Certificat renewal failure during secondary validation: Remote PerformValidation RPC failed

hakayova · April 17, 2023, 1:29am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: izlem.duranonline.net

I ran this command: sudo certbot certonly --dry-run -d izlem.duranonline.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Cert is due for renewal, auto-renewing...
Simulating renewal of an existing certificate for izlem.duranonline.net
Performing the following challenges:
http-01 challenge for izlem.duranonline.net
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain izlem.duranonline.net
http-01 challenge for izlem.duranonline.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: izlem.duranonline.net
Type: serverInternal
Detail: During secondary validation: Remote PerformValidation RPC
failed

Unfortunately, an error on the ACME server prevented you from
completing authorization. Please try again later.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): debian 11 bullseye

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

_az · April 17, 2023, 1:31am

I think Let's Encrypt is probably having issues right now. I'd give it some time for the staff to respond and provide an update. Or maybe the problem will subside on its own.

luckysantiago · April 17, 2023, 1:35am

I have 2 servers due for renewal today, and I'm having the same issue, so I think there's an ongoing issue with letsencrypt.

JamesLE · April 17, 2023, 2:23am

Nekit · April 17, 2023, 5:11am

Regardless of this issue, you shouldn't have “servers due for renewal today”, as it is strongly recommended to do the renewal 30 days before the certificate expiration.

luckysantiago · April 17, 2023, 5:27am

Yes, the "due" term is for the task; it doesn't mean or stated that it will expire today.

rg305 · April 17, 2023, 5:30am

Then you should have several weeks to get that task completed
LE recommends "checking" twice a day.

luckysantiago · April 17, 2023, 5:52am

all working good now thanks.

hakayova · April 17, 2023, 9:40pm

Yes, I also confirm that the problem is now solved.

Thanks @JamesLE for the super useful link!

system · May 17, 2023, 9:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.