Hi,
my Letsencrypt certificates won't renew. I've already tried to disable and enable Letsencrypt, triggering creating a new account, and I also tried to create a new certificate, but new certificates won't get certified either.
Here is the log file:
------------------------------------------------------------------------------------ 2020:06:24-18:55:03 remote letsencrypt[11015]: I Renew certificate: handling CSR REF_CaCsrDomains for domain set [remote.domain.de,home.domain.de,autodiscover.domain.de,userportal.domain.de,mail.domain.de,smtp.domain.de] 2020:06:24-18:55:03 remote letsencrypt[11015]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain remote.domain.de --domain home.domain.de --domain autodiscover.domain.de --domain userportal.domain.de --domain mail.domain.de --domain smtp.domain.de 2020:06:24-18:56:01 remote letsencrypt[12271]: E Renew certificate: aborting, failed to acquire an exclusive lock: Resource temporarily unavailable 2020:06:24-18:56:14 remote letsencrypt[11015]: I Renew certificate: command completed with exit code 256 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: { 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "type": "http-01", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "status": "invalid", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "error": { 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching home.domain.de:8888/.../f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA: Invalid port in redirect target. Only ports 80 and 443 are supported, not 8888", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "status": 400 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: }, 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../rgAEPg", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "token": "f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "validationRecord": [ 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: { 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "url": "userportal.domain.de/.../f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "hostname": "userportal.domain.de", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "port": "80", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [ 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "134.255.255.204", 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "2a00:1563:2543:300::5cc" 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ], 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "addressUsed": "2a00:6422:2345:340::5cc" 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: } 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ] 2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: }) 2020:06:24-18:56:15 remote letsencrypt[11015]: I Renew certificate: sending notification WARN-603 2020:06:24-18:56:15 remote letsencrypt[11015]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service 2020:06:24-18:56:15 remote letsencrypt[11015]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1) ------------------------------------------------------------------------------------
I am running Firmware Version 9.702-1 on a SG115w (Up2Date shows the firmware is up to date and no new available, but I know the 9.703 is out already) and I also rebooted the appliance, too.Any help would be greatly appreciated!Thanks in advance!ipzipzap
Hi ipzipzap,
Thank you for reaching out to the Community!
Do you have country blocking rules configured on the firewall? or DNAT rule configured on the WAN interface?
If yes, please disable the county blocking and DNAT rule temporarily and try to renew the Let's Encrypt certificate.
Thanks,
No, I don't have Country Blocking enabled. And I haven't changed the configuration for over a year now, so I didn't changed the NAT rules. What kind of DNAT rule do you mean?
cu,
OK, I just tried and enabled/disabled the country blocking and disabled my two NAT rules (for port 666 and 993), but I am still getting the error
aborting, failed to acquire an exclusive lock: Resource temporarily unavailable
Unfortunately I don't have any other ideas.
cu,ipzipzap
You have IPv6 enabled.
Afaik UTM still has some problems with renewing LE via IPv6 (at least on my virtual UTM at german hoster Hetzner).
So try to temporarily disable IPv6 completely (Interfaces & routing -> IPv6), then start a renewal and if successful re-enable IPv6.
----------Sophos user, admin and reseller.Private Setup:
Thanks. I disabled IPv6, but it still won't renew or create any certificate. I am still getting the exclusive lock error.
:-(