SSL Stoped auto renew  [SOLVED]

Have you discovered a bug? Tell us about it.
Post Reply
Nikitaidis
Posts: 44
Joined: Sun 28. Apr 2019, 13:59

SSL Stoped auto renew

Post by Nikitaidis »

Hello

All SSL Stoped renew 'all SSL expired' for all domains under all users.
----------------------------------------------------

Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"x.x.x.x: Fetching https:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I: Timeout during connect (likely firewall problem)","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/210895207117\/-NQ18Q","token":"xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","validationRecord":[{"url":"http:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"80","addressesResolved":["x.x.x.x","2605:a142:2110:6322::1"],"addressUsed":"2605:a142:2110:6322::1"},{"url":"http:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"80","addressesResolved":["x.x.x.x","2605:a142:2110:6322::1"],"addressUsed":"x.x.x.x"},{"url":"https:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"443","addressesResolved":["154.53.32.10","2605:a142:2110:6322::1"],"addressUsed":"2605:a142:2110:6322::1"}],"validated":"2023-03-14T23:08:34Z"}
[15-Mar-2023 00:08:58] INFO | check domain "www.hledambyt-bilina.cz'
[15-Mar-2023 00:08:58] INFO | certificate is valid until 2023-02-28 21:17:29 (0 days left)
[15-Mar-2023 00:08:58] INFO | certificate is in renewal period
[15-Mar-2023 00:08:58] INFO | renew cert
[15-Mar-2023 00:08:58] INFO | Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (PRODUCTION).
[15-Mar-2023 00:08:58] INFO | Getting endpoint URLs.
[15-Mar-2023 00:08:58] INFO | Account "bonvulux" already registered. Continue.
[15-Mar-2023 00:08:58] INFO | Requesting Key ID.
[15-Mar-2023 00:08:58] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[15-Mar-2023 00:08:59] INFO | Start certificate generation.
[15-Mar-2023 00:08:59] INFO | Delete old token "/home/keyhelp/www/.well-known/acme-challenge/6qy47TWGCaIlJIfhAz6cydgY0Mh0ckChzMt12x9m4L4".
[15-Mar-2023 00:08:59] INFO | Token stored at: /home/keyhelp/www/.well-known/acme-challenge/local-check-6410fe8b460199.02676695
[15-Mar-2023 00:08:59] INFO | Local resolving checks of domains successfully completed.
[15-Mar-2023 00:08:59] INFO | Requesting challenges for domain "www.hledambyt-bilina.cz".
[15-Mar-2023 00:08:59] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-order".
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 0895297417".
[15-Mar-2023 00:09:00] INFO | Start authorization process for "www.hledambyt-bilina.cz".
[15-Mar-2023 00:09:00] INFO | Deploy challenge.
[15-Mar-2023 00:09:00] INFO | Token stored at: /home/keyhelp/www/.well-known/acme-challenge/FQMdVcGFVow17_jt4xHeLvl7oG4nQOZqzNIuZLBNaXc
[15-Mar-2023 00:09:00] INFO | Notify CA that the challenge is ready.
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:01] INFO | Waiting for verification...
[15-Mar-2023 00:09:03] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:03] INFO | Waiting for verification...
[15-Mar-2023 00:09:05] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:05] INFO | Waiting for verification...
[15-Mar-2023 00:09:07] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:07] INFO | Waiting for verification...
[15-Mar-2023 00:09:09] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:10] INFO | Waiting for verification...
[15-Mar-2023 00:09:12] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:12] INFO | Waiting for verification...
[15-Mar-2023 00:09:14] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:14] INFO | Waiting for verification...
[15-Mar-2023 00:09:16] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:16] INFO | Waiting for verification...
[15-Mar-2023 00:09:18] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:18] INFO | Waiting for verification...
[15-Mar-2023 00:09:20] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:21] INFO | Waiting for verification...
[15-Mar-2023 00:09:23] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:23] INFO | Waiting for verification...
[15-Mar-2023 00:09:25] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:25] ERROR | a Let's Encrypt error occurred: Verification ended with an error.
Details: x.x.x.x: Fetching https://www.hledambyt-bilina.cz/.well-k ... NIuZLBNaXc: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
=========================================================
Last edited by Nikitaidis on Thu 16. Mar 2023, 23:57, edited 1 time in total.
User avatar
ShortSnow
Posts: 250
Joined: Thu 15. Nov 2018, 00:45

Re: SSL Stoped auto renew

Post by ShortSnow »

Hi,

it seems that Let'sEncrypt can't reach your server:

Code: Select all

Timeout during connect (likely firewall problem)
Let'sEncrypt can't open https://www.hledambyt-bilina.cz/.well-k ... NIuZLBNaXc. My test with ipv4 the URL is reachable and that's good.

Maybe you blocked LE in your firewall or you have something missconfigured and fail2ban block it.

Bye Arne
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: SSL Stoped auto renew

Post by george »

Nikitaidis, read this post, may help with testing and solving...
viewtopic.php?p=39952#p39952

I needed to disable any HTTPS redirects in apache to make it work again.
Nikitaidis
Posts: 44
Joined: Sun 28. Apr 2019, 13:59

Re: SSL Stoped auto renew

Post by Nikitaidis »

george wrote: Thu 16. Mar 2023, 00:11 Nikitaidis, read this post, may help with testing and solving...
viewtopic.php?p=39952#p39952

I needed to disable any HTTPS redirects in apache to make it work again.
Thank you for your answer...
i add it (#) in /etc/apache2/keyhelp/keyhelp.conf
# Redirect / https://host.domain.com/
===========
Last edited by Nikitaidis on Sat 18. Mar 2023, 00:37, edited 2 times in total.
User avatar
ShortSnow
Posts: 250
Joined: Thu 15. Nov 2018, 00:45

Re: SSL Stoped auto renew

Post by ShortSnow »

www.hledambyt-bilina.cz/hledambyt-bilina.cz haven't actually a DNS. Yesterday it have. :shock:

If you have the problem frequently, SSL cannot work.

Greeting Arne
Nikitaidis
Posts: 44
Joined: Sun 28. Apr 2019, 13:59

Re: SSL Stoped auto renew

Post by Nikitaidis »

ShortSnow wrote: Fri 17. Mar 2023, 01:20 www.hledambyt-bilina.cz/hledambyt-bilina.cz haven't actually a DNS. Yesterday it have. :shock:

If you have the problem frequently, SSL cannot work.

Greeting Arne
Thank you Anne for your answer.
yes i know it but i have many other domains..

- also firewall its loaded to default rules ...

=====================
Last edited by Nikitaidis on Sat 18. Mar 2023, 00:36, edited 1 time in total.
User avatar
Florian
Keyweb AG
Posts: 1180
Joined: Wed 20. Jan 2016, 02:28

Re: SSL Stoped auto renew  [SOLVED]

Post by Florian »

Hello,


your IPv6 address is not reachable, thats why LE cannot reach the server.
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Post Reply