Probleme mit Lets Encrypt

Started by shb256, March 14, 2019, 07:42:25 AM

Previous topic - Next topic
March 14, 2019, 07:42:25 AM Last Edit: March 25, 2019, 10:16:47 PM by shb256
Hallo,

ich hatte Lets Encrypt bereits erfolgreich eingerichtet. Die Zertifikate wurde auch automatisch erneuert.
nun geht es nicht mehr.
Dazu habe ich nun von http auf dns umgestellt

hier der auzug aus dem log
Quote
[Thu Mar 14 07:31:17 CET 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Thu Mar 14 07:31:17 CET 2019] DOMAIN_PATH='/var/etc/acme-client/home/<FQDN>'
[Thu Mar 14 07:31:17 CET 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Thu Mar 14 07:31:17 CET 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Mar 14 07:31:17 CET 2019] GET
[Thu Mar 14 07:31:17 CET 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Mar 14 07:31:17 CET 2019] timeout=
[Thu Mar 14 07:31:17 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:31:18 CET 2019] ret='0'
[Thu Mar 14 07:31:18 CET 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Mar 14 07:31:18 CET 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Mar 14 07:31:18 CET 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Mar 14 07:31:18 CET 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Mar 14 07:31:18 CET 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Mar 14 07:31:18 CET 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Mar 14 07:31:18 CET 2019] ACME_NEW_NONCE
[Thu Mar 14 07:31:18 CET 2019] ACME_VERSION
[Thu Mar 14 07:31:18 CET 2019] Le_NextRenewTime='1557641782'
[Thu Mar 14 07:31:18 CET 2019] _on_before_issue
[Thu Mar 14 07:31:18 CET 2019] _chk_main_domain='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] _chk_alt_domains
[Thu Mar 14 07:31:18 CET 2019] Le_LocalAddress
[Thu Mar 14 07:31:18 CET 2019] d='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] Check for domain='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] _currentRoot='dns_he'
[Thu Mar 14 07:31:18 CET 2019] d
[Thu Mar 14 07:31:18 CET 2019] _saved_account_key_hash is not changed, skip register account.
[Thu Mar 14 07:31:18 CET 2019] Read key length:4096
[Thu Mar 14 07:31:18 CET 2019] _createcsr
[Thu Mar 14 07:31:18 CET 2019] Single domain='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] Getting domain auth token for each domain
[Thu Mar 14 07:31:18 CET 2019] d='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] Getting webroot for domain='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] _w='dns_he'
[Thu Mar 14 07:31:18 CET 2019] _currentRoot='dns_he'
[Thu Mar 14 07:31:18 CET 2019] Getting new-authz for domain='<FQDN>'
[Thu Mar 14 07:31:18 CET 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Mar 14 07:31:18 CET 2019] Try new-authz for the 0 time.
[Thu Mar 14 07:31:18 CET 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Mar 14 07:31:18 CET 2019] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "<FQDN>"}}'
[Thu Mar 14 07:31:18 CET 2019] RSA key
[Thu Mar 14 07:31:18 CET 2019] GET
[Thu Mar 14 07:31:18 CET 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Mar 14 07:31:18 CET 2019] timeout=
[Thu Mar 14 07:31:18 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:31:19 CET 2019] ret='0'
[Thu Mar 14 07:31:19 CET 2019] POST
[Thu Mar 14 07:31:19 CET 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Mar 14 07:31:19 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:31:20 CET 2019] _ret='0'
[Thu Mar 14 07:31:20 CET 2019] code='201'
[Thu Mar 14 07:31:20 CET 2019] The new-authz request is ok.
[Thu Mar 14 07:31:20 CET 2019] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091","token":"6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M"'
[Thu Mar 14 07:31:20 CET 2019] token='6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M'
[Thu Mar 14 07:31:20 CET 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091'
[Thu Mar 14 07:31:20 CET 2019] keyauthorization='6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE'
[Thu Mar 14 07:31:20 CET 2019] dvlist='<FQDN>#6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE#https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091#dns-01#dns_he'
[Thu Mar 14 07:31:20 CET 2019] d
[Thu Mar 14 07:31:20 CET 2019] vlist='<FQDN>#6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE#https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091#dns-01#dns_he,'
[Thu Mar 14 07:31:20 CET 2019] d='<FQDN>'
[Thu Mar 14 07:31:20 CET 2019] _d_alias
[Thu Mar 14 07:31:20 CET 2019] txtdomain='_acme-challenge.<FQDN>'
[Thu Mar 14 07:31:20 CET 2019] txt='yikclV1oa7yAD1uA5nZO7vLHalWY_ccgeP-rAqFnaTw'
[Thu Mar 14 07:31:20 CET 2019] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_he.sh'
[Thu Mar 14 07:31:20 CET 2019] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_he.sh
[Thu Mar 14 07:31:20 CET 2019] Using DNS-01 Hurricane Electric hook
[Thu Mar 14 07:31:20 CET 2019] POST
[Thu Mar 14 07:31:20 CET 2019] _post_url='https://dns.he.net/'
[Thu Mar 14 07:31:20 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:31:21 CET 2019] _ret='0'
[Thu Mar 14 07:31:21 CET 2019] Looking for zone "_acme-challenge.<FQDN>"
[Thu Mar 14 07:31:21 CET 2019] Zone "_acme-challenge.<FQDN>" doesn't exist, let's try a less specific zone.
[Thu Mar 14 07:31:21 CET 2019] Looking for zone "<FQDN>"
[Thu Mar 14 07:31:21 CET 2019] Zone "<FQDN>" doesn't exist, let's try a less specific zone.
[Thu Mar 14 07:31:21 CET 2019] Looking for zone "[FQDN]"
[Thu Mar 14 07:31:21 C5ET 2019] Found relevant zone "[FQDN]" with id "809826" - will be used for domain "_acme-challenge.<FQDN>".
[Thu Mar 14 07:31:21 CET 2019] Zone id "809826" will be used.
[Thu Mar 14 07:31:21 CET 2019] POST
[Thu Mar 14 07:31:21 CET 2019] _post_url='https://dns.he.net/'
[Thu Mar 14 07:31:21 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:31:22 CET 2019] _ret='0'
[Thu Mar 14 07:31:22 CET 2019] TXT record added successfully.
[Thu Mar 14 07:31:22 CET 2019] Sleep 120 seconds for the txt records to take effect
[Thu Mar 14 07:33:22 CET 2019] ok, let's start to verify
[Thu Mar 14 07:33:22 CET 2019] Verifying: <FQDN>
[Thu Mar 14 07:33:22 CET 2019] d='<FQDN>'
[Thu Mar 14 07:33:22 CET 2019] keyauthorization='6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE'
[Thu Mar 14 07:33:22 CET 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091'
[Thu Mar 14 07:33:22 CET 2019] _currentRoot='dns_he'
[Thu Mar 14 07:33:22 CET 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091'
[Thu Mar 14 07:33:22 CET 2019] payload='{"resource": "challenge", "type": "dns-01", "keyAuthorization": "6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE"}'
[Thu Mar 14 07:33:22 CET 2019] POST
[Thu Mar 14 07:33:22 CET 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091'
[Thu Mar 14 07:33:22 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:23 CET 2019] _ret='0'
[Thu Mar 14 07:33:23 CET 2019] code='202'
[Thu Mar 14 07:33:23 CET 2019] sleep 2 secs to verify
[Thu Mar 14 07:33:25 CET 2019] checking
[Thu Mar 14 07:33:25 CET 2019] GET
[Thu Mar 14 07:33:25 CET 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091'
[Thu Mar 14 07:33:25 CET 2019] timeout=
[Thu Mar 14 07:33:25 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:25 CET 2019] ret='0'
[Thu Mar 14 07:33:25 CET 2019] Success
[Thu Mar 14 07:33:25 CET 2019] pid
[Thu Mar 14 07:33:25 CET 2019] Skip for removelevel:
[Thu Mar 14 07:33:25 CET 2019] pid
[Thu Mar 14 07:33:25 CET 2019] No need to restore nginx, skip.
[Thu Mar 14 07:33:25 CET 2019] _clearupdns
[Thu Mar 14 07:33:25 CET 2019] dnsadded='1'
[Thu Mar 14 07:33:25 CET 2019] vlist='<FQDN>#6jaEfhNHADS4BE0Ll1k4ARdSGCMqCpPiYKaMeDy-h_M.j3U7Xtxh92qoToQ4iAVLT0lRZsD6IjkguEbH0sjGlGE#https://acme-v01.api.letsencrypt.org/acme/challenge/iBwJKmXA_MTUIPp4TbRKfbk5o-bMvNDEgUXZ1lkEJSo/13635330091#dns-01#dns_he,'
[Thu Mar 14 07:33:25 CET 2019] Removing DNS records.
[Thu Mar 14 07:33:25 CET 2019] txt='yikclV1oa7yAD1uA5nZO7vLHalWY_ccgeP-rAqFnaTw'
[Thu Mar 14 07:33:25 CET 2019] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_he.sh'
[Thu Mar 14 07:33:25 CET 2019] _d_alias
[Thu Mar 14 07:33:25 CET 2019] Cleaning up after DNS-01 Hurricane Electric hook
[Thu Mar 14 07:33:25 CET 2019] POST
[Thu Mar 14 07:33:25 CET 2019] _post_url='https://dns.he.net/'
[Thu Mar 14 07:33:25 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:26 CET 2019] _ret='0'
[Thu Mar 14 07:33:26 CET 2019] Looking for zone "_acme-challenge.<FQDN>"
[Thu Mar 14 07:33:26 CET 2019] Zone "_acme-challenge.<FQDN>" doesn't exist, let's try a less specific zone.
[Thu Mar 14 07:33:26 CET 2019] Looking for zone "<FQDN>"
[Thu Mar 14 07:33:26 CET 2019] Zone "<FQDN>" doesn't exist, let's try a less specific zone.
[Thu Mar 14 07:33:26 CET 2019] Looking for zone "<fqdn>"
[Thu Mar 14 07:33:26 CET 2019] Found relevant zone "<fqdn>" with id "809826" - will be used for domain "_acme-challenge.<FQDN>".
[Thu Mar 14 07:33:26 CET 2019] Zone id "809826" will be used.
[Thu Mar 14 07:33:26 CET 2019] POST
[Thu Mar 14 07:33:26 CET 2019] _post_url='https://dns.he.net/'
[Thu Mar 14 07:33:26 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:27 CET 2019] _ret='0'
[Thu Mar 14 07:33:27 CET 2019] POST
[Thu Mar 14 07:33:27 CET 2019] _post_url='https://dns.he.net/'
[Thu Mar 14 07:33:27 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:28 CET 2019] _ret='0'
[Thu Mar 14 07:33:28 CET 2019] Record removed successfully.
[Thu Mar 14 07:33:28 CET 2019] Error removing txt for domain:_acme-challenge.<FQDN>
[Thu Mar 14 07:33:28 CET 2019] Verify finished, start to sign.
[Thu Mar 14 07:33:28 CET 2019] i='2'
[Thu Mar 14 07:33:28 CET 2019] j='27'
[Thu Mar 14 07:33:28 CET 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Mar 14 07:33:28 CET 2019] payload='{"resource": "new-cert", "csr": "MIIEszCCApsCAQAwJzElMCMGA1UEAwwcY2xvdWQuaGF1c3ZlcndhbHR1bmctd29sZi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKI2uQFHSlCmvLrByY3yBy3U-CnPFfutUfdKe1_KnyPMxARQS3LfnYUGsN6ZzPKhWLvaF4EcM2T3fe0uN51yOh-MFmG_WzmPJG2Uk8txl28it8skRp6WwBuMkunWTwrOAY-sgnXGspaCoiDKXWcPNH1Cz4_pC9WBgsgBOuGxd1mdIDCj1PxLPlICKzeW0Qzt_0duwjgBRxFPO0uG_sa8h7LUSYFblPBSmLU7jjuB1eysPkZwt95xbd7GfZSaXteNpx0Z8kei-Vy3sCLF1jAhvHP2rK_QlMcMk6JTiG0tpjlXBsLrFvwX4Wlsr6j4BSFQEYdlTMlgy5b9oRdbg6HupPtKPOS0i89WTxjOQjZyd3TkkTyTXFlSR6kTx7YLfFth7Qy3ub3D1V6J7Jo5wcJCxEpt_zUIbCEabcru558vrifE9Hy-bVzVgCQvmXshMgA6ZnMTLO9m3QpRbphJ1pcinnwkm0BVCsKEDvcs1fqgVXM7TMntR81vefjkBYdbEx8hLbYdDI1yaHypUh6JINwwVpgUk3CrvCn1Z_Q4XgoWphBr6gVbTDyfhBxzvW_KkK2g1F2d4XE3UGPZee-BYYmun-GEIK4WA5Wy_HmeZYlwBsi9S9wOHkhhOmo1BMXht7kDwMsEouzmjV3o7lAmRb66uYlrDAddeIdEhBRBS5UptlmDAgMBAAGgRzBFBgkqhkiG9w0BCQ4xODA2MAsGA1UdDwQEAwIF4DAnBgNVHREEIDAeghxjbG91ZC5oYXVzdmVyd2FsdHVuZy13b2xmLmRlMA0GCSqGSIb3DQEBCwUAA4ICAQBxN8kpPuu7OxD7aZWPPvTI2nP7AGyUncdxIMRN8aJf_AUvEsZawgMrlvelhabYftuoqabcXJATxJIibsXAbetRONyh9E9X4GAB7Gs06ycCJZpVCSusMXR-2-LzGFtZVr4U1t7mxIc_WjbZct4_1_8ZUq79w8uNuIeB6RBcBKUjAegKepbtlKkb7NlkET9y0X2HkkVTCPZNLUN14s0Toi3QlLVIaLoekm8Ienm-zyA5P8VNdgdw2q7OKfZRlkaMtaAmby1s3TWN_XTmUqCsvFbOPPqkbmXzRQPaKCNu9ZYsmjyggFze7ksWz3mwlvA9YIHWKEVxxyPB-5c2qq7pSdMdpC1jFXULa6rM11NDy5Id4dGi8F6Ty3P0G5vNGcFyuVcH_rX1BwsaTPD17YwAfo1dja17bIqTm1GOmjioBVx3ecrUSmE9TKIA_Vwgy4UvCOdqkRSdgRczbqZn0uCpkM2pP4tSDObmC8CuRUA5uQUQh8oRFJcZ2FDFOjybISP5GXcmNTW1xjRsj756ZOS4-rKMgr9rvPmdSgsQufG8ChOWUoPUehAX34PrdoY2HzifyxI8uwMCQTqNFA2UtWpYRsxdf1Fl55QFMag5Yko30o8p54R2qdZN5DgGNENPW2kNurSjySqvj4C9qzsND4V18_Qik1zIUoPL0HvmLumPmAEBYA"}'
[Thu Mar 14 07:33:28 CET 2019] POST
[Thu Mar 14 07:33:28 CET 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Mar 14 07:33:28 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:30 CET 2019] _ret='0'
[Thu Mar 14 07:33:30 CET 2019] code='201'
[Thu Mar 14 07:33:30 CET 2019] Le_LinkCert='https://acme-v01.api.letsencrypt.org/acme/cert/0355c97e040755c10f26d28e276f6d7a9087'
[Thu Mar 14 07:33:30 CET 2019] Cert success.
[Thu Mar 14 07:33:30 CET 2019] Your cert is in  /var/etc/acme-client/home/<FQDN>/<FQDN>.cer
[Thu Mar 14 07:33:30 CET 2019] Your cert key is in  /var/etc/acme-client/home/<FQDN>/<FQDN>.key
[Thu Mar 14 07:33:30 CET 2019] Le_LinkIssuer='https://acme-v01.api.letsencrypt.org/acme/issuer-cert'
[Thu Mar 14 07:33:30 CET 2019] _link_issuer_retry='0'
[Thu Mar 14 07:33:30 CET 2019] GET
[Thu Mar 14 07:33:30 CET 2019] url='https://acme-v01.api.letsencrypt.org/acme/issuer-cert'
[Thu Mar 14 07:33:30 CET 2019] timeout=
[Thu Mar 14 07:33:30 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 07:33:30 CET 2019] ret='0'
[Thu Mar 14 07:33:30 CET 2019] The intermediate CA cert is in  /var/etc/acme-client/home/<FQDN>/ca.cer
[Thu Mar 14 07:33:30 CET 2019] And the full chain certs is there:  /var/etc/acme-client/home/<FQDN>/fullchain.cer
[Thu Mar 14 07:33:30 CET 2019] Installing cert to:/var/etc/acme-client/certs/5c86d1826a10a3.57710574/cert.pem
[Thu Mar 14 07:33:30 CET 2019] Installing CA to:/var/etc/acme-client/certs/5c86d1826a10a3.57710574/chain.pem
[Thu Mar 14 07:33:30 CET 2019] Installing key to:/var/etc/acme-client/keys/5c86d1826a10a3.57710574/private.key
[Thu Mar 14 07:33:30 CET 2019] Installing full chain to:/var/etc/acme-client/certs/5c86d1826a10a3.57710574/fullchain.pem
[Thu Mar 14 07:33:30 CET 2019] _on_issue_success

die zertifikate hat er ja wohl runtergeladen

Quoteroot@OPNsense:~ # ls -lha /var/etc/acme-client/certs/5c86d1826a10a3.57710574/*
-rwxr-x---  1 root  wheel   2.2K Mar 14 07:33 /var/etc/acme-client/certs/5c86d1826a10a3.57710574/cert.pem
-rwxr-x---  1 root  wheel   1.6K Mar 14 07:33 /var/etc/acme-client/certs/5c86d1826a10a3.57710574/chain.pem
-rwxr-x---  1 root  wheel   3.8K Mar 14 07:33 /var/etc/acme-client/certs/5c86d1826a10a3.57710574/fullchain.pem

in der GUI sagt er
Quotevalidation failed   13.3.2019, 20:50:41
ist sogar noch von gestern

kann mir jemand sagen, wo das problem ist?

danke
shb

Hallo shb,
hast Du mal in den Browser-Infos zum Zertifikat nachgeschaut, ob das neue Zert. vielleicht doch bereits benutzt wird?
Die GUI lügt nämlich....
Bei meinen Versuchen musste ich auf der Staging-Plattform zwei mal eine Neuausstellung des Zerts erzwingen, bis es geklappt hat. Dann habe ich auf die Produktiv-Plattform umgeschaltet und wieder neu ausgestellt - das hat auch geklappt - GUI zeigt OK für alle Zerts.
Einen Tag später habe ich bei zwei der Zerts Änderungen gemacht und neu ausgestellt (Prod.), was zu einem Fehler führte.
Habe die Änderungen zurück genommen und wieder neu ausgestellt - die GUI zweigt weiterhin Fehler an.
Im Browser und Log sehe ich aber, dass alles geklappt hat...
Ich habe aber per HTTP-01 gearbeitet..
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G

QuoteDie GUI lügt nämlich....

ja tut sie, ich bin es nur nicht gewöhnt, dass sie das tut

Danke für die Rückmeldung