Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 2712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.702-1 - Letsencrypt renew and create new failed

ipzipzap

Hi,

my Letsencrypt certificates won't renew. I've already tried to disable and enable Letsencrypt, triggering creating a new account, and I also tried to create a new certificate, but new certificates won't get certified either.

Here is the log file:

------------------------------------------------------------------------------------
2020:06:24-18:55:03 remote letsencrypt[11015]: I Renew certificate: handling CSR REF_CaCsrDomains for domain set [remote.domain.de,home.domain.de,autodiscover.domain.de,userportal.domain.de,mail.domain.de,smtp.domain.de]
2020:06:24-18:55:03 remote letsencrypt[11015]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain remote.domain.de --domain home.domain.de --domain autodiscover.domain.de --domain userportal.domain.de --domain mail.domain.de --domain smtp.domain.de
2020:06:24-18:56:01 remote letsencrypt[12271]: E Renew certificate: aborting, failed to acquire an exclusive lock: Resource temporarily unavailable
2020:06:24-18:56:14 remote letsencrypt[11015]: I Renew certificate: command completed with exit code 256
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "type": "http-01",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "status": "invalid",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "error": {
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching home.domain.de:8888/.../f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA: Invalid port in redirect target. Only ports 80 and 443 are supported, not 8888",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "status": 400
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: },
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../rgAEPg",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "token": "f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "validationRecord": [
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: {
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "url": "userportal.domain.de/.../f5N4JXSzIPv6zPf2hIubAa5yJsS6DzPzjpPMberg1NA",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "hostname": "userportal.domain.de",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "port": "80",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "134.255.255.204",
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "2a00:1563:2543:300::5cc"
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ],
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: "addressUsed": "2a00:6422:2345:340::5cc"
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: }
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: ]
2020:06:24-18:56:14 remote letsencrypt[11015]: E Renew certificate: COMMAND_FAILED: })
2020:06:24-18:56:15 remote letsencrypt[11015]: I Renew certificate: sending notification WARN-603
2020:06:24-18:56:15 remote letsencrypt[11015]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2020:06:24-18:56:15 remote letsencrypt[11015]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)
------------------------------------------------------------------------------------


I am running Firmware Version 9.702-1 on a SG115w (Up2Date shows the firmware is up to date and no new available, but I know the 9.703 is out already) and I also rebooted the appliance, too.

Any help would be greatly appreciated!

Thanks in advance!
ipzipzap



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ipzipzap,

    Thank you for reaching out to the Community! 

    Do you have country blocking rules configured on the firewall? or DNAT rule configured on the WAN interface? 

    If yes, please disable the county blocking and DNAT rule temporarily and try to renew the Let's Encrypt certificate. 

    Thanks,

  • 0 in reply to FormerMember

    No, I don't have Country Blocking enabled. And I haven't changed the configuration for over a year now, so I didn't changed the NAT rules. What kind of DNAT rule do you mean?

    cu,

Reply Children
No Data
Unfiltered HTML