Page 1 of 1

SSL Stoped auto renew

Posted: Wed 15. Mar 2023, 22:59
by Nikitaidis
Hello

All SSL Stoped renew 'all SSL expired' for all domains under all users.
----------------------------------------------------

Full response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"x.x.x.x: Fetching https:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I: Timeout during connect (likely firewall problem)","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/210895207117\/-NQ18Q","token":"xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","validationRecord":[{"url":"http:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"80","addressesResolved":["x.x.x.x","2605:a142:2110:6322::1"],"addressUsed":"2605:a142:2110:6322::1"},{"url":"http:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"80","addressesResolved":["x.x.x.x","2605:a142:2110:6322::1"],"addressUsed":"x.x.x.x"},{"url":"https:\/\/hledambyt-bilina.cz\/.well-known\/acme-challenge\/xxorTIHiTidXMf1lYhwV0m1KT8-obVxVqAL1Dgbf13I","hostname":"hledambyt-bilina.cz","port":"443","addressesResolved":["154.53.32.10","2605:a142:2110:6322::1"],"addressUsed":"2605:a142:2110:6322::1"}],"validated":"2023-03-14T23:08:34Z"}
[15-Mar-2023 00:08:58] INFO | check domain "www.hledambyt-bilina.cz'
[15-Mar-2023 00:08:58] INFO | certificate is valid until 2023-02-28 21:17:29 (0 days left)
[15-Mar-2023 00:08:58] INFO | certificate is in renewal period
[15-Mar-2023 00:08:58] INFO | renew cert
[15-Mar-2023 00:08:58] INFO | Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (PRODUCTION).
[15-Mar-2023 00:08:58] INFO | Getting endpoint URLs.
[15-Mar-2023 00:08:58] INFO | Account "bonvulux" already registered. Continue.
[15-Mar-2023 00:08:58] INFO | Requesting Key ID.
[15-Mar-2023 00:08:58] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[15-Mar-2023 00:08:59] INFO | Start certificate generation.
[15-Mar-2023 00:08:59] INFO | Delete old token "/home/keyhelp/www/.well-known/acme-challenge/6qy47TWGCaIlJIfhAz6cydgY0Mh0ckChzMt12x9m4L4".
[15-Mar-2023 00:08:59] INFO | Token stored at: /home/keyhelp/www/.well-known/acme-challenge/local-check-6410fe8b460199.02676695
[15-Mar-2023 00:08:59] INFO | Local resolving checks of domains successfully completed.
[15-Mar-2023 00:08:59] INFO | Requesting challenges for domain "www.hledambyt-bilina.cz".
[15-Mar-2023 00:08:59] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-order".
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 0895297417".
[15-Mar-2023 00:09:00] INFO | Start authorization process for "www.hledambyt-bilina.cz".
[15-Mar-2023 00:09:00] INFO | Deploy challenge.
[15-Mar-2023 00:09:00] INFO | Token stored at: /home/keyhelp/www/.well-known/acme-challenge/FQMdVcGFVow17_jt4xHeLvl7oG4nQOZqzNIuZLBNaXc
[15-Mar-2023 00:09:00] INFO | Notify CA that the challenge is ready.
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:00] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:01] INFO | Waiting for verification...
[15-Mar-2023 00:09:03] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:03] INFO | Waiting for verification...
[15-Mar-2023 00:09:05] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:05] INFO | Waiting for verification...
[15-Mar-2023 00:09:07] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:07] INFO | Waiting for verification...
[15-Mar-2023 00:09:09] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:10] INFO | Waiting for verification...
[15-Mar-2023 00:09:12] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:12] INFO | Waiting for verification...
[15-Mar-2023 00:09:14] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:14] INFO | Waiting for verification...
[15-Mar-2023 00:09:16] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:16] INFO | Waiting for verification...
[15-Mar-2023 00:09:18] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:18] INFO | Waiting for verification...
[15-Mar-2023 00:09:20] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:21] INFO | Waiting for verification...
[15-Mar-2023 00:09:23] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:23] INFO | Waiting for verification...
[15-Mar-2023 00:09:25] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 417/zaaYzQ".
[15-Mar-2023 00:09:25] ERROR | a Let's Encrypt error occurred: Verification ended with an error.
Details: x.x.x.x: Fetching https://www.hledambyt-bilina.cz/.well-k ... NIuZLBNaXc: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
=========================================================

Re: SSL Stoped auto renew

Posted: Wed 15. Mar 2023, 23:55
by ShortSnow
Hi,

it seems that Let'sEncrypt can't reach your server:

Code: Select all

Timeout during connect (likely firewall problem)
Let'sEncrypt can't open https://www.hledambyt-bilina.cz/.well-k ... NIuZLBNaXc. My test with ipv4 the URL is reachable and that's good.

Maybe you blocked LE in your firewall or you have something missconfigured and fail2ban block it.

Bye Arne

Re: SSL Stoped auto renew

Posted: Thu 16. Mar 2023, 00:11
by george
Nikitaidis, read this post, may help with testing and solving...
viewtopic.php?p=39952#p39952

I needed to disable any HTTPS redirects in apache to make it work again.

Re: SSL Stoped auto renew

Posted: Thu 16. Mar 2023, 23:54
by Nikitaidis
george wrote: Thu 16. Mar 2023, 00:11 Nikitaidis, read this post, may help with testing and solving...
viewtopic.php?p=39952#p39952

I needed to disable any HTTPS redirects in apache to make it work again.
Thank you for your answer...
i add it (#) in /etc/apache2/keyhelp/keyhelp.conf
# Redirect / https://host.domain.com/
===========

Re: SSL Stoped auto renew

Posted: Fri 17. Mar 2023, 01:20
by ShortSnow
www.hledambyt-bilina.cz/hledambyt-bilina.cz haven't actually a DNS. Yesterday it have. :shock:

If you have the problem frequently, SSL cannot work.

Greeting Arne

Re: SSL Stoped auto renew

Posted: Fri 17. Mar 2023, 08:01
by Nikitaidis
ShortSnow wrote: Fri 17. Mar 2023, 01:20 www.hledambyt-bilina.cz/hledambyt-bilina.cz haven't actually a DNS. Yesterday it have. :shock:

If you have the problem frequently, SSL cannot work.

Greeting Arne
Thank you Anne for your answer.
yes i know it but i have many other domains..

- also firewall its loaded to default rules ...

=====================

Re: SSL Stoped auto renew  [SOLVED]

Posted: Fri 17. Mar 2023, 11:13
by Florian
Hello,


your IPv6 address is not reachable, thats why LE cannot reach the server.