This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt Certificate Generation Failed

I'm trying to set up lets encrypt certificates for my user portal for the first time and am getting an error when trying to create them. This is the log (actual domains/IPs replaced with placeholders):

2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: handling CSR REF_CaCsrRemote for domain set [remote.domain.com]
2019:12:20-09:33:02 remote letsencrypt[465]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain remote.domain.com
2019:12:20-09:33:21 remote letsencrypt[465]: I Renew certificate: command completed with exit code 256
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "http-01",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": "invalid",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "error": {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ: Timeout during connect (likely firewall problem)",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "status": 400
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: },
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../nLm_kg",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "token": "ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "validationRecord": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: {
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "url": "remote.domain.com/.../ipM_zY4XPqCtV8KPSAPmOrX61DQ2MYSvvHDutyc0ubQ",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "hostname": "remote.domain.com",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "port": "80",
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ],
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: "addressUsed": "111.111.111.111"
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: }
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: ]
2019:12:20-09:33:21 remote letsencrypt[465]: E Renew certificate: COMMAND_FAILED: })
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: sending notification WARN-603
2019:12:20-09:33:22 remote letsencrypt[465]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2019:12:20-09:33:22 remote letsencrypt[465]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)

 

Can anyone help with this?



This thread was automatically locked due to age.
Parents
  • I've fixed this now. There was a DNAT rule pointing all external HTTP/HTTPS traffic to a local host that didn't exist. After turning this off the user portal worked fine on port 443 and the certificate was generated. 

Reply
  • I've fixed this now. There was a DNAT rule pointing all external HTTP/HTTPS traffic to a local host that didn't exist. After turning this off the user portal worked fine on port 443 and the certificate was generated. 

Children
No Data