Lets encrypt renew stop working

Discussion in 'Installation/Configuration' started by pecka33, Jan 9, 2023.

  1. pecka33

    pecka33 Member

    Hello,

    i have many years dedicated server with lastest version of debian and ispconfig. But in latest days i have a problem with renew my lets encrypt for my domen -before i never had this problem. For this domain i am using lets encrypt about 1 year and working fine. In this days should be renew but this stop working.

    I can not reason why because in latest days a didnt do any change in configuration. I checked error logs too but i am not clever about it.
    I tried to disable and enable lets encrypt for this domain in ispconfig and does not work.

    When i enable it, in my acme error log is

    Code:
    [Mon 09 Jan 2023 05:19:01 PM CET] Running cmd: issue
[Mon 09 Jan 2023 05:19:01 PM CET] _main_domain='keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] _alt_domains='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] Using config home:/root/.acme.sh
[Mon 09 Jan 2023 05:19:01 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 09 Jan 2023 05:19:01 PM CET] DOMAIN_PATH='/root/.acme.sh/keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] Le_NextRenewTime='1673013860'
[Mon 09 Jan 2023 05:19:01 PM CET] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon 09 Jan 2023 05:19:01 PM CET] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon 09 Jan 2023 05:19:01 PM CET] GET
[Mon 09 Jan 2023 05:19:01 PM CET] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon 09 Jan 2023 05:19:01 PM CET] timeout=
[Mon 09 Jan 2023 05:19:01 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:01 PM CET] ret='0'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_NEW_AUTHZ
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Mon 09 Jan 2023 05:19:01 PM CET] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 09 Jan 2023 05:19:01 PM CET] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 09 Jan 2023 05:19:01 PM CET] _on_before_issue
[Mon 09 Jan 2023 05:19:01 PM CET] _chk_main_domain='keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] _chk_alt_domains='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] Le_LocalAddress
[Mon 09 Jan 2023 05:19:01 PM CET] d='keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] Check for domain='keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:01 PM CET] d='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] Check for domain='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:01 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:01 PM CET] d
[Mon 09 Jan 2023 05:19:01 PM CET] _saved_account_key_hash is not changed, skip register account.
[Mon 09 Jan 2023 05:19:01 PM CET] Read key length:4096
[Mon 09 Jan 2023 05:19:01 PM CET] Using pre generated key: /root/.acme.sh/keyweb.cz/keyweb.cz.key.next
[Mon 09 Jan 2023 05:19:01 PM CET] Generate next pre-generate key.
[Mon 09 Jan 2023 05:19:01 PM CET] Use length 4096
[Mon 09 Jan 2023 05:19:01 PM CET] Using RSA: 4096
[Mon 09 Jan 2023 05:19:02 PM CET] _createcsr
[Mon 09 Jan 2023 05:19:02 PM CET] Multi domain='DNS:keyweb.cz,DNS:www.keyweb.cz'
[Mon 09 Jan 2023 05:19:02 PM CET] Getting domain auth token for each domain
[Mon 09 Jan 2023 05:19:02 PM CET] d='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:02 PM CET] d
[Mon 09 Jan 2023 05:19:02 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 09 Jan 2023 05:19:02 PM CET] payload='{"identifiers": [{"type":"dns","value":"keyweb.cz"},{"type":"dns","value":"www.keyweb.cz"}]}'
[Mon 09 Jan 2023 05:19:02 PM CET] RSA key
[Mon 09 Jan 2023 05:19:02 PM CET] HEAD
[Mon 09 Jan 2023 05:19:02 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 09 Jan 2023 05:19:02 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -I  '
[Mon 09 Jan 2023 05:19:03 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:03 PM CET] POST
[Mon 09 Jan 2023 05:19:03 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 09 Jan 2023 05:19:03 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:03 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:03 PM CET] code='201'
[Mon 09 Jan 2023 05:19:03 PM CET] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/303443390/157824896087'
[Mon 09 Jan 2023 05:19:03 PM CET] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/303443390/157824896087'
[Mon 09 Jan 2023 05:19:03 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/193831790547'
[Mon 09 Jan 2023 05:19:03 PM CET] payload
[Mon 09 Jan 2023 05:19:03 PM CET] POST
[Mon 09 Jan 2023 05:19:03 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/193831790547'
[Mon 09 Jan 2023 05:19:03 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:04 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:04 PM CET] code='200'
[Mon 09 Jan 2023 05:19:04 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/193831790557'
[Mon 09 Jan 2023 05:19:04 PM CET] payload
[Mon 09 Jan 2023 05:19:04 PM CET] POST
[Mon 09 Jan 2023 05:19:04 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/193831790557'
[Mon 09 Jan 2023 05:19:04 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:04 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:04 PM CET] code='200'
[Mon 09 Jan 2023 05:19:04 PM CET] d='keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] Getting webroot for domain='keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] _w='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg","token":"4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4"'
[Mon 09 Jan 2023 05:19:04 PM CET] token='4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4'
[Mon 09 Jan 2023 05:19:04 PM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:04 PM CET] keyauthorization='4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c'
[Mon 09 Jan 2023 05:19:04 PM CET] dvlist='keyweb.cz#4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg#http-01#/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] d='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] Getting webroot for domain='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] _w='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg","token":"ox2xsNShRuhNd2gazk3ZYGi1jcBlBxS0ocHG5MEqpA4"'
[Mon 09 Jan 2023 05:19:04 PM CET] token='ox2xsNShRuhNd2gazk3ZYGi1jcBlBxS0ocHG5MEqpA4'
[Mon 09 Jan 2023 05:19:04 PM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg'
[Mon 09 Jan 2023 05:19:04 PM CET] keyauthorization='ox2xsNShRuhNd2gazk3ZYGi1jcBlBxS0ocHG5MEqpA4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c'
[Mon 09 Jan 2023 05:19:04 PM CET] dvlist='www.keyweb.cz#ox2xsNShRuhNd2gazk3ZYGi1jcBlBxS0ocHG5MEqpA4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg#http-01#/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] d
[Mon 09 Jan 2023 05:19:04 PM CET] vlist='keyweb.cz#4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg#http-01#/usr/local/ispconfig/interface/acme,www.keyweb.cz#ox2xsNShRuhNd2gazk3ZYGi1jcBlBxS0ocHG5MEqpA4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c#https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg#http-01#/usr/local/ispconfig/interface/acme,'
[Mon 09 Jan 2023 05:19:04 PM CET] d='keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] d='www.keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] ok, let's start to verify
[Mon 09 Jan 2023 05:19:04 PM CET] Verifying: keyweb.cz
[Mon 09 Jan 2023 05:19:04 PM CET] d='keyweb.cz'
[Mon 09 Jan 2023 05:19:04 PM CET] keyauthorization='4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4.FCjIrbqK5J_GXiJOeDfPyUtNNf_fYcPcnX0zh0PQx7c'
[Mon 09 Jan 2023 05:19:04 PM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:04 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Mon 09 Jan 2023 05:19:04 PM CET] wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
[Mon 09 Jan 2023 05:19:04 PM CET] writing token:4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4 to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4
[Mon 09 Jan 2023 05:19:04 PM CET] Changing owner/group of .well-known to ispconfig:ispconfig
[Mon 09 Jan 2023 05:19:04 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:04 PM CET] payload='{}'
[Mon 09 Jan 2023 05:19:04 PM CET] POST
[Mon 09 Jan 2023 05:19:04 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:04 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:05 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:05 PM CET] code='200'
[Mon 09 Jan 2023 05:19:05 PM CET] trigger validation code: 200
[Mon 09 Jan 2023 05:19:05 PM CET] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 09 Jan 2023 05:19:05 PM CET] sleep 2 secs to verify again
[Mon 09 Jan 2023 05:19:07 PM CET] checking
[Mon 09 Jan 2023 05:19:07 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:07 PM CET] payload
[Mon 09 Jan 2023 05:19:07 PM CET] POST
[Mon 09 Jan 2023 05:19:07 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:07 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:08 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:08 PM CET] code='200'
[Mon 09 Jan 2023 05:19:08 PM CET] keyweb.cz:Verify error:2a02:2b88:1:4::16: Invalid response from http://keyweb.cz/.well-known/acme-challenge/4bWIMAXmHJV1CGMOhaRcLGuqQ2zW-k9AUrIqggXmMK4: 404
[Mon 09 Jan 2023 05:19:08 PM CET] pid
[Mon 09 Jan 2023 05:19:08 PM CET] No need to restore nginx, skip.
[Mon 09 Jan 2023 05:19:08 PM CET] _clearupdns
[Mon 09 Jan 2023 05:19:08 PM CET] dns_entries
[Mon 09 Jan 2023 05:19:08 PM CET] skip dns.
[Mon 09 Jan 2023 05:19:08 PM CET] _on_issue_err
[Mon 09 Jan 2023 05:19:08 PM CET] Please check log file for more details: /var/log/ispconfig/acme.log
[Mon 09 Jan 2023 05:19:08 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:08 PM CET] payload='{}'
[Mon 09 Jan 2023 05:19:08 PM CET] POST
[Mon 09 Jan 2023 05:19:08 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790547/Io5yTg'
[Mon 09 Jan 2023 05:19:08 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:08 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:08 PM CET] code='400'
[Mon 09 Jan 2023 05:19:08 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg'
[Mon 09 Jan 2023 05:19:08 PM CET] payload='{}'
[Mon 09 Jan 2023 05:19:08 PM CET] POST
[Mon 09 Jan 2023 05:19:08 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/193831790557/KrlWMg'
[Mon 09 Jan 2023 05:19:08 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 09 Jan 2023 05:19:09 PM CET] _ret='0'
[Mon 09 Jan 2023 05:19:09 PM CET] code='200'
     
    pecka33, Jan 9, 2023
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I wonder why it mentions the ispconfig CP SSL cert. Is it possible that you are using the wrong hostname for the system? The hostname must be a subdomain (like server1.example.com) and not a domain like example.com because when you create a website in ISPConfig for this domain, SSL renewal will fail.
     
    till, Jan 9, 2023
    #2
  3. pecka33

    pecka33 Member

    Thank you. I dont think so, i have conficured hostiname same as you wrote, more than 2 years and all the time working fine.
    I tried to renew lets encrypt for domain keyweb.cz as you can see in error log.
    At last, can be this problem because i have set AAAA record for my domain?
     
    pecka33, Jan 9, 2023
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    ok, that's good.

    This might be the case. Have you tested that IPv6 access is really working? If not, it might be that Let#s encrypt tries to reach your system on IPv6 and fails.
     
    till, Jan 9, 2023
    #4
  5. pecka33

    pecka33 Member

    Thank you till. I remove AAAA records for my domain and now is renew of my ssl working.

    Have a great day!
     
    pecka33, Jan 9, 2023
    #5
    ahrasis likes this.

Share This Page