Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

VULTR Let's encrypt renewal error 401

Scheduled Pinned Locked Moved Solved Support
vultrcertificates
3 Posts 2 Posters 183 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    mark_ehm
    wrote on last edited by girish
    #1

    Hey everyone,

    Getting emails from Let's Encrypt about cert renewal errors.
    Manual renewal from the Cloudron dashboard also fails.

    (No IPV6 network assigned for this server)
    (Dashboard domain and top domain are different. www.xxxx vs my.xxxx)

    Apologies for my noobness.

    Any suggestions on how to fix this? Please help. Dashboard renewal Logs below.

    checkCerts
    May 26 10:24:48 box:cert/acme2 newOrder: .xxxxxx.space
    May 26 10:24:48 box:cert/acme2 sendSignedRequest: using nonce 0102j-SCBFx99KuaeSHqaloDeFpNvxFk5tJl09WFv-jHgxA for url https://acme-v02.api.letsencrypt.org/acme/new-order
    May 26 10:24:49 box:cert/acme2 newOrder: created order .xxxxxx.spacee {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":".xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
    May 26 10:24:49 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:49 box:cert/acme2 prepareChallenge: http: false
    May 26 10:24:49 box:cert/acme2 sendSignedRequest: using nonce 0102W23OIPCeJZW25MpM2IxPZxz6TBYEMgiFfBNu_CGog5k for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":"    .xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
    May 26 10:24:49 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *.xxxxxx.space at domain .xxxxxx.space is _acme-challenge
    May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
    May 26 10:24:49 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:49 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:49 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
    May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert
    May 26 10:24:50 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
    May 26 10:24:50 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
    May 26 10:24:50 box:tasks update 580: {"percent":51,"message":"Ensuring certs of www..xxxxxx.space"}
    May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space certificate already exists at /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.key
    May 26 10:24:50 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167249872685185
    May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space cert requires renewal
    May 26 10:24:50 box:reverseproxy ensureCertificate: getting certificate for www..xxxxxx.space with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"email@emailco.com"}
    May 26 10:24:50 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
    May 26 10:24:50 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
    May 26 10:24:50 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
    May 26 10:24:51 box:cert/acme2 ensureAccount: registering user
    May 26 10:24:51 box:cert/acme2 sendSignedRequest: using nonce 0101VXJ7-ucc7hHNeF5KBatcgPr_GQkjxz9QSsfDZVGmKW4 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
    May 26 10:24:51 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:24:51 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
    May 26 10:24:52 box:cert/acme2 sendSignedRequest: using nonce 01015hsgSSLrDCNtgHS7    -uIeGXO7EDUO072wVtWI9vEIEA for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:24:52 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
    May 26 10:24:52 box:cert/acme2 newOrder: *..xxxxxx.space
    May 26 10:24:53 box:cert/acme2 sendSignedRequest: using nonce 0002HpI-dItUIcvUidvOABCJ-_GQotMiMTOyyTaEazwoGEg for url https://acme-v02.api.letsencrypt.org/acme/new-order
    May 26 10:24:53 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
    May 26 10:24:53 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:53 box:cert/acme2 prepareChallenge: http: false
    May 26 10:24:54 box:cert/acme2 sendSignedRequest: using nonce 0101XZT1-FRZZ9OBrqS92jCSO8xmf5A7ZlaTvWbpbzZxKLo for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
    May 26 10:24:54 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
    May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
    May 26 10:24:54 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:54 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:54 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
    May 26 10:24:55 box:cert/acme2 Attempt 1 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
    May 26 10:24:55 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
    May 26 10:24:55 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
    May 26 10:24:55 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
    May 26 10:24:55 box:cert/acme2 ensureAccount: registering user
    May 26 10:24:56 box:cert/acme2 sendSignedRequest: using nonce 01015CyhCOWdngNjrrcC9e0REzaxYBq-Lpk2n9tdPSmo76Y for url https://acme-v02.api.letsencrypt.org/acme/new-acct
    May 26 10:24:56 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:24:56 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
    May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 01017PTZBpZ3erNcHskfCXSrkRVEEH6n3UotdBhd6vmevM8 for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:24:57 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
    May 26 10:24:57 box:cert/acme2 newOrder: *..xxxxxx.space
    May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 0002AyLW9Qe14CjHGYwEDJvGYvVHmYbSSDLrHbCmjwp1XyU for url https://acme-v02.api.letsencrypt.org/acme/new-order
    May 26 10:24:58 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
    May 26 10:24:58 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:58 box:cert/acme2 prepareChallenge: http: false
    May 26 10:24:58 box:cert/acme2 sendSignedRequest: using nonce 0001EAdlM0oH9rTiEyE_uHRmXCognZMtvszbY9w3y6fPhjY for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
    May 26 10:24:59 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
    May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
    May 26 10:24:59 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:59 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:24:59 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
    May 26 10:24:59 box:cert/acme2 Attempt 2 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
    May 26 10:24:59 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
    May 26 10:24:59 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
    May 26 10:24:59 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
    May 26 10:25:00 box:cert/acme2 ensureAccount: registering user
    May 26 10:25:00 box:cert/acme2 sendSignedRequest: using nonce 0002XcUKLhU-qCTHLFtCx7wwN1-iF3QhTggKsC-PyEXP4Ss for url https://acme-v02.api.letsencrypt.org/acme/new-acct
    May 26 10:25:01 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:25:01 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
    May 26 10:25:01 box:cert/acme2 sendSignedRequest: using nonce 0102SldS-vjTIibkJai7gBmkM8sN82vnVBImEVc0NIHPfpg for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
    May 26 10:25:02 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
    May 26 10:25:02 box:cert/acme2 newOrder: *..xxxxxx.space
    May 26 10:25:02 box:cert/acme2 sendSignedRequest: using nonce 0101URg4dXp5mq-G8UE7FGvwObND19KlVPDYIda9r9pjaPg for url https://acme-v02.api.letsencrypt.org/acme/new-order
    May 26 10:25:02 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
    May 26 10:25:02 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:25:02 box:cert/acme2 prepareChallenge: http: false
    May 26 10:25:03 box:cert/acme2 sendSignedRequest: using nonce 0101roAIjC2AD2ppBU-0gFNyCQ-Dssanu_eFQYLxz8YZSzg for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
    May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
    May 26 10:25:03 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is acme-challenge
    May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
    May 26 10:25:03 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:25:03 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
    May 26 10:25:03 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
    May 26 10:25:04 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert
    May 26 10:25:04 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
    May 26 10:25:04 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
    May 26 10:25:04 box:reverseproxy renewCerts: creating new nginx config since undefined does not have /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert
    May 26 10:25:04 box:reverseproxy writeAppNginxConfig: writing config for "www..xxxxxx.space" to /home/yellowtent/platformdata/nginx/applications/e4918aaf-53ca-4463-8f93-b356171e9013.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"www..xxxxxx.space","hasIPv6":true,"ip":"172.23.21.92","port":8000,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e4918aaf-53ca-4463-8f93-b356171e9013","location":"/"},"ocsp":true}
    May 26 10:25:04 box:shell reload spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
    May 26 10:25:05 box:reverseproxy renewCerts: Renewed certs of []
    May 26 10:25:05 box:reverseproxy cleanupCerts: start
    May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/    ..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167081377314815
    May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Apr 29 20:37:30 2024 GMT daysLeft=704.8002873379629
    May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.xxxxxx.space.host.cert notAfter=May 14 06:25:28 2024 GMT daysLeft=719.2085974768519
    May 26 10:25:05 box:reverseproxy cleanupCerts: done

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to mark_ehm on last edited by
    #0

    @mark_ehm said in VULTR Let's encrypt renewal error 401:

    May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert

    In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .

    M 1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    replied to mark_ehm on last edited by
    #2

    @mark_ehm said in VULTR Let's encrypt renewal error 401:

    May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert

    In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .

    M 1 Reply Last reply
    1
  • girishG girish marked this topic as a question on
  • M Offline
    M Offline
    mark_ehm
    replied to girish on last edited by
    #3

    @girish said in VULTR Let's encrypt renewal error 401:

    [401] {"error":"Unauthorized IP address:

    Thank you sir. You are legend.

    1 Reply Last reply
    0
  • girishG girish has marked this topic as solved on

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login
  • Don't have an account? Register
  • Login or register to search.