OPNsense Forum

English Forums => General Discussion => Topic started by: ikkeT on August 04, 2018, 08:57:09 am

Title: What fails in letsencrypt acme challenge?
Post by: ikkeT on August 04, 2018, 08:57:09 am

Hi,

my certs won't t get renewed, and now I can't get new ones. It might be due having many HAproxy rules, perhaps one of them breaks acme.

Does anyone have idea where this loop fails at? What is it trying to do, and which might break it?

Code: [Select]

[Sat Aug  4 09:42:41 EEST 2018] ok, let's start to verify
[Sat Aug  4 09:42:41 EEST 2018] Verifying:mydomain.com
[Sat Aug  4 09:42:41 EEST 2018] d='mydomain.com'
[Sat Aug  4 09:42:41 EEST 2018] keyauthorization='snipped'
[Sat Aug  4 09:42:41 EEST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:41 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Aug  4 09:42:41 EEST 2018] wellknown_path='/var/etc/acme-client/challenges/.well-known/acme-challenge'
[Sat Aug  4 09:42:41 EEST 2018] writing token:snipped to /var/etc/acme-client/challenges/.well-known/acme-challenge/snipped
[Sat Aug  4 09:42:41 EEST 2018] Changing owner/group of .well-known to root:wheel
[Sat Aug  4 09:42:41 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:41 EEST 2018] payload='{"resource": "challenge", "keyAuthorization": "snipped"}'
[Sat Aug  4 09:42:41 EEST 2018] POST
[Sat Aug  4 09:42:41 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug  4 09:42:41 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:42 EEST 2018] _ret='0'
[Sat Aug  4 09:42:42 EEST 2018] code='202'
[Sat Aug  4 09:42:42 EEST 2018] sleep 2 secs to verify
[Sat Aug  4 09:42:44 EEST 2018] checking
[Sat Aug  4 09:42:44 EEST 2018] GET
[Sat Aug  4 09:42:44 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug  4 09:42:44 EEST 2018] timeout=
[Sat Aug  4 09:42:44 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:45 EEST 2018] ret='0'
[Sat Aug  4 09:42:45 EEST 2018] Pending
[Sat Aug  4 09:42:45 EEST 2018] sleep 2 secs to verify
[Sat Aug  4 09:42:47 EEST 2018] checking
[Sat Aug  4 09:42:47 EEST 2018] GET
[Sat Aug  4 09:42:47 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:47 EEST 2018] timeout=
[Sat Aug  4 09:42:47 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:47 EEST 2018] ret='0'
[Sat Aug  4 09:42:47 EEST 2018] Pending
[Sat Aug  4 09:42:47 EEST 2018] sleep 2 secs to verify

It keeps doing that timeout loop. What is blocking it, any log which to follow for acme challenge?

Title: Re: What fails in letsencrypt acme challenge?
Post by: fraenki on August 14, 2018, 04:23:33 pm

You may want to change the Log Level (hidden setting, enable "advanced mode" to see it):
Services -> Let's Encrypt -> Settings

Note that Log Level "debug" breaks the log in the GUI, this is a known limitation.