Let's Encrypt Probleme nach Update

Started by Fischje2, April 08, 2021, 01:43:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 08, 2021, 01:43:45 PM
Hallo,

ich wusste nicht so recht wohin mit meinem Problem - und da ich eh kein Profi bin, wollte ich es erstmal auf Deutsch versuchen:

Ich betreibe meine opnsense als Proxmox VM.
Es läuft darauf unter anderem wireguard und let's encrypt + haproxy. Es läuft zunächst alles prima, wenn auch nicht mit vielen Regeln. Ich fang erstmal an mich damit zurecht zu finden. Hatte früher eine Sophos UTM im Einsatz.

Nach dem letzten Update habe ich aber ein riesiges Probleme:
In den Protokollen vom let's encrypt über die "acme.sh" bekomme ich eine Fehlermeldung bzgl curl-error (6), was DNS error entspricht und einen Fehler beim Initiieren der API und am Schlimmsten:
Danach funktionieren diverse Dinge rund um DNS, aufrufen von LAN-Geräten untereinander nicht mehr. Einzig ein Neustart der opnsense, auf die ich zum Glück noch komme, holt mein Netzwerk mit meinem DNS-Server wieder ins Leben.
Der Fehler tritt aber wieder auf, sobald sich LE das Zertifikat neu holen will. Das habe ich halt per force gewollt, weil ich ausprobieren wollte was geht.
Was mir im Moment geholfen hat war die komplette VM, mittels Snapshot vor dem Updaten, zurückzuholen.

Ich weiss nicht, was ich an Logs oder Netzplänen liefern müsste, damit jemand mein Problem nachvollziehen kann. Aber so komme ich mit meinen Mitteln nicht weiter - ich kann nicht updaten. Wer kann helfen, was wird gebraucht?

OFF-Topic:
Ich habe erst versucht mich mit meiner gmx Adresse hier im Forum anzumelden. Da bekomme ich aber keine E-Mail, auch nicht im Spam. Kann jemand den Account löschen und ich stelle den hier auf die richtige gmx E-Mail um?

Viele Grüße
Matthias
April 11, 2021, 09:16:16 AM #1
 :(

schade, dann muss ich wohl versuchen die ganze konfiguration auf einer neu installierten umgebung wieder herzustellen.
April 11, 2021, 10:29:38 AM #2
Hallo Matthias


zuerstmal willkommen im Forum.
Quote from: Fischje2 on April 08, 2021, 01:43:45 PM
Ich weiss nicht, was ich an Logs oder Netzplänen liefern müsste, damit jemand mein Problem nachvollziehen kann. Aber so komme ich mit meinen Mitteln nicht weiter - ich kann nicht updaten. Wer kann helfen, was wird gebraucht?
Netzwerkplan:
Irgendein Netzwerkplan ist erstmal besser als keiner ;)
Ist vor deinem ProxMox / vor deiner FW ein weiterer Router?
Hängt die FW direkt im Internet mit einer öffentlichen IP Adresse?


Logs:
Die Log von Let'sEncrypt hast du ja somit bereits gefunden und "interpretiert".
Am besten diese ebenfalls hier hinein werfen. Gegebenfalls deine Domain zensieren.
Auf Konsolenebene kannst du die ACME/LE Log mit "clog /var/log/acmeclient.log" ausgeben lassen. (Lässt sich besser kopieren  ;)  )


Weitere Infos:
Wie ist dein LE konfiguriert?
Was benutzt du für eine Methode? HTTP oder DNS?
Wenn HTTP:
   Wie sieht die "Antwortkette" aus? Antwortet HAProxy mit dem passenden Backend? Soll LE über ein PortForwarding antworten? Oder ist irgendwie ganz was anderes geplant?
      Wenn HAProxy:
         Wie ist dieser Konfiguriert? Passt das wirklich was der HAProxy macht?
April 15, 2021, 11:22:13 AM #3
Code Select
     

WAN / Internet
            :
            : vdsl - öffentliche wechselnde ipv4 / ipv6 (nicht genutzt)
            :
      .-----+-----.
      |  FritzBox  | 
      '-----+-----'
            |
        WAN | 192.168.0.2 - exposed host
            |
      .-----+------.   
      |  OPNsense| 
      '-----+------'   
            |
        LAN | 192.168.1.1/24
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers,etc...)


Let's Encrypt:
Challenge Type:
HTTP-01 mit Opnsense Webdienst - hab das mit HaProxy noch nicht raus, das würde ich alterntiv nutzen, wenn ich es hinbekäme.

Es wird 192.168.1.100 in den challange type einstellungen genutzt, die nicht belegt sein sollte vom dhcp.

Logs:
acmeclient.log
Code Select
Apr 15 08:56:39 OPNsense acme.sh[87172]: [Thu Apr 15 08:56:39 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 08:56:39 OPNsense acme.sh[1392]: [Thu Apr 15 08:56:39 CEST 2021] Can not init api.
Apr 15 08:56:39 OPNsense acme.sh[9179]: [Thu Apr 15 08:56:39 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
Apr 15 08:56:39 OPNsense acme.sh[36410]: [Thu Apr 15 08:56:39 CEST 2021] Multi domain='DNS:123.de,DNS:game.123.de,DNS:www.123.de,DNS:pass.123.de,DNS:nas.123.de,DNS:kellerkinder.123.de,DNS:openproject.123.de,DNS:www.123.123.de'
Apr 15 08:56:39 OPNsense acme.sh[77046]: [Thu Apr 15 08:56:39 CEST 2021] Getting domain auth token for each domain
Apr 15 08:56:39 OPNsense acme.sh[96921]: [Thu Apr 15 08:56:39 CEST 2021] Getting webroot for domain='123.de'
Apr 15 08:56:39 OPNsense acme.sh[11907]: [Thu Apr 15 08:56:39 CEST 2021] Getting new-authz for domain='123.de'
Apr 15 08:57:40 OPNsense acme.sh[82367]: [Thu Apr 15 08:57:40 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 08:57:40 OPNsense acme.sh[91541]: [Thu Apr 15 08:57:40 CEST 2021] Can not init api.
Apr 15 08:58:41 OPNsense acme.sh[37996]: [Thu Apr 15 08:58:41 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 08:58:41 OPNsense acme.sh[53741]: [Thu Apr 15 08:58:41 CEST 2021] Could not get nonce, let's try again.
Apr 15 08:59:44 OPNsense acme.sh[99127]: [Thu Apr 15 08:59:44 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 08:59:44 OPNsense acme.sh[20890]: [Thu Apr 15 08:59:44 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:00:46 OPNsense acme.sh[46418]: [Thu Apr 15 09:00:46 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:00:46 OPNsense acme.sh[65451]: [Thu Apr 15 09:00:46 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:01:49 OPNsense acme.sh[26636]: [Thu Apr 15 09:01:49 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:01:49 OPNsense acme.sh[42457]: [Thu Apr 15 09:01:49 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:02:51 OPNsense acme.sh[1873]: [Thu Apr 15 09:02:51 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:02:51 OPNsense acme.sh[21957]: [Thu Apr 15 09:02:51 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:03:54 OPNsense acme.sh[673]: [Thu Apr 15 09:03:54 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:03:54 OPNsense acme.sh[21746]: [Thu Apr 15 09:03:54 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:04:57 OPNsense acme.sh[4142]: [Thu Apr 15 09:04:57 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:04:57 OPNsense acme.sh[22802]: [Thu Apr 15 09:04:57 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:05:59 OPNsense acme.sh[99912]: [Thu Apr 15 09:05:59 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:05:59 OPNsense acme.sh[19606]: [Thu Apr 15 09:05:59 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:07:02 OPNsense acme.sh[8684]: [Thu Apr 15 09:07:02 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:07:02 OPNsense acme.sh[30791]: [Thu Apr 15 09:07:02 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:08:05 OPNsense acme.sh[22151]: [Thu Apr 15 09:08:05 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:08:05 OPNsense acme.sh[43695]: [Thu Apr 15 09:08:05 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:09:07 OPNsense acme.sh[11786]: [Thu Apr 15 09:09:07 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:09:07 OPNsense acme.sh[31716]: [Thu Apr 15 09:09:07 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:10:10 OPNsense acme.sh[24998]: [Thu Apr 15 09:10:10 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:10:10 OPNsense acme.sh[38390]: [Thu Apr 15 09:10:10 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:11:12 OPNsense acme.sh[33169]: [Thu Apr 15 09:11:12 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:11:12 OPNsense acme.sh[54071]: [Thu Apr 15 09:11:12 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:12:15 OPNsense acme.sh[36003]: [Thu Apr 15 09:12:15 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:12:15 OPNsense acme.sh[53803]: [Thu Apr 15 09:12:15 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:13:18 OPNsense acme.sh[19801]: [Thu Apr 15 09:13:18 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:13:18 OPNsense acme.sh[48538]: [Thu Apr 15 09:13:18 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:14:20 OPNsense acme.sh[5430]: [Thu Apr 15 09:14:20 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:14:20 OPNsense acme.sh[26923]: [Thu Apr 15 09:14:20 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:15:23 OPNsense acme.sh[85463]: [Thu Apr 15 09:15:23 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:15:23 OPNsense acme.sh[7154]: [Thu Apr 15 09:15:23 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:16:25 OPNsense acme.sh[79443]: [Thu Apr 15 09:16:25 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:16:25 OPNsense acme.sh[96669]: [Thu Apr 15 09:16:25 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:17:28 OPNsense acme.sh[63280]: [Thu Apr 15 09:17:28 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:17:28 OPNsense acme.sh[81160]: [Thu Apr 15 09:17:28 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:18:31 OPNsense acme.sh[55387]: [Thu Apr 15 09:18:31 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
Apr 15 09:18:31 OPNsense acme.sh[78633]: [Thu Apr 15 09:18:31 CEST 2021] Could not get nonce, let's try again.
Apr 15 09:18:33 OPNsense acme.sh[93715]: [Thu Apr 15 09:18:33 CEST 2021] Giving up sending to CA server after 20 retries.
Apr 15 09:18:33 OPNsense acme.sh[99359]: [Thu Apr 15 09:18:33 CEST 2021] Can not get domain new authz.
Apr 15 09:18:33 OPNsense acme.sh[24040]: [Thu Apr 15 09:18:33 CEST 2021] Please check log file for more details: /var/log/acme.sh.log
acme.sh.log:
Code Select
[Thu Apr 15 08:55:38 CEST 2021] Using config home:/var/etc/acme-client/home
[Thu Apr 15 08:55:39 CEST 2021] Running cmd: issue
[Thu Apr 15 08:55:39 CEST 2021] _main_domain='123.de'
[Thu Apr 15 08:55:39 CEST 2021] _alt_domains='game.123.de,www.123.de,pass.123.de,nas.123.de,kellerkinder.123.de,openproject.123.de,www.kellerkinder.123.de'
[Thu Apr 15 08:55:39 CEST 2021] Using config home:/var/etc/acme-client/home
[Thu Apr 15 08:55:39 CEST 2021] config file is empty, can not read DEFAULT_ACME_SERVER
[Thu Apr 15 08:55:39 CEST 2021] default_acme_server
[Thu Apr 15 08:55:39 CEST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:55:39 CEST 2021] DOMAIN_PATH='/var/etc/acme-client/home/123.de'
[Thu Apr 15 08:55:39 CEST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 15 08:55:39 CEST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 15 08:55:39 CEST 2021] GET
[Thu Apr 15 08:55:39 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:55:39 CEST 2021] timeout=
[Thu Apr 15 08:55:39 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 08:56:39 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 08:56:39 CEST 2021] ret='6'
[Thu Apr 15 08:56:39 CEST 2021] Can not init api.
[Thu Apr 15 08:56:39 CEST 2021] Le_NextRenewTime='1617229490'
[Thu Apr 15 08:56:39 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 15 08:56:39 CEST 2021] _on_before_issue
[Thu Apr 15 08:56:39 CEST 2021] _chk_main_domain='123.de'
[Thu Apr 15 08:56:39 CEST 2021] _chk_alt_domains='game.123.de,www.123.de,pass.123.de,nas.123.de,kellerkinder.123.de,openproject.123.de,www.kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Le_LocalAddress
[Thu Apr 15 08:56:39 CEST 2021] d='123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='game.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='game.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='www.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='www.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='pass.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='pass.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='nas.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='nas.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='openproject.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='openproject.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d='www.kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Check for domain='www.kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] d
[Thu Apr 15 08:56:39 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Thu Apr 15 08:56:39 CEST 2021] Read key length:4096
[Thu Apr 15 08:56:39 CEST 2021] _createcsr
[Thu Apr 15 08:56:39 CEST 2021] Multi domain='DNS:123.de,DNS:game.123.de,DNS:www.123.de,DNS:pass.123.de,DNS:nas.123.de,DNS:kellerkinder.123.de,DNS:openproject.123.de,DNS:www.kellerkinder.123.de'
[Thu Apr 15 08:56:39 CEST 2021] Getting domain auth token for each domain
[Thu Apr 15 08:56:39 CEST 2021] d='123.de'
[Thu Apr 15 08:56:39 CEST 2021] Getting webroot for domain='123.de'
[Thu Apr 15 08:56:39 CEST 2021] _w='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] _currentRoot='/var/etc/acme-client/challenges'
[Thu Apr 15 08:56:39 CEST 2021] Getting new-authz for domain='123.de'
[Thu Apr 15 08:56:39 CEST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 15 08:56:39 CEST 2021] GET
[Thu Apr 15 08:56:39 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:56:39 CEST 2021] timeout=
[Thu Apr 15 08:56:39 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 08:57:40 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 08:57:40 CEST 2021] ret='6'
[Thu Apr 15 08:57:40 CEST 2021] Can not init api.
[Thu Apr 15 08:57:40 CEST 2021] Try new-authz for the 0 time.
[Thu Apr 15 08:57:40 CEST 2021] url
[Thu Apr 15 08:57:40 CEST 2021] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "123.de"}}'
[Thu Apr 15 08:57:40 CEST 2021] RSA key
[Thu Apr 15 08:57:41 CEST 2021] GET
[Thu Apr 15 08:57:41 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:57:41 CEST 2021] timeout=
[Thu Apr 15 08:57:41 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 08:58:41 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 08:58:41 CEST 2021] ret='6'
[Thu Apr 15 08:58:41 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 08:58:43 CEST 2021] GET
[Thu Apr 15 08:58:43 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:58:43 CEST 2021] timeout=
[Thu Apr 15 08:58:43 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 08:59:44 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 08:59:44 CEST 2021] ret='6'
[Thu Apr 15 08:59:44 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 08:59:46 CEST 2021] GET
[Thu Apr 15 08:59:46 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 08:59:46 CEST 2021] timeout=
[Thu Apr 15 08:59:46 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:00:46 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:00:46 CEST 2021] ret='6'
[Thu Apr 15 09:00:46 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:00:48 CEST 2021] GET
[Thu Apr 15 09:00:48 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:00:48 CEST 2021] timeout=
[Thu Apr 15 09:00:48 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:01:49 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:01:49 CEST 2021] ret='6'
[Thu Apr 15 09:01:49 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:01:51 CEST 2021] GET
[Thu Apr 15 09:01:51 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:01:51 CEST 2021] timeout=
[Thu Apr 15 09:01:51 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:02:51 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:02:51 CEST 2021] ret='6'
[Thu Apr 15 09:02:51 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:02:54 CEST 2021] GET
[Thu Apr 15 09:02:54 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:02:54 CEST 2021] timeout=
[Thu Apr 15 09:02:54 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:03:54 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:03:54 CEST 2021] ret='6'
[Thu Apr 15 09:03:54 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:03:56 CEST 2021] GET
[Thu Apr 15 09:03:56 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:03:56 CEST 2021] timeout=
[Thu Apr 15 09:03:56 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:04:57 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:04:57 CEST 2021] ret='6'
[Thu Apr 15 09:04:57 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:04:59 CEST 2021] GET
[Thu Apr 15 09:04:59 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:04:59 CEST 2021] timeout=
[Thu Apr 15 09:04:59 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:05:59 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:05:59 CEST 2021] ret='6'
[Thu Apr 15 09:05:59 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:06:02 CEST 2021] GET
[Thu Apr 15 09:06:02 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:06:02 CEST 2021] timeout=
[Thu Apr 15 09:06:02 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:07:02 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:07:02 CEST 2021] ret='6'
[Thu Apr 15 09:07:02 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:07:04 CEST 2021] GET
[Thu Apr 15 09:07:04 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:07:04 CEST 2021] timeout=
[Thu Apr 15 09:07:04 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:08:05 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:08:05 CEST 2021] ret='6'
[Thu Apr 15 09:08:05 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:08:07 CEST 2021] GET
[Thu Apr 15 09:08:07 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:08:07 CEST 2021] timeout=
[Thu Apr 15 09:08:07 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:09:07 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:09:07 CEST 2021] ret='6'
[Thu Apr 15 09:09:07 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:09:09 CEST 2021] GET
[Thu Apr 15 09:09:09 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:09:09 CEST 2021] timeout=
[Thu Apr 15 09:09:09 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:10:10 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:10:10 CEST 2021] ret='6'
[Thu Apr 15 09:10:10 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:10:12 CEST 2021] GET
[Thu Apr 15 09:10:12 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:10:12 CEST 2021] timeout=
[Thu Apr 15 09:10:12 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:11:12 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:11:12 CEST 2021] ret='6'
[Thu Apr 15 09:11:12 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:11:15 CEST 2021] GET
[Thu Apr 15 09:11:15 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:11:15 CEST 2021] timeout=
[Thu Apr 15 09:11:15 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:12:15 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:12:15 CEST 2021] ret='6'
[Thu Apr 15 09:12:15 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:12:17 CEST 2021] GET
[Thu Apr 15 09:12:17 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:12:17 CEST 2021] timeout=
[Thu Apr 15 09:12:17 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:13:18 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:13:18 CEST 2021] ret='6'
[Thu Apr 15 09:13:18 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:13:20 CEST 2021] GET
[Thu Apr 15 09:13:20 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:13:20 CEST 2021] timeout=
[Thu Apr 15 09:13:20 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:14:20 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:14:20 CEST 2021] ret='6'
[Thu Apr 15 09:14:20 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:14:22 CEST 2021] GET
[Thu Apr 15 09:14:22 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:14:22 CEST 2021] timeout=
[Thu Apr 15 09:14:22 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:15:23 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:15:23 CEST 2021] ret='6'
[Thu Apr 15 09:15:23 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:15:25 CEST 2021] GET
[Thu Apr 15 09:15:25 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:15:25 CEST 2021] timeout=
[Thu Apr 15 09:15:25 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:16:25 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:16:25 CEST 2021] ret='6'
[Thu Apr 15 09:16:25 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:16:27 CEST 2021] GET
[Thu Apr 15 09:16:27 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:16:27 CEST 2021] timeout=
[Thu Apr 15 09:16:27 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:17:28 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:17:28 CEST 2021] ret='6'
[Thu Apr 15 09:17:28 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:17:30 CEST 2021] GET
[Thu Apr 15 09:17:30 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 15 09:17:30 CEST 2021] timeout=
[Thu Apr 15 09:17:30 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Apr 15 09:18:31 CEST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Thu Apr 15 09:18:31 CEST 2021] ret='6'
[Thu Apr 15 09:18:31 CEST 2021] Could not get nonce, let's try again.
[Thu Apr 15 09:18:33 CEST 2021] Giving up sending to CA server after 20 retries.
[Thu Apr 15 09:18:33 CEST 2021] Can not get domain new authz.
[Thu Apr 15 09:18:33 CEST 2021] pid
[Thu Apr 15 09:18:33 CEST 2021] No need to restore nginx, skip.
[Thu Apr 15 09:18:33 CEST 2021] _clearupdns
[Thu Apr 15 09:18:33 CEST 2021] dns_entries
[Thu Apr 15 09:18:33 CEST 2021] skip dns.
[Thu Apr 15 09:18:33 CEST 2021] _on_issue_err
[Thu Apr 15 09:18:33 CEST 2021] Please check log file for more details: /var/log/acme.sh.log
clog: ERROR: could not write output (Bad address)


April 15, 2021, 09:11:45 PM #4
Quote from: Fischje2 on April 15, 2021, 11:22:13 AM
Let's Encrypt:
Challenge Type:
HTTP-01 mit Opnsense Webdienst - hab das mit HaProxy noch nicht raus, das würde ich alterntiv nutzen, wenn ich es hinbekäme.

Es wird 192.168.1.100 in den challange type einstellungen genutzt, die nicht belegt sein sollte vom dhcp.


Wie kommst du auf die Idee 192.168.1.100 als Challenge einzustellen?


Wenn du keine HAProxy Integration machst, dann macht das LE soweit ich weiß eine PortWeiterleitung auf und versucht zu authentifizieren. Danach macht er dies wieder zu.
April 16, 2021, 11:05:16 AM #5
Also,

nachdem ich deinen Post gelesen habe, superwini2, habe ich nochmal alles neu gemacht. sprich opensense neuste version und neu le und haproxy konfiguriert.

ich fand dabei diese anleitung sehr hilfreich:
https://www.triumvirat.org/2020/02/17/haproxy-reverse-proxy-mit-lets-encrypt-zertifikaten-unter-opnsense-20-1/
wobei ich vieles davon schon so eingestellt hatte. weiß der geier warum, jetzt läuft alles prima druch. wesiten erreichbar und LE funktioniert fein.

danke erstmal für den tipp!
April 16, 2021, 11:21:28 AM #6
Dann war wohl irgendwas an dem ganzen Rumkonfigurieren falsch...
Wie gesagt hat mich bereits die IP Adresse gewundert...



Aber wenn es nun läuft ist es ja umso besser :)
Viel Spaß weiterhin!
Print
Go Up Pages1
User actions