Since a long time, my domains in all the hosts I handle (here I’m just picking one) reliably fails at automatic renewal when using dehydrated
under cron. At the same time, it always work fine when run by hand.
I also noticed it doesn’t happen when using the API v1 endpoint.
I contacted the developer of dehydrated, checking if he had ever seen such an error, but he didn’t recognize it and suggested I ask support directly here.
Thank you in advance.
My domain is:
I ran this command:
chronic dehydrated -c
It produced this output:
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local_conf.sh
Processing mentors.debian.net
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Oct 4 23:00:19 2019 GMT Certificate will expire
(Less than 30 days). Renewing!
+ Signing domains...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for mentors.debian.net
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for mentors.debian.net authorization...
+ ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/240758281/7dPHGg (Status 500)
Details:
HTTP/1.1 100 Continue
Expires: Sun, 08 Sep 2019 00:00:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 500 Internal Server Error
Server: nginx
Content-Type: application/problem+json
Content-Length: 119
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001AYMAOW9DT981iF-WbZXsWWoomiWANf6zTo9ZtU8Ir98
Expires: Sun, 08 Sep 2019 00:00:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 08 Sep 2019 00:00:15 GMT
Connection: close
{
"type": "urn:ietf:params:acme:error:serverInternal",
"detail": "Problem getting authorization",
"status": 500
}
My web server is (include version):
apache2 2.4.38
The operating system my web server runs on is (include version):
Debian 10
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
dehydrated 0.6.2-2+deb10u1 (but the latest 0.6.5-1 that doesn’t have any debian patch also shows the same behaviour).