Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved VULTR Let's encrypt renewal error 401

    Support
    vultr certificates
    2
    3
    110
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mark_ehm last edited by girish

      Hey everyone,

      Getting emails from Let's Encrypt about cert renewal errors.
      Manual renewal from the Cloudron dashboard also fails.

      (No IPV6 network assigned for this server)
      (Dashboard domain and top domain are different. www.xxxx vs my.xxxx)

      Apologies for my noobness.

      Any suggestions on how to fix this? Please help. Dashboard renewal Logs below.

      checkCerts
      May 26 10:24:48 box:cert/acme2 newOrder: .xxxxxx.space
      May 26 10:24:48 box:cert/acme2 sendSignedRequest: using nonce 0102j-SCBFx99KuaeSHqaloDeFpNvxFk5tJl09WFv-jHgxA for url https://acme-v02.api.letsencrypt.org/acme/new-order
      May 26 10:24:49 box:cert/acme2 newOrder: created order .xxxxxx.spacee {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":".xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
      May 26 10:24:49 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:49 box:cert/acme2 prepareChallenge: http: false
      May 26 10:24:49 box:cert/acme2 sendSignedRequest: using nonce 0102W23OIPCeJZW25MpM2IxPZxz6TBYEMgiFfBNu_CGog5k for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":"
      .xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
      May 26 10:24:49 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *.xxxxxx.space at domain .xxxxxx.space is _acme-challenge
      May 26 10:24:49 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
      May 26 10:24:49 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:49 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:49 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
      May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert
      May 26 10:24:50 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
      May 26 10:24:50 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
      May 26 10:24:50 box:tasks update 580: {"percent":51,"message":"Ensuring certs of www..xxxxxx.space"}
      May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space certificate already exists at /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.key
      May 26 10:24:50 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167249872685185
      May 26 10:24:50 box:reverseproxy ensureCertificate: www..xxxxxx.space cert requires renewal
      May 26 10:24:50 box:reverseproxy ensureCertificate: getting certificate for www..xxxxxx.space with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"email@emailco.com"}
      May 26 10:24:50 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
      May 26 10:24:50 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
      May 26 10:24:50 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
      May 26 10:24:51 box:cert/acme2 ensureAccount: registering user
      May 26 10:24:51 box:cert/acme2 sendSignedRequest: using nonce 0101VXJ7-ucc7hHNeF5KBatcgPr_GQkjxz9QSsfDZVGmKW4 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      May 26 10:24:51 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:24:51 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
      May 26 10:24:52 box:cert/acme2 sendSignedRequest: using nonce 01015hsgSSLrDCNtgHS7
      -uIeGXO7EDUO072wVtWI9vEIEA for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:24:52 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
      May 26 10:24:52 box:cert/acme2 newOrder: *..xxxxxx.space
      May 26 10:24:53 box:cert/acme2 sendSignedRequest: using nonce 0002HpI-dItUIcvUidvOABCJ-_GQotMiMTOyyTaEazwoGEg for url https://acme-v02.api.letsencrypt.org/acme/new-order
      May 26 10:24:53 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
      May 26 10:24:53 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:53 box:cert/acme2 prepareChallenge: http: false
      May 26 10:24:54 box:cert/acme2 sendSignedRequest: using nonce 0101XZT1-FRZZ9OBrqS92jCSO8xmf5A7ZlaTvWbpbzZxKLo for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
      May 26 10:24:54 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
      May 26 10:24:54 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
      May 26 10:24:54 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:54 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:54 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
      May 26 10:24:55 box:cert/acme2 Attempt 1 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
      May 26 10:24:55 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
      May 26 10:24:55 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
      May 26 10:24:55 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
      May 26 10:24:55 box:cert/acme2 ensureAccount: registering user
      May 26 10:24:56 box:cert/acme2 sendSignedRequest: using nonce 01015CyhCOWdngNjrrcC9e0REzaxYBq-Lpk2n9tdPSmo76Y for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      May 26 10:24:56 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:24:56 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
      May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 01017PTZBpZ3erNcHskfCXSrkRVEEH6n3UotdBhd6vmevM8 for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:24:57 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
      May 26 10:24:57 box:cert/acme2 newOrder: *..xxxxxx.space
      May 26 10:24:57 box:cert/acme2 sendSignedRequest: using nonce 0002AyLW9Qe14CjHGYwEDJvGYvVHmYbSSDLrHbCmjwp1XyU for url https://acme-v02.api.letsencrypt.org/acme/new-order
      May 26 10:24:58 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
      May 26 10:24:58 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:58 box:cert/acme2 prepareChallenge: http: false
      May 26 10:24:58 box:cert/acme2 sendSignedRequest: using nonce 0001EAdlM0oH9rTiEyE_uHRmXCognZMtvszbY9w3y6fPhjY for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
      May 26 10:24:59 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is _acme-challenge
      May 26 10:24:59 box:cert/acme2 prepareDnsChallenge: update _acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
      May 26 10:24:59 box:dns upsertDNSRecord: location _acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:59 box:dns/vultr upsert: _acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:24:59 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with _acme-challenge and type TXT
      May 26 10:24:59 box:cert/acme2 Attempt 2 failed. Will retry: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401}
      May 26 10:24:59 box:cert/acme2 getCertificate: for vhost www..xxxxxx.space and domain .xxxxxx.space
      May 26 10:24:59 box:cert/acme2 getCertificate: start acme flow for www..xxxxxx.space from https://acme-v02.api.letsencrypt.org/directory
      May 26 10:24:59 box:cert/acme2 getCertificate: will get wildcard cert for *..xxxxxx.space
      May 26 10:25:00 box:cert/acme2 ensureAccount: registering user
      May 26 10:25:00 box:cert/acme2 sendSignedRequest: using nonce 0002XcUKLhU-qCTHLFtCx7wwN1-iF3QhTggKsC-PyEXP4Ss for url https://acme-v02.api.letsencrypt.org/acme/new-acct
      May 26 10:25:01 box:cert/acme2 ensureAccount: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:25:01 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/438436280 email: email@emailco.com
      May 26 10:25:01 box:cert/acme2 sendSignedRequest: using nonce 0102SldS-vjTIibkJai7gBmkM8sN82vnVBImEVc0NIHPfpg for url https://acme-v02.api.letsencrypt.org/acme/acct/438436280
      May 26 10:25:02 box:cert/acme2 updateContact: contact of user updated to email@emailco.com
      May 26 10:25:02 box:cert/acme2 newOrder: *..xxxxxx.space
      May 26 10:25:02 box:cert/acme2 sendSignedRequest: using nonce 0101URg4dXp5mq-G8UE7FGvwObND19KlVPDYIda9r9pjaPg for url https://acme-v02.api.letsencrypt.org/acme/new-order
      May 26 10:25:02 box:cert/acme2 newOrder: created order ..xxxxxx.space {"status":"pending","expires":"2022-05-26T12:00:37Z","identifiers":[{"type":"dns","value":"..xxxxxx.space"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/438436280/90035862116"}
      May 26 10:25:02 box:cert/acme2 acmeFlow: authorizing https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:25:02 box:cert/acme2 prepareChallenge: http: false
      May 26 10:25:03 box:cert/acme2 sendSignedRequest: using nonce 0101roAIjC2AD2ppBU-0gFNyCQ-Dssanu_eFQYLxz8YZSzg for url https://acme-v02.api.letsencrypt.org/acme/authz-v3/110298178266
      May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: challenges: {"identifier":{"type":"dns","value":".xxxxxx.space"},"status":"pending","expires":"2022-05-26T12:00:37Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/110298178266/rWhUhQ","token":"QS84R3vlsi1x5HPz81M0LOFWgAho4aC_yCIOFrr_tDc"}],"wildcard":true}
      May 26 10:25:03 box:cert/acme2 getChallengeSubdomain: challenge subdomain for hostname *..xxxxxx.space at domain .xxxxxx.space is acme-challenge
      May 26 10:25:03 box:cert/acme2 prepareDnsChallenge: update acme-challenge with Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us
      May 26 10:25:03 box:dns upsertDNSRecord: location acme-challenge on domain .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:25:03 box:dns/vultr upsert: acme-challenge for zone .xxxxxx.space of type TXT with values [""Nn5zHu3TvjruJGf3BZa_f2Wh5sXdlREP7hpYWI2C_us""]
      May 26 10:25:03 box:dns/vultr getInternal: getting dns records of .xxxxxx.space with acme-challenge and type TXT
      May 26 10:25:04 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert
      May 26 10:25:04 box:mailer Email "[Cloudron] Certificate renewal error" sent to email@emailco.com
      May 26 10:25:04 box:reverseproxy ensureCertificate: continue using existing bundle since renewal failed
      May 26 10:25:04 box:reverseproxy renewCerts: creating new nginx config since undefined does not have /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert
      May 26 10:25:04 box:reverseproxy writeAppNginxConfig: writing config for "www..xxxxxx.space" to /home/yellowtent/platformdata/nginx/applications/e4918aaf-53ca-4463-8f93-b356171e9013.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"www..xxxxxx.space","hasIPv6":true,"ip":"172.23.21.92","port":8000,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"e4918aaf-53ca-4463-8f93-b356171e9013","location":"/"},"ocsp":true}
      May 26 10:25:04 box:shell reload spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
      May 26 10:25:05 box:reverseproxy renewCerts: Renewed certs of []
      May 26 10:25:05 box:reverseproxy cleanupCerts: start
      May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/
      ..xxxxxx.space.cert notAfter=Jun 4 05:25:41 2022 GMT daysLeft=9.167081377314815
      May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Apr 29 20:37:30 2024 GMT daysLeft=704.8002873379629
      May 26 10:25:05 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.xxxxxx.space.host.cert notAfter=May 14 06:25:28 2024 GMT daysLeft=719.2085974768519
      May 26 10:25:05 box:reverseproxy cleanupCerts: done

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @mark_ehm last edited by

        @mark_ehm said in VULTR Let's encrypt renewal error 401:

        May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert

        In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .

        M 1 Reply Last reply Reply Quote 1
        • girish
          girish Staff @mark_ehm last edited by

          @mark_ehm said in VULTR Let's encrypt renewal error 401:

          May 26 10:24:50 box:reverseproxy ensureCertificate: error: Vultr DNS error [401] {"error":"Unauthorized IP address: 207.136.122.17","status":401} cert: /home/yellowtent/platformdata/nginx/cert/..xxxxxx.space.cert

          In https://my.vultr.com/settings/#settingsapi -> Access Control, you have to allow the Cloudron server's IP .

          M 1 Reply Last reply Reply Quote 1
          • Topic has been marked as a question  girish girish 
          • M
            mark_ehm @girish last edited by

            @girish said in VULTR Let's encrypt renewal error 401:

            [401] {"error":"Unauthorized IP address:

            Thank you sir. You are legend.

            1 Reply Last reply Reply Quote 0
            • Topic has been marked as solved  girish girish 
            • First post
              Last post
            Powered by NodeBB