Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] ACME Challenge HTTP-01 stopped working
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] ACME Challenge HTTP-01 stopped working (Read 2069 times)
muchacha_grande
Full Member
Posts: 219
Karma: 19
[SOLVED] ACME Challenge HTTP-01 stopped working
«
on:
January 31, 2024, 11:03:06 pm »
First of all, I've already solved the problem changing to DNS-01 challenge using cPanel API. But the issue is that I have 6 domains behind Nginx reverse proxy and the last successful renewal was on January, 1st. After that the next renew event on January, 22nd failed and I received an email from Letsencrypt warning me about the failure.
Between the two renew events there was an update from 23.7.10 to 23.7.11 and no other changes.
The renewal was done using HTTP-01 challenge and it worked fine for some years.
I found this github issue
https://github.com/opnsense/plugins/issues/1967#issue-675753796
The error that is reported in this github issue is the same than the reported on my case and there is a change listed in the 23.7.11 log that, in my opinion, could be related:
[system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker)]
I opened this issue as a placeholder in case someone else has encountered this problem.
«
Last Edit: February 21, 2024, 09:09:17 pm by muchacha_grande
»
Logged
JustMeHere
Newbie
Posts: 12
Karma: 0
Re: ACME Challenge HTTP-01 stopped working
«
Reply #1 on:
February 19, 2024, 03:59:20 am »
I've got a problem too. The ACME client on HTTP challenges is not seeing the IP Address of the WAN. Renewal worked on Jan 15 and failed on Feb 15 2024.
I checked the WAN's IP. It is correct, but the logs show the IPs listed below. The format of the log has changed during this time. It must be an update to the client that is an issue. I have 1 WAN port and 4 LAN ports only the two LAN ports configured below are connected. The new client does not appear to see the WAN port.
2024-02-18T21:39:58-05:00 opnsense AcmeClient: using IPv4 address: 192.168.3.1
2024-02-18T21:39:58-05:00 opnsense AcmeClient: using IPv4 address: 192.168.1.1
From when it worked:
2024-01-26T18:38:05 opnsense[2844] AcmeClient: using IPv4 address: 73.88.76.86
2024-01-26T18:38:05 opnsense[2844] AcmeClient: using IPv4 address: 192.168.1.1
Logged
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: ACME Challenge HTTP-01 stopped working
«
Reply #2 on:
February 19, 2024, 05:06:11 pm »
try to manually assign the external IP address in challenge's options
Logged
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: ACME Challenge HTTP-01 stopped working
«
Reply #3 on:
February 19, 2024, 05:29:28 pm »
In my case, according to the log, ACME is detecting the IP correctly.
Logged
tuxlemmi
Newbie
Posts: 8
Karma: 1
Re: ACME Challenge HTTP-01 stopped working
«
Reply #4 on:
February 19, 2024, 06:00:21 pm »
Quote from: bazbaz on February 19, 2024, 05:06:11 pm
try to manually assign the external IP address in challenge's options
this works for my setup.
Thanks
Logged
JustMeHere
Newbie
Posts: 12
Karma: 0
Re: ACME Challenge HTTP-01 stopped working
«
Reply #5 on:
February 19, 2024, 10:46:53 pm »
Quote from: bazbaz on February 19, 2024, 05:06:11 pm
try to manually assign the external IP address in challenge's options
Thanks, this could work, but I'm on a dynamic IP address.
Seems like there's a bug since multiple people are reporting this.
Logged
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: ACME Challenge HTTP-01 stopped working
«
Reply #6 on:
February 21, 2024, 09:08:31 pm »
This problem was addressed on 24.1.2 update
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] ACME Challenge HTTP-01 stopped working
