Authorization error out of nowhere

I run Redmine using Bitnami on a Debian server. It's been secured with a Let's Encrypt cert via lego for a long time now. It's using Apache 2.4.43.

It seems some time in the last few weeks the renewal has started failing with some kind of authorization error that I can't decipher.

I run the same commands I usually do:

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="mail@mydomain.com" --domains="mydomain.com" --path="/opt/bitnami/letsencrypt" renew
sudo /opt/bitnami/ctlscript.sh start

It produced this output, with some information redacted:

2022/05/04 02:11:26 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2022/05/04 02:11:26 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1000000000
2022/05/04 02:11:26 [INFO] [mydomain.com] acme: use tls-alpn-01 solver
2022/05/04 02:11:26 [INFO] [mydomain.com] acme: Trying to solve TLS-ALPN-01
2022/05/04 02:11:33 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1000000000000
2022/05/04 02:11:33 error: one or more domains had a problem:
[mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url

I can find quite a few references to the same error but none seem to be relevant as far as I can tell. Also unclear why this just started happening but it's possible it's to do with some changes at our end.

Make sure all the names still point to your IP address.
[if any one of them points elsewhere, that will cause a failure]

2 Likes

OK, it seems this was related to some changes made to our DNS settings. Indeed, there was not the correct entry for the domain. Thanks for the suggestion.

2 Likes