This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt Certificate Generation Failed

I'm trying to set up lets encrypt certificates for my user portal for the first time and am getting an error when trying to create them. This is the log (actual domains/IPs replaced with placeholders):

2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: handling CSR REF_CaCsrRemote for domain set [remote.domain.com]
2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain remote.domain.com
2019:12:20-09:33:21 remote letsencrypt[465]: I Renew certificate: command completed with exit code 256
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "http-01",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": "invalid",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "error": {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ: Timeout during connect (likely firewall problem)",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": 400
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: },
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../nLm_kg",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "token": "ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "validationRecord": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "hostname": "remote.domain.com",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "port": "80",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ],
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressUsed": "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: }
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ]
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: })
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: sending notification WARN-603
2019:12:20-09:33:22 remote letsencrypt[465]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)

 

Can anyone help with this?



This thread was automatically locked due to age.
Parents Reply Children
  • Ok, that brings me to the next problem then. When I change the port to 443 it just doesn't work at all. 

  • Hello Josh,

    that's NOT the userportal you need to change. This is meant be one or more webservers behind the UTM as target for the requests where the token can be placed on to be verified by the let's encrypt machanisms.

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    Sorry but I don't quite understand what you mean. I do not have any additional web servers set up behind the UTM, I just need the certificate for use with the user portal (currently on port 4443). Ideally, I would like the user portal to be accessible externally on 443 so the user does not need to enter a port number in the address. 

    Thanks

    Josh