OPNsense Forum
English Forums => General Discussion => Topic started by: ikkeT on August 04, 2018, 08:57:09 am
-
Hi,
my certs won't t get renewed, and now I can't get new ones. It might be due having many HAproxy rules, perhaps one of them breaks acme.
Does anyone have idea where this loop fails at? What is it trying to do, and which might break it?
[Sat Aug 4 09:42:41 EEST 2018] ok, let's start to verify
[Sat Aug 4 09:42:41 EEST 2018] Verifying:mydomain.com
[Sat Aug 4 09:42:41 EEST 2018] d='mydomain.com'
[Sat Aug 4 09:42:41 EEST 2018] keyauthorization='snipped'
[Sat Aug 4 09:42:41 EEST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug 4 09:42:41 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Aug 4 09:42:41 EEST 2018] wellknown_path='/var/etc/acme-client/challenges/.well-known/acme-challenge'
[Sat Aug 4 09:42:41 EEST 2018] writing token:snipped to /var/etc/acme-client/challenges/.well-known/acme-challenge/snipped
[Sat Aug 4 09:42:41 EEST 2018] Changing owner/group of .well-known to root:wheel
[Sat Aug 4 09:42:41 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug 4 09:42:41 EEST 2018] payload='{"resource": "challenge", "keyAuthorization": "snipped"}'
[Sat Aug 4 09:42:41 EEST 2018] POST
[Sat Aug 4 09:42:41 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug 4 09:42:41 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Aug 4 09:42:42 EEST 2018] _ret='0'
[Sat Aug 4 09:42:42 EEST 2018] code='202'
[Sat Aug 4 09:42:42 EEST 2018] sleep 2 secs to verify
[Sat Aug 4 09:42:44 EEST 2018] checking
[Sat Aug 4 09:42:44 EEST 2018] GET
[Sat Aug 4 09:42:44 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug 4 09:42:44 EEST 2018] timeout=
[Sat Aug 4 09:42:44 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Aug 4 09:42:45 EEST 2018] ret='0'
[Sat Aug 4 09:42:45 EEST 2018] Pending
[Sat Aug 4 09:42:45 EEST 2018] sleep 2 secs to verify
[Sat Aug 4 09:42:47 EEST 2018] checking
[Sat Aug 4 09:42:47 EEST 2018] GET
[Sat Aug 4 09:42:47 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug 4 09:42:47 EEST 2018] timeout=
[Sat Aug 4 09:42:47 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Aug 4 09:42:47 EEST 2018] ret='0'
[Sat Aug 4 09:42:47 EEST 2018] Pending
[Sat Aug 4 09:42:47 EEST 2018] sleep 2 secs to verify
It keeps doing that timeout loop. What is blocking it, any log which to follow for acme challenge?
-
You may want to change the Log Level (hidden setting, enable "advanced mode" to see it):
Services -> Let's Encrypt -> Settings
Note that Log Level "debug" breaks the log in the GUI, this is a known limitation.