[SOLVED] ACME Challenge HTTP-01 stopped working

Started by muchacha_grande, January 31, 2024, 11:03:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2024, 11:03:06 PM Last Edit: February 21, 2024, 09:09:17 PM by muchacha_grande
First of all, I've already solved the problem changing to DNS-01 challenge using cPanel API. But the issue is that I have 6 domains behind Nginx reverse proxy and the last successful renewal was on January, 1st. After that the next renew event on January, 22nd failed and I received an email from Letsencrypt warning me about the failure.
Between the two renew events there was an update from 23.7.10 to 23.7.11 and no other changes.
The renewal was done using HTTP-01 challenge and it worked fine for some years. 

I found this github issue https://github.com/opnsense/plugins/issues/1967#issue-675753796
The error that is reported in this github issue is the same than the reported on my case and there is a change listed in the 23.7.11 log that, in my opinion, could be related:

[system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker)]

I opened this issue as a placeholder in case someone else has encountered this problem.
February 19, 2024, 03:59:20 AM #1
I've got a problem too.  The ACME client on HTTP challenges is not seeing the IP Address of the WAN.   Renewal worked on Jan 15 and failed on Feb 15 2024.

I checked the WAN's IP.  It is correct, but the logs show the IPs listed below.   The format of the log has changed during this time.  It must be an update to the client that is an issue.   I have 1 WAN port and 4 LAN ports only the two LAN ports configured below are connected.  The new client does not appear to see the WAN port.

2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.3.1
2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.1.1

From when it worked:

2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 73.88.76.86
2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 192.168.1.1
February 19, 2024, 05:06:11 PM #2
try to manually assign the external IP address in challenge's options
February 19, 2024, 05:29:28 PM #3
In my case, according to the log, ACME is detecting the IP correctly.
February 19, 2024, 06:00:21 PM #4
Quote from: bazbaz on February 19, 2024, 05:06:11 PM
try to manually assign the external IP address in challenge's options

this works for my setup.

Thanks
February 19, 2024, 10:46:53 PM #5
Quote from: bazbaz on February 19, 2024, 05:06:11 PM
try to manually assign the external IP address in challenge's options

Thanks, this could work, but I'm on a dynamic IP address.

Seems like there's a bug since multiple people are reporting this.
February 21, 2024, 09:08:31 PM #6
This problem was addressed on 24.1.2 update
Print
Go Up Pages1
User actions