Acme.sh doesn't work anymore, can't renew cert

zmi · June 27, 2017, 7:12am

Hostname: transfer.viennapaint.com
I have a host which runs acme.sh from crontab, and didn’t renew the cert. Now it’s outdated, and I tried manually:

/backup/scripts_multihost/.acme.sh/acme.sh --home /backup/scripts_multihost/.acme.sh/ --issue -d transfer.viennapaint.com -w /www/viennapaint.com.transfer/ --staging --log --debug 2

I will attach the log. It’s an apache server on SLES12.0.

zmi · June 27, 2017, 7:25am

/backup/scripts_multihost/.acme.sh/acme.sh --home /backup/scripts_multihost/.acme.sh/ --issue -d transfer.viennapaint.com -w /www/viennapaint.com.transfer/ --staging --log

[Tue Jun 27 09:22:25 CEST 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Tue Jun 27 09:22:25 CEST 2017] Single domain=‘transfer.viennapaint.com’
[Tue Jun 27 09:22:25 CEST 2017] Getting domain auth token for each domain
[Tue Jun 27 09:22:25 CEST 2017] Getting webroot for domain=‘transfer.viennapaint.com’
[Tue Jun 27 09:22:25 CEST 2017] Getting new-authz for domain=‘transfer.viennapaint.com’
[Tue Jun 27 09:22:26 CEST 2017] The new-authz request is ok.
[Tue Jun 27 09:22:27 CEST 2017] Verifying:transfer.viennapaint.com
[Tue Jun 27 09:22:30 CEST 2017] transfer.viennapaint.com:Verify error:Fetching https://transfer.viennapaint.com.well-known/acme-challenge/Tvi6breVivSmrp2P1uVbYdvI97vTe4vOrCJDRaanUZE: Error getting validation data
[Tue Jun 27 09:22:30 CEST 2017] Please check log file for more details: /backup/scripts_multihost/.acme.sh//acme.sh.log

the full debug2 output is here: http://owncloud.zmi.at/index.php/s/C1yuFCqe2YFZGCN

sahsanu · June 27, 2017, 12:40pm

Hi @zmi,

You have a redirection from https to http and that is strange but that is not the problem, the problem is that you forgot to add a / at the end of your Apache redirection/rewrite rule (whatever you are using) so when your site is checked, instead of:

http://transfer.viennapaint.com/.well-known/acme-challenge/whatever

it receives this

http://transfer.viennapaint.com.well-known/acme-challenge/whatever

Example:

curl -IkL https://transfer.viennapaint.com/.well-known/acme-challenge/whatever
HTTP/1.1 302 Found
Date: Tue, 27 Jun 2017 12:39:03 GMT
Server: Apache/2.4.10 (Linux/SUSE)
Location: http://transfer.viennapaint.com.well-known/acme-challenge/whatever
Connection: close
Content-Type: text/html; charset=iso-8859-1

curl: (6) Couldn't resolve host 'transfer.viennapaint.com.well-known'

So the domain can’t be resolved because it is wrong.

Cheers.
sahsanu

zmi · June 29, 2017, 5:14am

Good catch, thank you. I reported it to the webmaster.

system · July 29, 2017, 5:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.