acme2 sendSignedRequest: using nonce 0002HpI-dItUIcvUidvOABCJ-_GQotMiMTOyyTaEazwoGEg for url https://acme-v02.api.letsencrypt.org/acme/new-order
May 26 10:24:53 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
May 26 10:24:53 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:53 box:cert/acme2 prepareChallenge: http: false
May 26 10:24:54 box:cert/acme2 sendSignedRequest: using nonce 0101XZT1-FRZZ9OBrqS92jCSO8xmf5A7ZlaTvWbpbzZxKLo for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
May 26 10:24:54 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
May 26 10:24:54 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:54 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:54 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
May 26 10:24:55 box:cert/acme2 Attempt 1 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
May 26 10:24:55 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
May 26 10:24:55 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
May 26 10:24:55 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
May 26 10:24:55 box:cert/acme2 ensureAccount: registering user
May 26 10:24:56 box:cert/acme2 sendSignedRequest: using nonce 01015CyhCOWdngNjrrcC9e0REzaxYBq-Lpk2n9tdPSmo76Y for url https://acme-v02.api.letsencrypt.org/acme/new-acct
May 26 10:24:56 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:24:56 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 01017PTZBpZ3erNcHskfCXSrkRVEEH6n3UotdBhd6vmevM8 for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:24:57 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
May 26 10:24:57 box:cert/acme2 newOrder: *..xxxxxx.space
May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 0002AyLW9Qe14CjHGYwEDJvGYvVHmYbSSDLrHbCmjwp1XyU for url https://acme-v02.api.letsencrypt.org/acme/new-order
May 26 10:24:58 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
May 26 10:24:58 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:58 box:cert/acme2 prepareChallenge: http: false
May 26 10:24:58 box:cert/acme2 sendSignedRequest: using nonce 0001EAdlM0oH9rTiEyE_uHRmXCognZMtvszbY9w3y6fPhjY for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
May 26 10:24:59 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
May 26 10:24:59 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:59 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:24:59 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
May 26 10:24:59 box:cert/acme2 Attempt 2 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
May 26 10:24:59 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
May 26 10:24:59 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
May 26 10:24:59 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
May 26 10:25:00 box:cert/acme2 ensureAccount: registering user
May 26 10:25:00 box:cert/acme2 sendSignedRequest: using nonce 0002XcUKLhU-qCTHLFtCx7wwN1-iF3QhTggKsC-PyEXP4Ss for url https://acme-v02.api.letsencrypt.org/acme/new-acct
May 26 10:25:01 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:25:01 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
May 26 10:25:01 box:cert/acme2 sendSignedRequest: using nonce 0102SldS-vjTIibkJai7gBmkM8sN82vnVBImEVc0NIHPfpg for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
May 26 10:25:02 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
May 26 10:25:02 box:cert/acme2 newOrder: *..xxxxxx.space
May 26 10:25:02 box:cert/acme2 sendSignedRequest: using nonce 0101URg4dXp5mq-G8UE7FGvwObND19KlVPDYIda9r9pjaPg for url https://acme-v02.api.letsencrypt.org/acme/new-order
May 26 10:25:02 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
May 26 10:25:02 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:25:02 box:cert/acme2 prepareChallenge: http: false
May 26 10:25:03 box:cert/acme2 sendSignedRequest: using nonce 0101roAIjC2AD2ppBU-0gFNyCQ-Dssanu_eFQYLxz8YZSzg for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
May 26 10:25:03 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is acme-challenge
May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
May 26 10:25:03 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:25:03 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
May 26 10:25:03 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
May 26 10:25:04 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert
May 26 10:25:04 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
May 26 10:25:04 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
May 26 10:25:04 box:reverseproxy renewCerts: creating new nginx config since undefined does not have /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert
May 26 10:25:04 box:reverseproxy writeAppNginxConfig: writing config for "www..xxxxxx.space" to /home/yellowtent/platformdata/nginx/applications/e4918aaf-53ca-4463-8f93-b356171e9013.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"www..xxxxxx.space","hasIPv6":true,"ip":"172.23.21.92","port":8000,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e4918aaf-53ca-4463-8f93-b356171e9013","location":"/"},"ocsp":true}
May 26 10:25:04 box:shell reload spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
May 26 10:25:05 box:reverseproxy renewCerts: Renewed certs of []
May 26 10:25:05 box:reverseproxy cleanupCerts: start
May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167081377314815
May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Apr 29 20:37:30 2024 GMT daysLeft=704.8002873379629
May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.xxxxxx.space.host.cert notAfter=May 14 06:25:28 2024 GMT daysLeft=719.2085974768519
May 26 10:25:05 box:reverseproxy cleanupCerts: done -
@mark_ehm said in VULTR Let's encrypt renewal error 401:
May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert
In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .
-
@mark_ehm said in VULTR Let's encrypt renewal error 401:
May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert
In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .
-
Topic has been marked as a question
girish
-
@girish said in VULTR Let's encrypt renewal error 401:
[401] {"error":"Unauthorized IP address:
Thank you sir. You are legend.
-
Topic has been marked as solved girish