FYI: 31.0.4 has a nasty bug (upstream Nextcloud

https://github.com/nextcloud/server/issues/52545

I asked in the nextcloud forum if there's a workaround since waiting until mid may seems less than ideal.

@Recliner2042 I eventually discovered a problem with my transparent proxy running in front of cloudron. It passed some traffic, blocked others, and the HSTS cache probably didn't help.

The other trick is to try incognito mode on chrome if you have HSTS headaches. That seemed to help me.

Sean

Found it with help of tech support... HSTS locally was masking an issue where my port 80 forwarding was broken. fixed that and the certs renewed just fine..

@girish just sent email. Also tried refresh today and still same behavior...

Sean

@jdaviescoates said in More issues with letsencrypt:

@jayonrails said in More issues with letsencrypt:

Does it happen to all domains or just a specific one?

and what DNS provider/ set-up?

both domains, and I use manual (namecheap), which has not changed. DNS is still resolving.

It's a cname, to an A record that is driven by namecheap dynamic name. been working for over 2 years...

Not 100% sure this is identical to the other issues.. Yeah, I've got 7.3.6 loaded on there. cloudron is not able to renew any of my certs for the sub-applications. I've not changed anything as of recent, just noticed my domain didn't go anywhere.... I hit the "renew certs" button hoping it'd clear out the issue, but no dice.... where to next?

(I cleared out the unique tokens/nonce. I assume they're one shot but wasn't 100% sure)

Feb 05 10:19:48 box:cert/acme2 sendSignedRequest: using nonce --- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:19:48 box:cert/acme2 waitForChallenge: status is "pending" "{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--"}"
Feb 05 10:19:48 box:cert/acme2 Attempt 3 failed. Will retry: Challenge is in pending state
Feb 05 10:20:08 box:cert/acme2 waitingForChallenge: getting status
Feb 05 10:20:08 box:cert/acme2 sendSignedRequest: using nonce -- for url https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw
Feb 05 10:20:09 box:cert/acme2 waitForChallenge: status is "invalid" "{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"173.29.155.194: Invalid response from http://smoke.littleappleservice.com/.well-known/acme-challenge/--: 504","status":403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/201074202356/5rIrmw","token":"--","validationRecord":[{"url":"http://smoke.littleappleservice.com/.well-known/acme-challenge/--","hostname":"smoke.littleappleservice.com","port":"80","addressesResolved":["173.29.155.194"],"addressUsed":"173.29.155.194"}],"validated":"2023-02-05T16:19:06Z"}"
Feb 05 10:20:09 box:cert/acme2 Attempt 4 failed. Will retry: Unexpected status when waiting for challenge: invalid