Thread Info
  • State Not Answered
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 1903 views
  • Users 0 members are here
Options
Suggested

Latest UTM and Let's Encrypt Failures

Exrace

Having issues recently with renewing LE certificates.
For some time, I had a _acme-challenge. TXT record in my UTM firewall domain name.
I don't recall how I got the token, but LE was working fine until this year. Possibly the April changes broke validation using this token as the notes talk about requiring a way to automate adding a challenge record to DNS.

What are others doing to fix this?

Need see if there is a way to create this token at Lets' Encrypt.

The LE log is a bit useless for this:
2024:07:04-00:46:02 xxx letsencrypt[31867]: I Renew certificate: execution failed
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: Incorrect response code from ACME server: 500
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: URL was: acme-v02.api.letsencrypt.org/directory
2024:07:04-08:47:01 xxx letsencrypt[13531]: I Renew certificate: handling CSR REF_CaCsrYellowExt12 for domain set [xxx.domain.com]
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service

Parents Reply
  • 0 in reply to Exrace

    Sorry, now see your response about wget complaining.

    Can you check if you have this:

    esx-fw:/etc/ssl/certs # ls -l /etc/ssl/certs/ | grep ISRG
lrwxrwxrwx 1 root root   16 Jul  7 14:20 0b9bc432.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root   16 Jul  7 14:20 4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root   16 Jul  7 14:20 6187b673.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root   16 Jul  7 14:20 8794b4e3.0 -> ISRG_Root_X2.pem
-rw-r--r-- 1 root root 1982 Aug  8 08:05 ISRG_Root_X1.pem
-rw-r--r-- 1 root root  835 Aug  8 08:05 ISRG_Root_X2.pem

    If I see those timestamps, there must be something running that updates them.

Children
Unfiltered HTML