Show Posts
1
German - Deutsch / Lets encrypt funktioniert für ein Zertifikat nicht mehr
« on: August 01, 2019, 02:11:59 am »
Hallo
Ich habe die OPNSense nun längere Zeit im Einsatz und konnte bis jetzt immer alle Zertifikate erneuern.
Seit neustem funktioniert aber genau ein Zertifikat nicht mehr (ein anderes geht ohne Probleme). Ich habe bereits alle Zertifikate gelöscht, ACME Reset durchgeführt und den Account geändert, nutzen tue ich http für die validierung.
einen Verbindungsfehler schliesse ich aus, da das 2. Zertifikat ohne Probleme geht. Das Zertifikat welches nicht geht ist seit 2 Tagen abgelaufen weil es nicht erneuert werden konnte.
Ich hoffe jemand kann mit helfen, sitze nun 2 Tage dran und das einzige was mir noch einfällt wäre eine Neuinstallation.
OPNSense Version:
OPNsense 19.7.1-amd64
FreeBSD 11.2-RELEASE-p11-HBSD
OpenSSL 1.0.2s 28 May 2019
Ist eine VM auf Hyper-V
Grüsse
Jan
Ich habe die OPNSense nun längere Zeit im Einsatz und konnte bis jetzt immer alle Zertifikate erneuern.
Seit neustem funktioniert aber genau ein Zertifikat nicht mehr (ein anderes geht ohne Probleme). Ich habe bereits alle Zertifikate gelöscht, ACME Reset durchgeführt und den Account geändert, nutzen tue ich http für die validierung.
Code: [Select]
[Thu Aug 1 02:01:23 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 1 02:01:23 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Thu Aug 1 02:01:23 CEST 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Thu Aug 1 02:01:23 CEST 2019] DOMAIN_PATH='/var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:23 CEST 2019] '/var/etc/acme-client/challenges' does not contain 'dns'
[Thu Aug 1 02:01:23 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 1 02:01:23 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 1 02:01:23 CEST 2019] GET
[Thu Aug 1 02:01:23 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Thu Aug 1 02:01:23 CEST 2019] timeout=
[Thu Aug 1 02:01:23 CEST 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Thu Aug 1 02:01:24 CEST 2019] ret='0'
[Thu Aug 1 02:01:24 CEST 2019] response='{
"dfyJtaSz7Ns": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Thu Aug 1 02:01:24 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Thu Aug 1 02:01:24 CEST 2019] ACME_NEW_AUTHZ
[Thu Aug 1 02:01:24 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 1 02:01:24 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Thu Aug 1 02:01:24 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 1 02:01:24 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 1 02:01:24 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 1 02:01:24 CEST 2019] ACME_VERSION='2'
[Thu Aug 1 02:01:24 CEST 2019] _on_before_issue
[Thu Aug 1 02:01:24 CEST 2019] _chk_main_domain='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:24 CEST 2019] _chk_alt_domains
[Thu Aug 1 02:01:24 CEST 2019] '/var/etc/acme-client/challenges' does not contain 'no'
[Thu Aug 1 02:01:24 CEST 2019] Le_LocalAddress
[Thu Aug 1 02:01:24 CEST 2019] d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:24 CEST 2019] Check for domain='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:24 CEST 2019] _currentRoot='/var/etc/acme-client/challenges'
[Thu Aug 1 02:01:24 CEST 2019] d
[Thu Aug 1 02:01:24 CEST 2019] '/var/etc/acme-client/challenges' does not contain 'apache'
[Thu Aug 1 02:01:24 CEST 2019] _saved_account_key_hash='y3O1L6ApqNnBwAF9ZhGIslHVaOryYSBrf5Px+QfG+Qo='
[Thu Aug 1 02:01:24 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 1 02:01:24 CEST 2019] Read key length:
[Thu Aug 1 02:01:24 CEST 2019] Creating domain key
[Thu Aug 1 02:01:24 CEST 2019] Using config home:/var/etc/acme-client/home
[Thu Aug 1 02:01:24 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Thu Aug 1 02:01:24 CEST 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Thu Aug 1 02:01:24 CEST 2019] _createkey for file:/var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch/JGRSRVFWL01.home.jgrimm.ch.key
[Thu Aug 1 02:01:24 CEST 2019] Use length 4096
[Thu Aug 1 02:01:24 CEST 2019] Using RSA: 4096
[Thu Aug 1 02:01:26 CEST 2019] The domain key is here: /var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch/JGRSRVFWL01.home.jgrimm.ch.key
[Thu Aug 1 02:01:26 CEST 2019] _createcsr
[Thu Aug 1 02:01:26 CEST 2019] domain='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] domainlist
[Thu Aug 1 02:01:26 CEST 2019] csrkey='/var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch/JGRSRVFWL01.home.jgrimm.ch.key'
[Thu Aug 1 02:01:26 CEST 2019] csr='/var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch/JGRSRVFWL01.home.jgrimm.ch.csr'
[Thu Aug 1 02:01:26 CEST 2019] csrconf='/var/etc/acme-client/home/JGRSRVFWL01.home.jgrimm.ch/JGRSRVFWL01.home.jgrimm.ch.csr.conf'
[Thu Aug 1 02:01:26 CEST 2019] Single domain='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] _is_idn_d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] _idn_temp
[Thu Aug 1 02:01:26 CEST 2019] _is_idn_d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] _idn_temp
[Thu Aug 1 02:01:26 CEST 2019] _csr_cn='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] Getting domain auth token for each domain
[Thu Aug 1 02:01:26 CEST 2019] _is_idn_d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:26 CEST 2019] _idn_temp
[Thu Aug 1 02:01:26 CEST 2019] d
[Thu Aug 1 02:01:26 CEST 2019] _identifiers='{"type":"dns","value":"JGRSRVFWL01.home.jgrimm.ch"}'
[Thu Aug 1 02:01:26 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 1 02:01:26 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"JGRSRVFWL01.home.jgrimm.ch"}]}'
[Thu Aug 1 02:01:26 CEST 2019] RSA key
[Thu Aug 1 02:01:26 CEST 2019] _URGLY_PRINTF='1'
[Thu Aug 1 02:01:26 CEST 2019] _URGLY_PRINTF='1'
[Thu Aug 1 02:01:27 CEST 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 1 02:01:27 CEST 2019] HEAD
[Thu Aug 1 02:01:27 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 1 02:01:27 CEST 2019] body
[Thu Aug 1 02:01:27 CEST 2019] _postContentType='application/jose+json'
[Thu Aug 1 02:01:27 CEST 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Thu Aug 1 02:01:27 CEST 2019] _ret='0'
[Thu Aug 1 02:01:27 CEST 2019] _headers='HTTP/1.1 200 OK^M
Server: nginx^M
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"^M
Replay-Nonce: mzscfjspqs8LpnDZcufdbjVSR5B72lwGo2xgcFE1rsQ^M
X-Frame-Options: DENY^M
Strict-Transport-Security: max-age=604800^M
Content-Length: 0^M
Expires: Thu, 01 Aug 2019 00:01:27 GMT^M
Cache-Control: max-age=0, no-cache, no-store^M
Pragma: no-cache^M
Date: Thu, 01 Aug 2019 00:01:27 GMT^M
Connection: keep-alive^M
^M'
[Thu Aug 1 02:01:27 CEST 2019] _CACHED_NONCE='mzscfjspqs8LpnDZcufdbjVSR5B72lwGo2xgcFE1rsQ'
[Thu Aug 1 02:01:27 CEST 2019] nonce='mzscfjspqs8LpnDZcufdbjVSR5B72lwGo2xgcFE1rsQ'
[Thu Aug 1 02:01:27 CEST 2019] POST
[Thu Aug 1 02:01:27 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 1 02:01:27 CEST 2019] body='{"protected": "eyJub25jZSI6ICJtenNjZmpzcHFzOExwbkRaY3VmZGJqVlNSNUI3Mmx3R28yeGdjRkUxcnNRIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzO
i8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81OTI4MTkwIn0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IkpHUlNSVkZXTDAxLmhvbWUuamdyaW1tLmNoIn1dfQ", "signature": "AMpFbAX9wZChCdy4O31JpCP_ehi4TB-TEugVRDqKCqy13YCgy02ON3t0Gu
VFaxCDEPV3fNDBOVi0ZfV8UVG7I8pxOm0q6C--2qovuOBuwlbptfHuMkLpio469_MPBRcQHCqvUSzSjDqPekRAXDyXkgHD478P9tqzeA5sTa1mOkTyFwMncKlSkSuo_bJNFu42Uw1-J-k8-Gnp7re_6R7Z-Q8y9J1mZQVy0aQ4j-9PIuIo__Cm1hXRw6Dy1qg9PHW8Ul7nfXJhh8cOtQhofj8VH7vbCpk_NiSTI9C9BbeQGRIMyktCu0suHdBcq-cmA10J
uvWji8Kgw0zudRe-ktooSN1gKKZGjaS0_MKEArt4TQt1acgcS4IPZJtjFx0e4zpS0bEnhHJQi3CivdMNRLdmE2TMXng-F2wTQWcVZC3UL6wxH8aYHFAy8weYP68-I5nLxLIC_lelTHcdCBmSejDpcordt4hbpUzqgogJgkO5lFeDLAlQE8aB8wd1p58s7V62WmxK9m7bHkB_Hgi1C5kvCOPBb3cPBG1ts12WOEkZwCvmRlCu1JXtWXDLvXiJqCftilX-5D
zif5dB5rYMuXyEsTGK9w-6bY9ComDX_MY2osqZEzbJ7FCa7Spyncsmg5C2PW_d8BzTanjWYQL7yupsjI3CrtUSP8BMmv6-ClUo0q4"}'
[Thu Aug 1 02:01:27 CEST 2019] _postContentType='application/jose+json'
[Thu Aug 1 02:01:27 CEST 2019] Http already initialized.
[Thu Aug 1 02:01:27 CEST 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Thu Aug 1 02:01:28 CEST 2019] _ret='0'
[Thu Aug 1 02:01:28 CEST 2019] responseHeaders='HTTP/1.1 100 Continue^M
Expires: Thu, 01 Aug 2019 00:01:28 GMT^M
Cache-Control: max-age=0, no-cache, no-store^M
Pragma: no-cache^M
^M
HTTP/1.1 201 Created^M
Server: nginx^M
Content-Type: application/json^M
Content-Length: 356^M
Boulder-Requester: 5928190^M
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"^M
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/5928190/43349594^M
Replay-Nonce: 1b9AIFgXBsLUG-bEnTa3OPUnJWdcYqiObzkmT2UOLAE^M
X-Frame-Options: DENY^M
Strict-Transport-Security: max-age=604800^M
Expires: Thu, 01 Aug 2019 00:01:28 GMT^M
Cache-Control: max-age=0, no-cache, no-store^M
Pragma: no-cache^M
Date: Thu, 01 Aug 2019 00:01:28 GMT^M
Connection: keep-alive^M
^M'
[Thu Aug 1 02:01:28 CEST 2019] code='201'
[Thu Aug 1 02:01:28 CEST 2019] original='{
"status": "pending",
"expires": "2019-08-07T23:53:04Z",
"identifiers": [
{
"type": "dns",
"value": "jgrsrvfwl01.home.jgrimm.ch"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5928190/43349594"
}'
[Thu Aug 1 02:01:28 CEST 2019] response='{"status":"pending","expires":"2019-08-07T23:53:04Z","identifiers":[{"type":"dns","value":"jgrsrvfwl01.home.jgrimm.ch"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245"],"finalize":
"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5928190/43349594"}'
[Thu Aug 1 02:01:28 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/5928190/43349594'
[Thu Aug 1 02:01:28 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5928190/43349594'
[Thu Aug 1 02:01:28 CEST 2019] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245'
[Thu Aug 1 02:01:28 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245'
[Thu Aug 1 02:01:28 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245'
[Thu Aug 1 02:01:28 CEST 2019] payload
[Thu Aug 1 02:01:28 CEST 2019] Use cached jwk for file: /var/etc/acme-client/accounts/5ad4724bab82b6.83010521/account.key
[Thu Aug 1 02:01:28 CEST 2019] Use _CACHED_NONCE='1b9AIFgXBsLUG-bEnTa3OPUnJWdcYqiObzkmT2UOLAE'
[Thu Aug 1 02:01:28 CEST 2019] nonce='1b9AIFgXBsLUG-bEnTa3OPUnJWdcYqiObzkmT2UOLAE'
[Thu Aug 1 02:01:28 CEST 2019] POST
[Thu Aug 1 02:01:28 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2194245'
[Thu Aug 1 02:01:28 CEST 2019] body='{"protected": "eyJub25jZSI6ICIxYjlBSUZnWEJzTFVHLWJFblRhM09QVW5KV2RjWXFpT2J6a21UMlVPTEFFIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzIxOTQyNDUiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6I
CJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTkyODE5MCJ9", "payload": "", "signature": "y7QJyTqSx3-OYV-kUgnrFpSPDWzGotxpwGpM1C8ldK_Fpuq0FNBuXze8c9zOExFAc4QHt6mKYcy68BqCI6ZRL7hAwBDw9BXsW43OS9T_duAxxME8r-MOV5dZeHGP4czBgMrC-6-M1UVQuVk
5f0E1dYJwBQ9cFh-FkAE9hOPN2kgZUKOP3zQxHdOtkG4oJI9QJqUeH4Y278LD3xyBUMeUnXFRFqMoRHp1mSwu8vGsqQaNjG_KAXLy4lTzTK9MFno9DqSkXqPSR1xCKnQEK4wiyoAK6C5lo7WMEnTTx5zhK9jDd_eRyWownwIxnjqP8OvRhIvWUMMNhi7Z_DmM_xoE5xnap4yA5ceGibPG489QlPLgACdcVIkc2bb-0k_C3hl9fkQV5whfMs61RK6FCb-6A
FYtaU2DS8_oW-jpvuIlkOxMEvDGoUe98p84Kd3tcwxG-jS_ahqEdYRYFfFkbYRu10aK_prbbO5meK2pl5zXrqnqV-zm36D-aN1Ni0HvNSJluyqVazSaW5M5nsoMDhNWW-H-qDOUX4IkwVXcZXoRINVgF_X5GFtmEGG9hXthUA_Ie3clC8hE4Xdm5cmXN47T42dq8ULsVG7y8-5rD1gBCMYbyv6eGhYZnp-JdXuzFNRclql0MKfeJk4I1DNtx8AObLEKKG-
7_UrLOTLandOZumE"}'
[Thu Aug 1 02:01:28 CEST 2019] _postContentType='application/jose+json'
[Thu Aug 1 02:01:28 CEST 2019] Http already initialized.
[Thu Aug 1 02:01:28 CEST 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Thu Aug 1 02:01:29 CEST 2019] _ret='0'
[Thu Aug 1 02:01:29 CEST 2019] responseHeaders='HTTP/1.1 100 Continue^M
Expires: Thu, 01 Aug 2019 00:01:29 GMT^M
Cache-Control: max-age=0, no-cache, no-store^M
Pragma: no-cache^M
^M
HTTP/1.1 200 OK^M
Server: nginx^M
Content-Type: application/json^M
Content-Length: 819^M
Boulder-Requester: 5928190^M
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"^M
Replay-Nonce: cVS6RxjiAOeiuOwFVL73zkwO-oIboTnVL1bOyD2x4p8^M
X-Frame-Options: DENY^M
Strict-Transport-Security: max-age=604800^M
Expires: Thu, 01 Aug 2019 00:01:29 GMT^M
Cache-Control: max-age=0, no-cache, no-store^M
Pragma: no-cache^M
Date: Thu, 01 Aug 2019 00:01:29 GMT^M
Connection: keep-alive^M
^M'
[Thu Aug 1 02:01:29 CEST 2019] code='200'
[Thu Aug 1 02:01:29 CEST 2019] original='{
"identifier": {
"type": "dns",
"value": "jgrsrvfwl01.home.jgrimm.ch"
},
"status": "pending",
"expires": "2019-08-07T23:53:04Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/GxjmNA",
"token": "5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/wxi5MA",
"token": "5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/KCUqYg",
"token": "5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"
}
]
}'
[Thu Aug 1 02:01:29 CEST 2019] response='{"identifier":{"type":"dns","value":"jgrsrvfwl01.home.jgrimm.ch"},"status":"pending","expires":"2019-08-07T23:53:04Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org
/acme/chall-v3/2194245/GxjmNA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/wxi5MA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"t
ype":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/KCUqYg","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"}]}'
[Thu Aug 1 02:01:29 CEST 2019] response='{"identifier":{"type":"dns","value":"jgrsrvfwl01.home.jgrimm.ch"},"status":"pending","expires":"2019-08-07T23:53:04Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org
/acme/chall-v3/2194245/GxjmNA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/wxi5MA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"t
ype":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/KCUqYg","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"}]}'
[Thu Aug 1 02:01:29 CEST 2019] _d='jgrsrvfwl01.home.jgrimm.ch'
[Thu Aug 1 02:01:29 CEST 2019] _authorizations_map='jgrsrvfwl01.home.jgrimm.ch,{"identifier":{"type":"dns","value":"jgrsrvfwl01.home.jgrimm.ch"},"status":"pending","expires":"2019-08-07T23:53:04Z","challenges":[{"type":"http-01","status":"pending","url":"https:
//acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/GxjmNA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/wxi5MA","token":"5VYZNY7UE9X
HUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/KCUqYg","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"}]}
'
[Thu Aug 1 02:01:29 CEST 2019] d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:29 CEST 2019] Getting webroot for domain='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:29 CEST 2019] _w='/var/etc/acme-client/challenges'
[Thu Aug 1 02:01:29 CEST 2019] _currentRoot='/var/etc/acme-client/challenges'
[Thu Aug 1 02:01:29 CEST 2019] _is_idn_d='JGRSRVFWL01.home.jgrimm.ch'
[Thu Aug 1 02:01:29 CEST 2019] _idn_temp
[Thu Aug 1 02:01:29 CEST 2019] response
[Thu Aug 1 02:01:29 CEST 2019] get to authz error.
[Thu Aug 1 02:01:29 CEST 2019] _authorizations_map='jgrsrvfwl01.home.jgrimm.ch,{"identifier":{"type":"dns","value":"jgrsrvfwl01.home.jgrimm.ch"},"status":"pending","expires":"2019-08-07T23:53:04Z","challenges":[{"type":"http-01","status":"pending","url":"https:
//acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/GxjmNA","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/wxi5MA","token":"5VYZNY7UE9X
HUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2194245/KCUqYg","token":"5VYZNY7UE9XHUMYq0DEALXzpqlC9RBRJrB4NZtxjJpw"}]}
'
[Thu Aug 1 02:01:29 CEST 2019] pid
[Thu Aug 1 02:01:29 CEST 2019] No need to restore nginx, skip.
[Thu Aug 1 02:01:29 CEST 2019] _clearupdns
[Thu Aug 1 02:01:29 CEST 2019] dns_entries
[Thu Aug 1 02:01:29 CEST 2019] skip dns.
[Thu Aug 1 02:01:29 CEST 2019] _on_issue_err
[Thu Aug 1 02:01:29 CEST 2019] Please check log file for more details: /var/log/acme.sh.log
[Thu Aug 1 02:01:29 CEST 2019] _chk_vlist
einen Verbindungsfehler schliesse ich aus, da das 2. Zertifikat ohne Probleme geht. Das Zertifikat welches nicht geht ist seit 2 Tagen abgelaufen weil es nicht erneuert werden konnte.
Ich hoffe jemand kann mit helfen, sitze nun 2 Tage dran und das einzige was mir noch einfällt wäre eine Neuinstallation.
OPNSense Version:
OPNsense 19.7.1-amd64
FreeBSD 11.2-RELEASE-p11-HBSD
OpenSSL 1.0.2s 28 May 2019
Ist eine VM auf Hyper-V
Grüsse
Jan