UTM 9.710-1
Warning e-mail: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
I've seen this problem before and solved it using the steps described in this posting by Pawan:
I solved the problem again this morning by following these steps, but the sad thing is that this problem continues to occur over multiple releases of the UTM. This is apparently an infrequent issue, but once the UTM begins to fail to renew, my experience has been that actions like the above are required to solve the problem. In this case I let it try to renew over the course of 12 days with each attempt failing the same way.
Deleting the CA certificate (that was not expired) and then manually renewing the Let's Encrypt certificate as described by Pawan solves the problem. I wonder if the fault may lie in the UTM's renew_certificate.pl script as this is the component mentioned in both the CA and Let's Encrypt certificate's "i" (show where this object is in use...). Looking at this script I note that it is the one that seems to be responsible for the TOS_UNAVAILABLE error that underlies the [WARN-603] error. I have replaced the URLs with the DELETED in the logs below.
2022:04:16-04:08:02 utm-m letsencrypt[31277]: I Check renewal: renew REF_CaCsrWebseProte (domains: DELETED): certificate valid until May 3 20:54:21 2022 GMT (less than 30 days)
2022:04:16-04:09:02 utm-m letsencrypt[31588]: E Renew certificate: Incorrect response code from ACME server: 500
2022:04:16-04:09:02 utm-m letsencrypt[31588]: E Renew certificate: URL was: https://acme-v02.api.letsencrypt.org/directory
2022:04:16-04:09:02 utm-m letsencrypt[31588]: I Renew certificate: handling CSR REF_CaCsrWebseProte for domain set [DELETED]
2022:04:16-04:09:02 utm-m letsencrypt[31588]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service
2022:04:16-04:09:02 utm-m letsencrypt[31588]: I Renew certificate: sending notification WARN-603
2022:04:16-04:09:02 utm-m letsencrypt[31588]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2022:04:16-04:09:02 utm-m letsencrypt[31588]: I Renew certificate: execution failed
2022:04:16-06:30:02 utm-m letsencrypt[9581]: I Renew certificate: handling CSR REF_CaCsrWebseProte for domain set [DELETED]
2022:04:16-06:30:02 utm-m letsencrypt[9581]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain DELETED --domain DELETED --domain DELETED --domain DELETED
2022:04:16-06:30:26 utm-m letsencrypt[9581]: I Renew certificate: command completed with exit code 0
2022:04:16-06:30:26 utm-m letsencrypt[9581]: I Renew certificate: previous certificate exists, updating from /var/storage/chroot-reverseproxy/var/lib/dehydrated/cert_data/certs/DELETED/fullchain.pem
2022:04:16-06:30:28 utm-m letsencrypt[9581]: I Renew certificate: updated certificate REF_rVEWhVgkNZYk of CSR REF_CaCsrWebseProte
2022:04:16-06:30:28 utm-m letsencrypt[9581]: I Renew certificate: execution completed (CSRs renewed: 1, failed: 0)
This thread was automatically locked due to age.
