Solved More issues with letsencrypt
-
Not 100% sure this is identical to the other issues.. Yeah, I've got 7.3.6 loaded on there. cloudron is not able to renew any of my certs for the sub-applications. I've not changed anything as of recent, just noticed my domain didn't go anywhere.... I hit the "renew certs" button hoping it'd clear out the issue, but no dice.... where to next?
(I cleared out the unique tokens/nonce. I assume they're one shot but wasn't 100% sure)
Feb 05 10:19:48 box:cert/acme2 sendSignedRequest: using nonce --- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:19:48 box:cert/acme2 waitForChallenge: status is "pending" "{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--"}"
Feb 05 10:19:48 box:cert/acme2 Attempt 3 failed. Will retry: Challenge is in pending state
Feb 05 10:20:08 box:cert/acme2 waitingForChallenge: getting status
Feb 05 10:20:08 box:cert/acme2 sendSignedRequest: using nonce -- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:20:09 box:cert/acme2 waitForChallenge: status is "invalid" "{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"173.29.155.194: Invalid response from http://smoke.littleappleservice.com/.well-known/acme-challenge/--: 504","status":403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--","validationRecord":[{"url":"http://smoke.littleappleservice.com/.well-known/acme-challenge/--","hostname":"smoke.littleappleservice.com","port":"80","addressesResolved":["173.29.155.194"],"addressUsed":"173.29.155.194"}],"validated":"2023-02-05T16:19:06Z"}"
Feb 05 10:20:09 box:cert/acme2 Attempt 4 failed. Will retry: Unexpected status when waiting for challenge: invalid -
Does it happen to all domains or just a specific one?
-
Topic has been marked as a question
girish
-
@jayonrails said in More issues with letsencrypt:
Does it happen to all domains or just a specific one?
and what DNS provider/ set-up?
-
@jdaviescoates said in More issues with letsencrypt:
@jayonrails said in More issues with letsencrypt:
Does it happen to all domains or just a specific one?
and what DNS provider/ set-up?
both domains, and I use manual (namecheap), which has not changed. DNS is still resolving.
It's a cname, to an A record that is driven by namecheap dynamic name. been working for over 2 years...
-
@seanmahrt strange, we haven't changed anything in the LE code itself (since quite a while). Do you think you can write to us at support@cloudron.io ? Have to debug further to understand what the issue is. Could also be a temporary Let's Encrypt issue.
-
@girish just sent email. Also tried refresh today and still same behavior...
Sean
-
Found it with help of tech support... HSTS locally was masking an issue where my port 80 forwarding was broken. fixed that and the certs renewed just fine..
-
Topic has been marked as solved S seanmahrt
