OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • acme not working anymore (since 21 Dec 2023)
« previous next »
  • Print
Pages: 1 [2]

Author Topic: acme not working anymore (since 21 Dec 2023)  (Read 4424 times)

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #15 on: February 10, 2024, 01:44:09 pm »
@ Hi
Hm
I tried it on 24.1 (with a small HttpOpnsense.php-patch (pr#3813) to get the interface address, but this is not your case if the address is already displayed in the log) - everything works as expected ..
Quote
I have it disabled already. Since a long time ago.
but something still redirects token request to https?
Code: [Select]
Fetching https://example.com/.well-known/acme-challenge/EREIaZNm_HFsxaz64fDfizrzUVKeGQ_0CPtkZYHmEmE: Timeout during connect
« Last Edit: February 10, 2024, 08:34:41 pm by Fright »
Logged

muchacha_grande

  • Full Member
  • ***
  • Posts: 219
  • Karma: 19
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #16 on: February 12, 2024, 06:30:07 pm »
The interface address has been got correctly, I just obfuscated that.

Before switching to DNS-01 challenge I tried to renew the certificates a couple of times and I could see the requests on Nginx log. Then Nginx responded with a 302 code. I could not see the details of the response but the log showed a 302 code (temporary redirection).
Logged

Fright

  • Hero Member
  • *****
  • Posts: 1777
  • Karma: 164
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #17 on: February 12, 2024, 07:05:59 pm »
ah. so the initial request is processed by nginx..
Probably "HTTPS Only" is set in the server settings in nginx.
the request is redirected to HTTPS (with 302 code).
then, if the "Enable Let's Encrypt Plugin Support" server settings are enabled, the request for /.well-known/acme-challenge/* should be sent to the acme lighttpd instance (https://github.com/opnsense/plugins/blob/cab29219d7fb43bc77bbffd8224a8a2cddb59b22/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L253-L260).
there must be something more in the logs (access or errors) on nginx
Logged

muchacha_grande

  • Full Member
  • ***
  • Posts: 219
  • Karma: 19
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #18 on: February 13, 2024, 11:34:25 pm »
@Fright, I tried to renew a certificate using HTTP-01 to catch the logs and look for clues based on your advice, but ACME skipped the HTTP-01 verification because the domain is already verified, so I couldn't see the complete process.
Logged

MarekWojtaszek

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #19 on: February 17, 2024, 04:34:07 pm »
Same issue here :(
I can't even register any new certificate with the same challenge - I am getting the same errors.

Anybody?
Marek
Logged

MarekWojtaszek

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #20 on: February 17, 2024, 05:23:56 pm »
Here is what I see in my syslog and what started in Dec 2023:



Any suggestion on how to troubleshoot would be greatly appreciated.
Marek
Logged

ilfalti

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: acme not working anymore (since 21 Dec 2023)
« Reply #21 on: February 20, 2024, 03:37:54 pm »
Hi, problem solved with 24.1.2
(os-acme-client 4.1)
« Last Edit: February 20, 2024, 03:39:41 pm by ilfalti »
Logged
  • Print
Pages: 1 [2]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • acme not working anymore (since 21 Dec 2023)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2