This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt Certificate Generation Failed

I'm trying to set up lets encrypt certificates for my user portal for the first time and am getting an error when trying to create them. This is the log (actual domains/IPs replaced with placeholders):

2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: handling CSR REF_CaCsrRemote for domain set [remote.domain.com]
2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain remote.domain.com
2019:12:20-09:33:21 remote letsencrypt[465]: I Renew certificate: command completed with exit code 256
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "http-01",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": "invalid",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "error": {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ: Timeout during connect (likely firewall problem)",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": 400
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: },
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../nLm_kg",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "token": "ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "validationRecord": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "hostname": "remote.domain.com",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "port": "80",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ],
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressUsed": "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: }
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ]
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: })
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: sending notification WARN-603
2019:12:20-09:33:22 remote letsencrypt[465]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)

 

Can anyone help with this?



This thread was automatically locked due to age.
Parents
  • Hi  

    Does your UTM have a Public IP on WAN Interface or a private IP from ISP or upstream device?

    When Let's Encrypt service in the UTM is activated, it will generate a token for the domain which needs to be verified by Let's Encrypt server. So when the server initiates a connection and tries to search for the specific path for the token, it would retrieve it and mark it successful. In your case, the server is not able to fetch the token.

    Regards

    Jaydeep

  • The UTM has a public IP address on the interface which is the one given by my ISP - it's just the external address for my network. 

Reply Children
No Data