404 Expired authorization

On one system (mon.stolaf.edu) with an LE cert that is about 70 days old, I am getting: mon.stolaf.edu:Challenge error: {“type”:“urn:acme:error:malformed”,“detail”:“Expired authorization”,“status”: 404} when I run acme.sh --renew -d mon.stolaf.edu. We are using manual DNS mode and acme.sh 2.6.5.

We have a few other systems where I was able to renew the certificate when the certificate was also about 70 days old. What is different about this installation?

The lifetime for new authorizations has been decreased, see this post for details. I think it might be something like 30 or 60 days right now, it’ll probably be something like 7 days eventually.

Basically, you’ll need to be prepared to solve a new challenge for each renewal. Perhaps you can use something like acme-dns to automate the DNS challenge in your environment, if you feel like that’ll save time compared to doing it manually once every 3 months.

Any clues why one system was different than another (the other system, where the renewal worked, actually had a cert that was a few days older)?

There are still some authorizations in the system from when the expiration used to be 10 months. Perhaps you first issued a certificate for that domain name back then, and that authorization was still valid.

That’s probably it then. Thanks for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.