Action required for v2 validation email

hi
i have received the v2 validation email that mentioned my acme account and several problematic ssl i might have with the new validtion multi server

i don’t block let’s encrypt server that are trying to get to my servers
why do i get this kind of error

Hi,

Which email are you receiving?
Is it about a mutli-VA? Or APIv1 depreciation?

Mutli-VA: ACME v1/v2: Validating challenges from multiple network vantage points

APIv2: you’ll need to make sure you used APIv2 than v1.

Thank you

Same problem here, which began yesterday (February 19th) in all cert issues:

“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “During secondary validation: Invalid response from …”

This is the Multi-VA issue. Please consider open a new thread with default form filled in so we can help you.

Thank you

what do you mean by saying new thread with default form filled?

When you start a new thread in the Help category, the forum software presents the questionnaire below. stevenzhu was asking grudnitzki1 to start a new thread and fill it out.

That doesn’t have much to do with you or this thread, though.

Back to you, I’ve pasted the questionnaire below. Can you fill it out and post it here? And answer the questions stevenzhu posted earlier?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Can you also spilt @grudnitzki1 's post to a new thread?

Thanks😁

I’m using certify the web as client, so I can answer most of these questions

What should I give you?

What did the email you received say?

Hi,

First of all, please attempt to upgrade your CTW client to latest version.

Mutli-VA issue, in your case, generally means you didn’t give enough time for your DNS provider to propergrate your edits to DNS record across all their server. (So the request of challenge query might be inconsistent, which is an issue after Let’s Encrypt enforced mutli-VA)

Which DNS provider did you use? CTW developer said there might be an option for you to set the duration between update your record and request let’s Encrypt validation so that your provider will have enough time to propergrate. (I personally suggest to have a duration of at least 2 minutes)

Hope this will clear some confusion…

Thank you

With CTW im using http chalange and not DNS chalange.

The error I got from you guys was for domains that 1. Are with valid cert for long time now. 2. I am able to regnare new cert with out an issue

Are you able to generate a new certificate after yesterday?
If so, I believe you are good to go. The email only serves as an suggestion that you might have this issue.

Let’s Encrypt actually only turned on the Mutli-VA feature yesterday (Feb 19th) Before that, even if some of the secondary validation failed it won’t give any error message in production environment.

P.S. Most people answering questions in this forum are volunteers. Unless you see an title with “Let’s Encrypt staff”, “Let’s Encrypt engineer”, “Certbot Engineer”, almost all other people are volunteers. (Including moderators)

Thank you

Further to this, I’ll be releasing a new version of Certify The Web (https://certifytheweb.com) with a couple of enhancements especially regarding more options for DNS propagation time (should be v4.1.7), this will be released as soon as it’s ready.

It would be useful to know who the DNS provider is, especially as their nameserver sync is taking more than a minute (the usual default) and that’s useful information for changing our defaults.

I’m still not clear on if @yonicatom got the ACMEv2 email or the multi-perspective validation email.

Ok

Thanks I think it works anyway

Yoni Greenberg | Web Programmer | Minicy Catom

יוני גרינברג | מתכנת Web | מיניסי כתום

yoni@catom.com ** | Tel: +972.4.850.0661 | Fax: +972.4.850.0662 |** www.catom.com

yoni@catom.com ** | טל: 04.850.0661 | פקס: 04.850.0662 |** www.catom.com

I was taking about the multi validation email

Yoni Greenberg | Web Programmer | Minicy Catom

יוני גרינברג | מתכנת Web | מיניסי כתום

yoni@catom.com ** | Tel: +972.4.850.0661 | Fax: +972.4.850.0662 |** www.catom.com

yoni@catom.com ** | טל: 04.850.0661 | פקס: 04.850.0662 |** www.catom.com

Hi,

If you want to be sure, you can try the staging API endpoints and see if there’s any issue.

Thank you

As I was saying, I’m using CTW – so I can’t try the staging

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.