Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

LetsEncrypt failing to renew - Please help!

Hello All,

Version 9.701-6 in HA Cluster mode. Seems that LetsEncrypt are having issues getting the config file from our firewall, or WAF is interfering with this process..

2020:02:17-18:03:02 firewall-1 letsencrypt[29628]: I Renew certificate: handling CSR REF_CaCsrFirewall202 for domain set [firewall.domain.exammple.com]
2020:02:17-18:03:02 firewall-1 letsencrypt[29628]: I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain firewall.domain.exammple.com
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: I Renew certificate: command completed with exit code 256
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "type": "http-01",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "status": "invalid",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "error": {
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "type": "urn:ietf:params:acme:error:connection",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "detail": "Fetching firewall.domain.exammple.com/.../0BXxojXb2QbLCqxs4L49frdIYGgsjfBhs01L3ax3rfI: Connection refused",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "status": 400
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: },
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "url": "acme-v02.api.letsencrypt.org/.../m7qngA",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "token": "0BXxojXb2QbLCqxs4L49frdIYGgsjfBhs01L3ax3rfI",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "validationRecord": [
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: {
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "url": "firewall.domain.exammple.com/.well-known/acme-challenge/0BXxojXb2QbLCqxs4L49frdIYGgsjfBhs01L3ax3rfI",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "hostname": "firewall.domain.exammple.com",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "port": "80",
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "addressesResolved": [
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "1.1.1.1"
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: ],
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: "addressUsed": "1.1.1.1"
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: }
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: ]
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: E Renew certificate: COMMAND_FAILED: })
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: I Renew certificate: sending notification WARN-603
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2020:02:17-18:03:14 firewall-1 letsencrypt[29628]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)
 
 
If anybody has any inputs on this could you please help? (note 1.1.1.1 isn't our real IP and I've redacted our hostname too)
Parents Reply Children
No Data