More issues with letsencrypt

seanmahrt

Not 100% sure this is identical to the other issues.. Yeah, I've got 7.3.6 loaded on there. cloudron is not able to renew any of my certs for the sub-applications. I've not changed anything as of recent, just noticed my domain didn't go anywhere.... I hit the "renew certs" button hoping it'd clear out the issue, but no dice.... where to next?

(I cleared out the unique tokens/nonce. I assume they're one shot but wasn't 100% sure)

Feb 05 10:19:48 box:cert/acme2 sendSignedRequest: using nonce --- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:19:48 box:cert/acme2 waitForChallenge: status is "pending" "{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--"}"
Feb 05 10:19:48 box:cert/acme2 Attempt 3 failed. Will retry: Challenge is in pending state
Feb 05 10:20:08 box:cert/acme2 waitingForChallenge: getting status
Feb 05 10:20:08 box:cert/acme2 sendSignedRequest: using nonce -- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:20:09 box:cert/acme2 waitForChallenge: status is "invalid" "{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"173.29.155.194: Invalid response from http://smoke.littleappleservice.com/.well-known/acme-challenge/--: 504","status":403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--","validationRecord":[{"url":"http://smoke.littleappleservice.com/.well-known/acme-challenge/--","hostname":"smoke.littleappleservice.com","port":"80","addressesResolved":["173.29.155.194"],"addressUsed":"173.29.155.194"}],"validated":"2023-02-05T16:19:06Z"}"
Feb 05 10:20:09 box:cert/acme2 Attempt 4 failed. Will retry: Unexpected status when waiting for challenge: invalid

jayonrails

Does it happen to all domains or just a specific one?

jdaviescoates

@jayonrails said in More issues with letsencrypt:

Does it happen to all domains or just a specific one?

and what DNS provider/ set-up?

seanmahrt

@jdaviescoates said in More issues with letsencrypt:

@jayonrails said in More issues with letsencrypt:

Does it happen to all domains or just a specific one?

and what DNS provider/ set-up?

both domains, and I use manual (namecheap), which has not changed. DNS is still resolving.

It's a cname, to an A record that is driven by namecheap dynamic name. been working for over 2 years...

girish

@seanmahrt strange, we haven't changed anything in the LE code itself (since quite a while). Do you think you can write to us at support@cloudron.io ? Have to debug further to understand what the issue is. Could also be a temporary Let's Encrypt issue.

seanmahrt

@girish just sent email. Also tried refresh today and still same behavior...

Sean

seanmahrt

Found it with help of tech support... HSTS locally was masking an issue where my port 80 forwarding was broken. fixed that and the certs renewed just fine..