ACME Client Drops WAN Connection

Started by Layer8, May 12, 2023, 11:48:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 12, 2023, 11:48:41 AM
Hi,

v23.1.7_3 here.

We have the same issue like discussed here: https://forum.opnsense.org/index.php?topic=25776.0

Our WAN connection drops when we try to renew a certificate.

Yesterday we just added two certifcates to acme on this installation and we were able to get the certificates over LE. This action was the last we did yesterday.

Today, we added some more entries and tried to get the certificates for it which lead into instant WAN drop during the time ACME tries to get certificate.

This is what appeared in the ACME Log and was in a loop for almost 30minutes (normal log level):

Quote
[...]
2023-05-12T09:25:17   acme.sh   [Fri May 12 09:25:17 CEST 2023] Sleep 10 and retry.
2023-05-12T09:25:17   acme.sh   [Fri May 12 09:25:17 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:25:17   acme.sh   [Fri May 12 09:25:17 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:25:17   acme.sh   [Fri May 12 09:25:17 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:25:17   acme.sh   [Fri May 12 09:25:17 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Sleep 10 and retry.
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Sleep 10 and retry.
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:25:06   acme.sh   [Fri May 12 09:25:06 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:25:01   acme.sh   [Fri May 12 09:25:01 CEST 2023] Can not init api, for https://acme-v02.api.letsencrypt.org/directory
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Sleep 10 and retry.
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Sleep 10 and retry.
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:24:56   acme.sh   [Fri May 12 09:24:56 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:24:51   acme.sh   [Fri May 12 09:24:51 CEST 2023] Sleep 10 and retry.
2023-05-12T09:24:51   acme.sh   [Fri May 12 09:24:51 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:24:51   acme.sh   [Fri May 12 09:24:51 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Sleep 10 and retry.
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Sleep 10 and retry.
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T09:24:46   acme.sh   [Fri May 12 09:24:46 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6

We missed to change the log level at this time so this is all we know when we initially investigated the problem.

We restarted the ACME plugin, we stopped it and started manually, but even after this kind of restart the plugin continued to generate this log entries.

And then, half an our late, acme changed this behavior. At this time, we did not changed anything on the sense because we investigated our routings and DNS systems because of the WAN drops:


Quote2023-05-12T09:52:39   acme.sh   [Fri May 12 09:52:39 CEST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2023-05-12T09:52:39   acme.sh   [Fri May 12 09:52:39 CEST 2023] Please add '--debug' or '--log' to check more details.
2023-05-12T09:52:39   acme.sh   [Fri May 12 09:52:39 CEST 2023] our.doma.in:Verify error:111.222.333.444: Fetching http://our.doma.in/.well-known/acme-challenge/DzO5vM6mIrp09Jxc5g3YOU4fv8YV-pDO1bI5tkBEpB8: Timeout during connect (likely firewall problem)
2023-05-12T09:52:37   acme.sh   [Fri May 12 09:52:37 CEST 2023] Pending, The CA is processing your order, please just wait. (5/30)
2023-05-12T09:52:34   acme.sh   [Fri May 12 09:52:34 CEST 2023] Pending, The CA is processing your order, please just wait. (4/30)
2023-05-12T09:52:31   acme.sh   [Fri May 12 09:52:31 CEST 2023] Pending, The CA is processing your order, please just wait. (3/30)
2023-05-12T09:52:29   acme.sh   [Fri May 12 09:52:29 CEST 2023] Pending, The CA is processing your order, please just wait. (2/30)
2023-05-12T09:52:26   acme.sh   [Fri May 12 09:52:26 CEST 2023] Pending, The CA is processing your order, please just wait. (1/30)
2023-05-12T09:52:26   acme.sh   [Fri May 12 09:52:26 CEST 2023] Verifying: our.doma.in
2023-05-12T09:52:26   acme.sh   [Fri May 12 09:52:26 CEST 2023] Getting webroot for domain='our.doma.in'
2023-05-12T09:52:24   acme.sh   [Fri May 12 09:52:24 CEST 2023] Getting domain auth token for each domain
2023-05-12T09:52:24   acme.sh   [Fri May 12 09:52:24 CEST 2023] Single domain='our.doma.in'
2023-05-12T09:52:24   acme.sh   [Fri May 12 09:52:24 CEST 2023] The domain key is here: /var/etc/acme-client/home/our.doma.in/our.doma.in.key
2023-05-12T09:52:24   acme.sh   [Fri May 12 09:52:24 CEST 2023] Creating domain key
2023-05-12T09:52:24   acme.sh   [Fri May 12 09:52:24 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
2023-05-12T09:52:13   acme.sh   [Fri May 12 09:52:13 CEST 2023] Sleep 10 and retry.
2023-05-12T09:52:13   acme.sh   [Fri May 12 09:52:13 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:52:13   acme.sh   [Fri May 12 09:52:13 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
2023-05-12T09:51:57   acme.sh   [Fri May 12 09:51:57 CEST 2023] Can not init api, for https://acme-v02.api.letsencrypt.org/directory
2023-05-12T09:51:48   acme.sh   [Fri May 12 09:51:48 CEST 2023] Sleep 10 and retry.
2023-05-12T09:51:48   acme.sh   [Fri May 12 09:51:48 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T09:51:48   acme.sh   [Fri May 12 09:51:48 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6

Then we googled and found the topic which is linked above.

Interesting fact: From the time on when WAN droped, we were able to ping all assigned virtual IP addresses which are located on lo1. At this time, we had no allow rules on our WAN interface configured.



We then checked our ACME and network configuration again for possible errors and changed log level to debug 3.

This is how we configured the challange type:
HTTP-01
OPNsense Web Service (automatic port forward)
IP Auto-Discovery disabled
Selectected Interface lo1
Entered public IP Adress from lo1 like 12.13.14.8

We have several virtual IPs configured on the lo1 interface, like 12.13.14.1 , .2, .3 , ... ,  .8. 

We also added a [WAN] interface rule like: pass if destionation is 12.13.14.0/24.



We retried to get a certificate again which resulted in instant WAN drop while ACME processed the certifcate request. This is the debug level 3 log:

Quote2023-05-12T10:39:59   opnsense   AcmeClient: validation for certificate failed: our.doma.in
2023-05-12T10:39:59   opnsense   AcmeClient: domain validation failed (http01)
2023-05-12T10:33:34   opnsense   AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug 3 --server 'letsencrypt' --webroot /var/etc/acme-client/challenges --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/645de8720875b0.48773709/cert.pem' --keypath '/var/etc/acme-client/keys/645de8720875b0.48773709/private.key' --capath '/var/etc/acme-client/certs/645de8720875b0.48773709/chain.pem' --fullchainpath '/var/etc/acme-client/certs/645de8720875b0.48773709/fullchain.pem' --domain 'our.doma.in' --days '1' --force --keylength '4096' --accountconf '/var/etc/acme-client/accounts/63e3bf5e907b14.68160882_prod/account.conf'
2023-05-12T10:33:34   opnsense   AcmeClient: using challenge type: HTTP-01 über HAProxy HTTP Frontend Integration
2023-05-12T10:33:34   opnsense   AcmeClient: using IPv4 address: 12.13.14.1
2023-05-12T10:33:34   opnsense   AcmeClient: using IPv4 address: 12.13.14.8
2023-05-12T10:33:19   opnsense   AcmeClient: account is registered: LE Default Certificates
2023-05-12T10:33:19   opnsense   AcmeClient: using CA: letsencrypt
2023-05-12T10:33:19   opnsense   AcmeClient: issue certificate: our.doma.in
2023-05-12T10:33:19   opnsense   AcmeClient: certificate must be issued/renewed: our.doma.in

Interesting fact: Two IPs are listed here, but we configured only the .8 address in the challange and Auto discovery was disabled.


Quote2023-05-12T10:39:59   acme.sh   [Fri May 12 10:39:59 CEST 2023] Can not init api, for https://acme-v02.api.letsencrypt.org/directory
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] Sleep 10 and retry.
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] Here is the curl dump log:
2023-05-12T10:39:49   acme.sh   [Fri May 12 10:39:49 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:39:19   acme.sh   [Fri May 12 10:39:19 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.ZOe0pd0E '
2023-05-12T10:39:19   acme.sh   [Fri May 12 10:39:19 CEST 2023] timeout=
2023-05-12T10:39:19   acme.sh   [Fri May 12 10:39:19 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:39:19   acme.sh   [Fri May 12 10:39:19 CEST 2023] GET
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] Sleep 10 and retry.
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] Here is the curl dump log:
2023-05-12T10:39:09   acme.sh   [Fri May 12 10:39:09 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:38:39   acme.sh   [Fri May 12 10:38:39 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.sebWVlBB '
2023-05-12T10:38:39   acme.sh   [Fri May 12 10:38:39 CEST 2023] timeout=
2023-05-12T10:38:39   acme.sh   [Fri May 12 10:38:39 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:38:39   acme.sh   [Fri May 12 10:38:39 CEST 2023] GET
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] Sleep 10 and retry.
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] Here is the curl dump log:
2023-05-12T10:38:29   acme.sh   [Fri May 12 10:38:29 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:37:59   acme.sh   [Fri May 12 10:37:59 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.W8SLTSIf '
2023-05-12T10:37:59   acme.sh   [Fri May 12 10:37:59 CEST 2023] timeout=
2023-05-12T10:37:59   acme.sh   [Fri May 12 10:37:59 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:37:59   acme.sh   [Fri May 12 10:37:59 CEST 2023] GET
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] Sleep 10 and retry.
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] Here is the curl dump log:
2023-05-12T10:37:49   acme.sh   [Fri May 12 10:37:49 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:37:19   acme.sh   [Fri May 12 10:37:19 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.zsdGEiVz '
2023-05-12T10:37:19   acme.sh   [Fri May 12 10:37:19 CEST 2023] timeout=
2023-05-12T10:37:19   acme.sh   [Fri May 12 10:37:19 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:37:19   acme.sh   [Fri May 12 10:37:19 CEST 2023] GET
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] Sleep 10 and retry.
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] Here is the curl dump log:
2023-05-12T10:37:09   acme.sh   [Fri May 12 10:37:09 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:36:39   acme.sh   [Fri May 12 10:36:39 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.plaKhpv3 '
2023-05-12T10:36:38   acme.sh   [Fri May 12 10:36:38 CEST 2023] timeout=
2023-05-12T10:36:38   acme.sh   [Fri May 12 10:36:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:36:38   acme.sh   [Fri May 12 10:36:38 CEST 2023] GET
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] Sleep 10 and retry.
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] Here is the curl dump log:
2023-05-12T10:36:28   acme.sh   [Fri May 12 10:36:28 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:35:58   acme.sh   [Fri May 12 10:35:58 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.ePT0zlfC '
2023-05-12T10:35:58   acme.sh   [Fri May 12 10:35:58 CEST 2023] timeout=
2023-05-12T10:35:58   acme.sh   [Fri May 12 10:35:58 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:35:58   acme.sh   [Fri May 12 10:35:58 CEST 2023] GET
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] Sleep 10 and retry.
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] Here is the curl dump log:
2023-05-12T10:35:48   acme.sh   [Fri May 12 10:35:48 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:35:18   acme.sh   [Fri May 12 10:35:18 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.VzIvoEDc '
2023-05-12T10:35:18   acme.sh   [Fri May 12 10:35:18 CEST 2023] timeout=
2023-05-12T10:35:18   acme.sh   [Fri May 12 10:35:18 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:35:18   acme.sh   [Fri May 12 10:35:18 CEST 2023] GET
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] Sleep 10 and retry.
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] Here is the curl dump log:
2023-05-12T10:35:08   acme.sh   [Fri May 12 10:35:08 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:34:38   acme.sh   [Fri May 12 10:34:38 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.ElCDCtjf '
2023-05-12T10:34:38   acme.sh   [Fri May 12 10:34:38 CEST 2023] timeout=
2023-05-12T10:34:38   acme.sh   [Fri May 12 10:34:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:34:38   acme.sh   [Fri May 12 10:34:38 CEST 2023] GET
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] Sleep 10 and retry.
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] Here is the curl dump log:
2023-05-12T10:34:28   acme.sh   [Fri May 12 10:34:28 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:34:04   acme.sh   [Fri May 12 10:34:04 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.85ROWRlU '
2023-05-12T10:34:04   acme.sh   [Fri May 12 10:34:04 CEST 2023] timeout=
2023-05-12T10:34:04   acme.sh   [Fri May 12 10:34:04 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:34:04   acme.sh   [Fri May 12 10:34:04 CEST 2023] GET
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] Sleep 10 and retry.
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] ret='6'
       == Info: Closing connection 0
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] == Info: Could not resolve host: acme-v02.api.letsencrypt.org
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] Here is the curl dump log:
2023-05-12T10:33:54   acme.sh   [Fri May 12 10:33:54 CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.GIECsytR '
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] timeout=
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] GET
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/our.doma.in'
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] Using config home:/var/etc/acme-client/home
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] _alt_domains='no'
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] _main_domain='our.doma.in'
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] Running cmd: issue
2023-05-12T10:33:34   acme.sh   [Fri May 12 10:33:34 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory


Any ideas?











May 12, 2023, 12:14:22 PM #1
We tried to workaround this issue.

First, we tried to Reset ACME Client which did not work. All configurations in ACME survived the reset button.

Then, we remove the ACME client and we rebooted the sense. After reboot, we installed ACME plugin again and all configurations were available again. Reset is not working again.

December 12, 2023, 08:03:27 PM #2
Any updates on this? We have the same problem. And settings keep persisting after reset.
January 04, 2024, 03:18:34 PM #3
So we removed every single entry from the ACME settings manually, removed plugin, removed the working directory /var/etc/acme-client/, restarted firewall, installed plugin, and setup everything again. For now, it is working.
Print
Go Up Pages1
User actions