acme not working anymore (since 21 Dec 2023)

Started by rudiratlos63, February 02, 2024, 11:50:18 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 10, 2024, 01:44:09 PM #15 Last Edit: February 10, 2024, 08:34:41 PM by Fright
@ Hi
Hm
I tried it on 24.1 (with a small HttpOpnsense.php-patch (pr#3813) to get the interface address, but this is not your case if the address is already displayed in the log) - everything works as expected ..
QuoteI have it disabled already. Since a long time ago.
but something still redirects token request to https?
Code Select
Fetching https://example.com/.well-known/acme-challenge/EREIaZNm_HFsxaz64fDfizrzUVKeGQ_0CPtkZYHmEmE: Timeout during connect
February 12, 2024, 06:30:07 PM #16
The interface address has been got correctly, I just obfuscated that.

Before switching to DNS-01 challenge I tried to renew the certificates a couple of times and I could see the requests on Nginx log. Then Nginx responded with a 302 code. I could not see the details of the response but the log showed a 302 code (temporary redirection).
February 12, 2024, 07:05:59 PM #17
ah. so the initial request is processed by nginx..
Probably "HTTPS Only" is set in the server settings in nginx.
the request is redirected to HTTPS (with 302 code).
then, if the "Enable Let's Encrypt Plugin Support" server settings are enabled, the request for /.well-known/acme-challenge/* should be sent to the acme lighttpd instance (https://github.com/opnsense/plugins/blob/cab29219d7fb43bc77bbffd8224a8a2cddb59b22/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L253-L260).
there must be something more in the logs (access or errors) on nginx
February 13, 2024, 11:34:25 PM #18
@Fright, I tried to renew a certificate using HTTP-01 to catch the logs and look for clues based on your advice, but ACME skipped the HTTP-01 verification because the domain is already verified, so I couldn't see the complete process.
February 17, 2024, 04:34:07 PM #19
Same issue here :(
I can't even register any new certificate with the same challenge - I am getting the same errors.

Anybody?
Marek
February 17, 2024, 05:23:56 PM #20
Here is what I see in my syslog and what started in Dec 2023:



Any suggestion on how to troubleshoot would be greatly appreciated.
Marek
February 20, 2024, 03:37:54 PM #21 Last Edit: February 20, 2024, 03:39:41 PM by ilfalti
Hi, problem solved with 24.1.2
(os-acme-client 4.1)
Print
Go Up Pages 1 2
User actions