What fails in letsencrypt acme challenge?

Started by ikkeT, August 04, 2018, 08:57:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 04, 2018, 08:57:09 AM
Hi,

my certs won't t get renewed, and now I can't get new ones. It might be due having many HAproxy rules, perhaps one of them breaks acme.

Does anyone have idea where this loop fails at? What is it trying to do, and which might break it?


Code Select

[Sat Aug  4 09:42:41 EEST 2018] ok, let's start to verify
[Sat Aug  4 09:42:41 EEST 2018] Verifying:mydomain.com
[Sat Aug  4 09:42:41 EEST 2018] d='mydomain.com'
[Sat Aug  4 09:42:41 EEST 2018] keyauthorization='snipped'
[Sat Aug  4 09:42:41 EEST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:41 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Aug  4 09:42:41 EEST 2018] wellknown_path='/var/etc/acme-client/challenges/.well-known/acme-challenge'
[Sat Aug  4 09:42:41 EEST 2018] writing token:snipped to /var/etc/acme-client/challenges/.well-known/acme-challenge/snipped
[Sat Aug  4 09:42:41 EEST 2018] Changing owner/group of .well-known to root:wheel
[Sat Aug  4 09:42:41 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:41 EEST 2018] payload='{"resource": "challenge", "keyAuthorization": "snipped"}'
[Sat Aug  4 09:42:41 EEST 2018] POST
[Sat Aug  4 09:42:41 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug  4 09:42:41 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:42 EEST 2018] _ret='0'
[Sat Aug  4 09:42:42 EEST 2018] code='202'
[Sat Aug  4 09:42:42 EEST 2018] sleep 2 secs to verify
[Sat Aug  4 09:42:44 EEST 2018] checking
[Sat Aug  4 09:42:44 EEST 2018] GET
[Sat Aug  4 09:42:44 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped
[Sat Aug  4 09:42:44 EEST 2018] timeout=
[Sat Aug  4 09:42:44 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:45 EEST 2018] ret='0'
[Sat Aug  4 09:42:45 EEST 2018] Pending
[Sat Aug  4 09:42:45 EEST 2018] sleep 2 secs to verify
[Sat Aug  4 09:42:47 EEST 2018] checking
[Sat Aug  4 09:42:47 EEST 2018] GET
[Sat Aug  4 09:42:47 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/snipped'
[Sat Aug  4 09:42:47 EEST 2018] timeout=
[Sat Aug  4 09:42:47 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Aug  4 09:42:47 EEST 2018] ret='0'
[Sat Aug  4 09:42:47 EEST 2018] Pending
[Sat Aug  4 09:42:47 EEST 2018] sleep 2 secs to verify


It keeps doing that timeout loop. What is blocking it, any log which to follow for acme challenge?
August 14, 2018, 04:23:33 PM #1
You may want to change the Log Level (hidden setting, enable "advanced mode" to see it):
Services -> Let's Encrypt -> Settings

Note that Log Level "debug" breaks the log in the GUI, this is a known limitation.
Print
Go Up Pages1
User actions