Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved More issues with letsencrypt

    Support
    letsencrypt certificates
    4
    7
    120
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seanmahrt last edited by girish

      Not 100% sure this is identical to the other issues.. Yeah, I've got 7.3.6 loaded on there. cloudron is not able to renew any of my certs for the sub-applications. I've not changed anything as of recent, just noticed my domain didn't go anywhere.... I hit the "renew certs" button hoping it'd clear out the issue, but no dice.... where to next?

      (I cleared out the unique tokens/nonce. I assume they're one shot but wasn't 100% sure)

      Feb 05 10:19:48 box:cert/acme2 sendSignedRequest: using nonce --- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
      Feb 05 10:19:48 box:cert/acme2 waitForChallenge: status is "pending" "{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--"}"
      Feb 05 10:19:48 box:cert/acme2 Attempt 3 failed. Will retry: Challenge is in pending state
      Feb 05 10:20:08 box:cert/acme2 waitingForChallenge: getting status
      Feb 05 10:20:08 box:cert/acme2 sendSignedRequest: using nonce -- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
      Feb 05 10:20:09 box:cert/acme2 waitForChallenge: status is "invalid" "{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"173.29.155.194: Invalid response from http://smoke.littleappleservice.com/.well-known/acme-challenge/--: 504","status":403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--","validationRecord":[{"url":"http://smoke.littleappleservice.com/.well-known/acme-challenge/--","hostname":"smoke.littleappleservice.com","port":"80","addressesResolved":["173.29.155.194"],"addressUsed":"173.29.155.194"}],"validated":"2023-02-05T16:19:06Z"}"
      Feb 05 10:20:09 box:cert/acme2 Attempt 4 failed. Will retry: Unexpected status when waiting for challenge: invalid

      girish 1 Reply Last reply Reply Quote 1
      • J
        jayonrails translator last edited by

        Does it happen to all domains or just a specific one?

        jdaviescoates 1 Reply Last reply Reply Quote 1
        • Topic has been marked as a question  girish girish 
        • jdaviescoates
          jdaviescoates @jayonrails last edited by

          @jayonrails said in More issues with letsencrypt:

          Does it happen to all domains or just a specific one?

          and what DNS provider/ set-up?

          I use Cloudron with Gandi & Hetzner

          S 1 Reply Last reply Reply Quote 0
          • S
            seanmahrt @jdaviescoates last edited by

            @jdaviescoates said in More issues with letsencrypt:

            @jayonrails said in More issues with letsencrypt:

            Does it happen to all domains or just a specific one?

            and what DNS provider/ set-up?

            both domains, and I use manual (namecheap), which has not changed. DNS is still resolving.

            It's a cname, to an A record that is driven by namecheap dynamic name. been working for over 2 years...

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @seanmahrt last edited by

              @seanmahrt strange, we haven't changed anything in the LE code itself (since quite a while). Do you think you can write to us at support@cloudron.io ? Have to debug further to understand what the issue is. Could also be a temporary Let's Encrypt issue.

              S 1 Reply Last reply Reply Quote 0
              • S
                seanmahrt @girish last edited by

                @girish just sent email. Also tried refresh today and still same behavior...

                Sean

                1 Reply Last reply Reply Quote 1
                • S
                  seanmahrt last edited by

                  Found it with help of tech support... HSTS locally was masking an issue where my port 80 forwarding was broken. fixed that and the certs renewed just fine.. 🙂

                  1 Reply Last reply Reply Quote 2
                  • Topic has been marked as solved  S seanmahrt 
                  • First post
                    Last post
                  Powered by NodeBB