Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 2558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Letsencrypt certificate is not beeing created

seroal

Hello team,

this was already working before, but stopped working the last time.

Letsencrypt can be enabled successfully, but when creating a cert, this fails.

Now I discovered, that Letsencrypt reads addressesResolved and uses on of the addresses. I did not provide that ipv6 address, but somehow it is being used as "addressUsed". So that makes sense, why it doesn´t work, because this address is not reachable at all. Any ideas, why that is or how to solve this? IPv6 is disabled on the UTM... The connection is VDSL and I saw IPCPv6 in pppoe.log.

Data was anonymized:

2023:03:09-16:45:02 gateway letsencrypt[774]: I Renew certificate: handling CSR REF_CaCsrGatewaywei for domain set [my.domain.com]
2023:03:09-16:45:02 gateway letsencrypt[774]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain my.domain.com
2023:03:09-16:45:16 gateway letsencrypt[774]: I Renew certificate: command completed with exit code 256
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["status"] "invalid"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["error","type"] "urn:ietf:params:acme:error:unauthorized"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["error","detail"] "2001:aaa:aaa:f000::24e: Invalid response from my.domain.com/.../Eg8hBYG6y9T9EC33BBENFxyXBpG9NlWTEjpC3TpkQoo: 204"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["error","status"] 403
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"2001:aaa:aaa:f000::24e: Invalid response from my.domain.com/.../Eg8hBYG6y9T9EC33BBENFxyXBpG9NlWTEjpC3TpkQoo: 204","status":403}
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["url"] "">acme-v02.api.letsencrypt.org/.../PHqPWC"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["token"] "Eg8hBYG6y9T9EJ21BBENFpyXBpG9NlWTEjpC3TpkQoo"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"url"] "">my.domain.com/.../Eg8hBYG6y9T9EC33BBENFxyXBpG9NlWTEjpC3TpkQoo"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"hostname"] "my.domain.com"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"port"] "80"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"addressesResolved",0] "175.xx.22.183"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"addressesResolved",1] "2001:aaa:aaa:f000::24e"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"addressesResolved"] ["175.xx.22.183","2001:aaa:aaa:f000::24e"]
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0,"addressUsed"] "2001:aaa:aaa:f000::24e"
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord",0] {"url":""hostname":"my.domain.com","port":"80","addressesResolved":["175.xx.22.183","2001:aaa:aaa:f000::24e"],"addressUsed":"2001:aaa:aaa:f000::24e"}">my.domain.com/.../Eg8hBYG6y9T9EC33BBENFxyXBpG9NlWTEjpC3TpkQoo","hostname":"my.domain.com","port":"80","addressesResolved":["175.xx.22.183","2001:aaa:aaa:f000::24e"],"addressUsed":"2001:aaa:aaa:f000::24e"}
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validationRecord"] [{"url":"http://my.domain.com/.well-known/acme-challenge/Eg8hBYG6y9T9EC33BBENFxyXBpG9NlWTEjpC3TpkQoo","hostname":"my.domain.com","port":"80","addressesResolved":["175.xx.22.183","2001:aaa:aaa:f000::24e"],"addressUsed":"2001:aaa:aaa:f000::24e"}]
2023:03:09-16:45:16 gateway letsencrypt[774]: E Renew certificate: COMMAND_FAILED: ["validated"] "2023-03-09T15:45:13Z")
2023:03:09-16:45:17 gateway letsencrypt[774]: I Renew certificate: sending notification WARN-603
2023:03:09-16:45:17 gateway letsencrypt[774]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2023:03:09-16:45:17 gateway letsencrypt[774]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)



This thread was automatically locked due to age.
Unfiltered HTML