Certificate Renewal Error

kf-fantel · February 3, 2020, 11:09am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.kf-fantel.com

I ran this command:# sudo /home/by_/.acme.sh/acme.sh --cron --home /home/by_/.acme.sh

Le_Domain=‘mail.kf-fantel.com’
Le_Alt=‘no’
Le_Webroot=’/var/www/htdocs/roundcubemail-1.2.0’
Le_PreHook=’’
Le_PostHook=’’
Le_RenewHook=’_ACME_BASE64__START_L3Vzci9iaW4vc3VkbyAvdXNyL3NiaW4vbmdpbnggLXMgcmVsb2Fk__ACME_BASE64__END’
Le_Keylength=’’
Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/58329194/2214412098’
Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/58329194/1429845131’
Le_LinkCert=‘https://acme-v02.api.letsencrypt.org/acme/cert/03d3b8ea580cc95c5d75f6c449a2c8887137’
Le_CertCreateTime=‘1572809354’
Le_CertCreateTimeStr=‘Sun Nov 3 19:29:14 UTC 2019’
Le_NextRenewTimeStr=‘Thu Jan 2 19:29:14 UTC 2020’
Le_NextRenewTime=‘1577906954’

[Mon Feb 3 01:08:48 YEKT 2020] ===Starting cron===
[Mon Feb 3 01:08:48 YEKT 2020] Renew: ‘imap.kf-fantel.com’
[Mon Feb 3 01:08:48 YEKT 2020] Skip, Next renewal time is: Sat Feb 29 19:19:12 UTC 2020
[Mon Feb 3 01:08:48 YEKT 2020] Add ‘–force’ to force to renew.
[Mon Feb 3 01:08:48 YEKT 2020] Skipped imap.kf-fantel.com
[Mon Feb 3 01:08:48 YEKT 2020] Renew: ‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] Single domain=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] Getting domain auth token for each domain
[Mon Feb 3 01:08:52 YEKT 2020] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[Mon Feb 3 01:08:52 YEKT 2020] Please check log file for more details: 1.log
[Mon Feb 3 01:08:52 YEKT 2020] Error renew mail.kf-fantel.com.

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

kf-fantel · February 3, 2020, 11:13am

Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order

The server shuts down during certificate creation
and now this error comes out.
How to fix it and reissue the certificate?

JuergenAuer · February 3, 2020, 11:22am

Hi @kf-fantel

please read the link shared in the error message.

kf-fantel · February 3, 2020, 11:56am

Please tell me after how much time you can try to re-issue the certificate?

schoen · February 4, 2020, 12:22am

The answer to this is described in a link mentioned in your error log:

For this particular error, it should be one hour.

kf-fantel · February 4, 2020, 3:59am

A certificate request is made once a day at 0:14 for the past month. It seems to me that the problem is different.

kf-fantel · February 4, 2020, 5:15am

The error is most likely in the failure of the command
Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme

stevenzhu · February 4, 2020, 6:55am

Hi,

As the error message said, OrderFinalize is not available because you’ve had too many failed attempts in the past hour. Since you are using acme.sh, can you try to check for update and run acme.sh renew then share us the full log (if failed)?

Thank you

kf-fantel · February 4, 2020, 7:11am

Here is the log file

[Mon Feb 3 01:08:48 YEKT 2020] di=’/home/by_/.acme.sh/mail.kf-fantel.com/’
[Mon Feb 3 01:08:48 YEKT 2020] d=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:48 YEKT 2020] Using config home:/home/by_/.acme.sh
[Mon Feb 3 01:08:48 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Mon Feb 3 01:08:48 YEKT 2020] DOMAIN_PATH=’/home/by_/.acme.sh/mail.kf-fantel.com’
[Mon Feb 3 01:08:48 YEKT 2020] e[1;32mRenew: ‘mail.kf-fantel.com’e[0m
[Mon Feb 3 01:08:48 YEKT 2020] Le_API
[Mon Feb 3 01:08:48 YEKT 2020] _main_domain=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:48 YEKT 2020] _alt_domains=‘no’
[Mon Feb 3 01:08:48 YEKT 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Feb 3 01:08:48 YEKT 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Feb 3 01:08:48 YEKT 2020] GET
[Mon Feb 3 01:08:48 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/directory’
[Mon Feb 3 01:08:48 YEKT 2020] timeout=
[Mon Feb 3 01:08:48 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Mon Feb 3 01:08:49 YEKT 2020] ret=‘0’
[Mon Feb 3 01:08:49 YEKT 2020] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change’
[Mon Feb 3 01:08:49 YEKT 2020] ACME_NEW_AUTHZ
[Mon Feb 3 01:08:49 YEKT 2020] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Mon Feb 3 01:08:50 YEKT 2020] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct’
[Mon Feb 3 01:08:50 YEKT 2020] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert’
[Mon Feb 3 01:08:50 YEKT 2020] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’
[Mon Feb 3 01:08:50 YEKT 2020] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Mon Feb 3 01:08:50 YEKT 2020] ACME_VERSION=‘2’
[Mon Feb 3 01:08:50 YEKT 2020] Le_NextRenewTime=‘1577906954’
[Mon Feb 3 01:08:50 YEKT 2020] _on_before_issue
[Mon Feb 3 01:08:50 YEKT 2020] _chk_main_domain=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] _chk_alt_domains
[Mon Feb 3 01:08:50 YEKT 2020] Le_LocalAddress
[Mon Feb 3 01:08:50 YEKT 2020] d=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] Check for domain=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] _currentRoot=’/var/www/htdocs/roundcubemail-1.2.0’
[Mon Feb 3 01:08:50 YEKT 2020] d
[Mon Feb 3 01:08:50 YEKT 2020] _saved_account_key_hash is not changed, skip register account.
[Mon Feb 3 01:08:50 YEKT 2020] Read key length:
[Mon Feb 3 01:08:50 YEKT 2020] _createcsr
[Mon Feb 3 01:08:50 YEKT 2020] Single domain=‘mail.kf-fantel.com’
[Mon Feb 3 01:08:50 YEKT 2020] Getting domain auth token for each domain
[Mon Feb 3 01:08:50 YEKT 2020] d
[Mon Feb 3 01:08:50 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Mon Feb 3 01:08:50 YEKT 2020] payload=’{“identifiers”: [{“type”:“dns”,“value”:“mail.kf-fantel.com”}]}’
[Mon Feb 3 01:08:50 YEKT 2020] RSA key
[Mon Feb 3 01:08:50 YEKT 2020] HEAD
[Mon Feb 3 01:08:50 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Mon Feb 3 01:08:50 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g -I ’
[Mon Feb 3 01:08:51 YEKT 2020] _ret=‘0’
[Mon Feb 3 01:08:51 YEKT 2020] POST
[Mon Feb 3 01:08:51 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Mon Feb 3 01:08:51 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Mon Feb 3 01:08:52 YEKT 2020] _ret=‘0’
[Mon Feb 3 01:08:52 YEKT 2020] code=‘429’
[Mon Feb 3 01:08:52 YEKT 2020] Le_LinkOrder
[Mon Feb 3 01:08:52 YEKT 2020] Le_OrderFinalize
[Mon Feb 3 01:08:52 YEKT 2020] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[Mon Feb 3 01:08:52 YEKT 2020] pid
[Mon Feb 3 01:08:52 YEKT 2020] No need to restore nginx, skip.
[Mon Feb 3 01:08:52 YEKT 2020] _clearupdns
[Mon Feb 3 01:08:52 YEKT 2020] dns_entries
[Mon Feb 3 01:08:52 YEKT 2020] skip dns.
[Mon Feb 3 01:08:52 YEKT 2020] _on_issue_err
[Mon Feb 3 01:08:52 YEKT 2020] Please check log file for more details: 1.log
[Mon Feb 3 01:08:52 YEKT 2020] Return code: 1
[Mon Feb 3 01:08:52 YEKT 2020] Error renew mail.kf-fantel.com.

kf-fantel · February 4, 2020, 8:33am

The acme.sh script runs once a day

kf-fantel · February 4, 2020, 8:40am

The certificate mail.kf-fantel.com.cer was supposed to be re-issued 02.01.2020 was not re-issued. Another certificate imap.kf-fantel.com.cer was issued on 01.01.2020 without problems with the same script

bruncsak · February 4, 2020, 10:33am

You have too many failed authorizations . For details see:

https://letsencrypt.org/docs/rate-limits/

kf-fantel · February 4, 2020, 10:52am

My script runs once a day to reissue 1 certificate, and the link says that no more than 5 certificates per day

stevenzhu · February 4, 2020, 11:40am

The log you give us is the old one. (From the timestamp)
Please try to run the script by yourself, manually and see what’s going to. Plainly giving the old run log won’t help us to find issues.

Please try to run acme.sh renew and post us the log for that part.

Thank you

kf-fantel · February 4, 2020, 11:53am

Today I run the script a little later, now there is no way

Thank you

kf-fantel · February 4, 2020, 8:15pm

[Wed Feb 5 01:14:05 YEKT 2020] ===Starting cron===
[Wed Feb 5 01:14:05 YEKT 2020] Renew: ‘imap.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] Skip, Next renewal time is: Sat Feb 29 19:19:12 UTC 2020
[Wed Feb 5 01:14:05 YEKT 2020] Add ‘–force’ to force to renew.
[Wed Feb 5 01:14:05 YEKT 2020] Skipped imap.kf-fantel.com
[Wed Feb 5 01:14:05 YEKT 2020] Renew: ‘mail.kf-fantel.com’
[Wed Feb 5 01:14:07 YEKT 2020] Single domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:08 YEKT 2020] Getting domain auth token for each domain
[Wed Feb 5 01:14:11 YEKT 2020] Getting webroot for domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:11 YEKT 2020] Verifying: mail.kf-fantel.com
[Wed Feb 5 01:14:16 YEKT 2020] mail.kf-fantel.com:Verify error:Fetching http://mail.kf-fantel.com/.well-known/acme-challenge/0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA: Connection refused
[Wed Feb 5 01:14:16 YEKT 2020] Please check log file for more details: 1.log
[Wed Feb 5 01:14:17 YEKT 2020] Error renew mail.kf-fantel.com.
[Wed Feb 5 01:14:17 YEKT 2020] Renew: ‘pop.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] Skip, Next renewal time is: Fri Feb 28 19:49:27 UTC 2020
[Wed Feb 5 01:14:17 YEKT 2020] Add ‘–force’ to force to renew.
[Wed Feb 5 01:14:17 YEKT 2020] Skipped pop.kf-fantel.com
[Wed Feb 5 01:14:17 YEKT 2020] Renew: ‘smtp.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] Skip, Next renewal time is: Wed Feb 26 20:54:49 UTC 2020
[Wed Feb 5 01:14:17 YEKT 2020] Add ‘–force’ to force to renew.
[Wed Feb 5 01:14:17 YEKT 2020] Skipped smtp.kf-fantel.com
[Wed Feb 5 01:14:17 YEKT 2020] ===End cron===

kf-fantel · February 4, 2020, 8:20pm

Log file

[Wed Feb 5 01:14:05 YEKT 2020] Lets find script dir.
[Wed Feb 5 01:14:05 YEKT 2020] SCRIPT=’/home/by_/.acme.sh/acme.sh’
[Wed Feb 5 01:14:05 YEKT 2020] script=’/home/by/.acme.sh/acme.sh’
[Wed Feb 5 01:14:05 YEKT 2020] script_home=’/home/by/.acme.sh’
[Wed Feb 5 01:14:05 YEKT 2020] Using config home:/home/by_/.acme.sh
[Wed Feb 5 01:14:05 YEKT 2020] Running cmd: cron
[Wed Feb 5 01:14:05 YEKT 2020] Using config home:/home/by_/.acme.sh
[Wed Feb 5 01:14:05 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:05 YEKT 2020] e[1;32m===Starting cron===e[0m
[Wed Feb 5 01:14:05 YEKT 2020] Using config home:/home/by_/.acme.sh
[Wed Feb 5 01:14:05 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:05 YEKT 2020] stopRenewOnError
[Wed Feb 5 01:14:05 YEKT 2020] set_level=‘2’
[Wed Feb 5 01:14:05 YEKT 2020] di=’/home/by/.acme.sh/imap.kf-fantel.com/’
[Wed Feb 5 01:14:05 YEKT 2020] d=‘imap.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] Using config home:/home/by/.acme.sh
[Wed Feb 5 01:14:05 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:05 YEKT 2020] DOMAIN_PATH=’/home/by_/.acme.sh/imap.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] e[1;32mRenew: ‘imap.kf-fantel.com’e[0m
[Wed Feb 5 01:14:05 YEKT 2020] Le_API
[Wed Feb 5 01:14:05 YEKT 2020] Skip, Next renewal time is: e[1;32mSat Feb 29 19:19:12 UTC 2020e[0m
[Wed Feb 5 01:14:05 YEKT 2020] Add ‘e[1;31m–forcee[0m’ to force to renew.
[Wed Feb 5 01:14:05 YEKT 2020] Return code: 2
[Wed Feb 5 01:14:05 YEKT 2020] Skipped imap.kf-fantel.com
[Wed Feb 5 01:14:05 YEKT 2020] di=’/home/by_/.acme.sh/mail.kf-fantel.com/’
[Wed Feb 5 01:14:05 YEKT 2020] d=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] Using config home:/home/by_/.acme.sh
[Wed Feb 5 01:14:05 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:05 YEKT 2020] DOMAIN_PATH=’/home/by_/.acme.sh/mail.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] e[1;32mRenew: ‘mail.kf-fantel.com’e[0m
[Wed Feb 5 01:14:05 YEKT 2020] Le_API
[Wed Feb 5 01:14:05 YEKT 2020] _main_domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:05 YEKT 2020] _alt_domains=‘no’
[Wed Feb 5 01:14:05 YEKT 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Feb 5 01:14:05 YEKT 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Feb 5 01:14:05 YEKT 2020] GET
[Wed Feb 5 01:14:05 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:05 YEKT 2020] timeout=
[Wed Feb 5 01:14:06 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:07 YEKT 2020] ret=‘0’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_NEW_AUTHZ
[Wed Feb 5 01:14:07 YEKT 2020] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Wed Feb 5 01:14:07 YEKT 2020] ACME_VERSION=‘2’
[Wed Feb 5 01:14:07 YEKT 2020] Le_NextRenewTime=‘1577906954’
[Wed Feb 5 01:14:07 YEKT 2020] _on_before_issue
[Wed Feb 5 01:14:07 YEKT 2020] _chk_main_domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:07 YEKT 2020] _chk_alt_domains
[Wed Feb 5 01:14:07 YEKT 2020] Le_LocalAddress
[Wed Feb 5 01:14:07 YEKT 2020] d=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:07 YEKT 2020] Check for domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:07 YEKT 2020] _currentRoot=’/var/www/htdocs/roundcubemail-1.2.0’
[Wed Feb 5 01:14:07 YEKT 2020] d
[Wed Feb 5 01:14:07 YEKT 2020] _saved_account_key_hash is not changed, skip register account.
[Wed Feb 5 01:14:07 YEKT 2020] Read key length:
[Wed Feb 5 01:14:07 YEKT 2020] _createcsr
[Wed Feb 5 01:14:07 YEKT 2020] Single domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:08 YEKT 2020] Getting domain auth token for each domain
[Wed Feb 5 01:14:08 YEKT 2020] d
[Wed Feb 5 01:14:08 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Wed Feb 5 01:14:08 YEKT 2020] payload=’{“identifiers”: [{“type”:“dns”,“value”:“mail.kf-fantel.com”}]}’
[Wed Feb 5 01:14:08 YEKT 2020] RSA key
[Wed Feb 5 01:14:08 YEKT 2020] HEAD
[Wed Feb 5 01:14:08 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce’
[Wed Feb 5 01:14:08 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g -I ’
[Wed Feb 5 01:14:09 YEKT 2020] _ret=‘0’
[Wed Feb 5 01:14:09 YEKT 2020] POST
[Wed Feb 5 01:14:09 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order’
[Wed Feb 5 01:14:09 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:10 YEKT 2020] _ret=‘0’
[Wed Feb 5 01:14:10 YEKT 2020] code=‘201’
[Wed Feb 5 01:14:10 YEKT 2020] Le_LinkOrder=‘https://acme-v02.api.letsencrypt.org/acme/order/58329194/2234174573’
[Wed Feb 5 01:14:10 YEKT 2020] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/58329194/2234174573’
[Wed Feb 5 01:14:10 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2644379483’
[Wed Feb 5 01:14:10 YEKT 2020] payload
[Wed Feb 5 01:14:10 YEKT 2020] POST
[Wed Feb 5 01:14:10 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/2644379483’
[Wed Feb 5 01:14:10 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:11 YEKT 2020] _ret=‘0’
[Wed Feb 5 01:14:11 YEKT 2020] code=‘200’
[Wed Feb 5 01:14:11 YEKT 2020] d=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:11 YEKT 2020] Getting webroot for domain=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:11 YEKT 2020] _w=’/var/www/htdocs/roundcubemail-1.2.0’
[Wed Feb 5 01:14:11 YEKT 2020] _currentRoot=’/var/www/htdocs/roundcubemail-1.2.0’
[Wed Feb 5 01:14:11 YEKT 2020] entry=’“type”:“http-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g",“token”:"0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA”’
[Wed Feb 5 01:14:11 YEKT 2020] token=‘0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA’
[Wed Feb 5 01:14:11 YEKT 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:11 YEKT 2020] keyauthorization=‘0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA.Jpp0cb3-7Xv3__t5L0FyZLXth2XplvqWRCuzP3Sr5T8’
[Wed Feb 5 01:14:11 YEKT 2020] dvlist=‘mail.kf-fantel.com#0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA.Jpp0cb3-7Xv3__t5L0FyZLXth2XplvqWRCuzP3Sr5T8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g#http-01#/var/www/htdocs/roundcubemail-1.2.0’
[Wed Feb 5 01:14:11 YEKT 2020] d
[Wed Feb 5 01:14:11 YEKT 2020] vlist=‘mail.kf-fantel.com#0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA.Jpp0cb3-7Xv3__t5L0FyZLXth2XplvqWRCuzP3Sr5T8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g#http-01#/var/www/htdocs/roundcubemail-1.2.0,’
[Wed Feb 5 01:14:11 YEKT 2020] d=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:11 YEKT 2020] ok, let’s start to verify
[Wed Feb 5 01:14:11 YEKT 2020] Verifying: mail.kf-fantel.com
[Wed Feb 5 01:14:11 YEKT 2020] d=‘mail.kf-fantel.com’
[Wed Feb 5 01:14:11 YEKT 2020] keyauthorization=‘0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA.Jpp0cb3-7Xv3__t5L0FyZLXth2XplvqWRCuzP3Sr5T8’
[Wed Feb 5 01:14:11 YEKT 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:11 YEKT 2020] _currentRoot=’/var/www/htdocs/roundcubemail-1.2.0’
[Wed Feb 5 01:14:11 YEKT 2020] wellknown_path=’/var/www/htdocs/roundcubemail-1.2.0/.well-known/acme-challenge’
[Wed Feb 5 01:14:11 YEKT 2020] writing token:0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA to /var/www/htdocs/roundcubemail-1.2.0/.well-known/acme-challenge/0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA
[Wed Feb 5 01:14:11 YEKT 2020] Changing owner/group of .well-known to root:daemon
[Wed Feb 5 01:14:12 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:12 YEKT 2020] payload=’{}’
[Wed Feb 5 01:14:12 YEKT 2020] POST
[Wed Feb 5 01:14:12 YEKT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:12 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:13 YEKT 2020] _ret=‘0’
[Wed Feb 5 01:14:13 YEKT 2020] code=‘200’
[Wed Feb 5 01:14:13 YEKT 2020] trigger validation code: 200
[Wed Feb 5 01:14:13 YEKT 2020] sleep 2 secs to verify
[Wed Feb 5 01:14:15 YEKT 2020] checking
[Wed Feb 5 01:14:15 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:15 YEKT 2020] payload
[Wed Feb 5 01:14:15 YEKT 2020] POST
[Wed Feb 5 01:14:15 YEKT 2020] post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:15 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:16 YEKT 2020] ret=‘0’
[Wed Feb 5 01:14:16 YEKT 2020] code=‘200’
[Wed Feb 5 01:14:16 YEKT 2020] mail.kf-fantel.com:Verify error:Fetching http://mail.kf-fantel.com/.well-known/acme-challenge/0b06cfkwalbAtnNWTw3GMn5qaolLWm_ai66JN_OovCA: Connection refused
[Wed Feb 5 01:14:16 YEKT 2020] pid
[Wed Feb 5 01:14:16 YEKT 2020] No need to restore nginx, skip.
[Wed Feb 5 01:14:16 YEKT 2020] clearupdns
[Wed Feb 5 01:14:16 YEKT 2020] dns_entries
[Wed Feb 5 01:14:16 YEKT 2020] skip dns.
[Wed Feb 5 01:14:16 YEKT 2020] on_issue_err
[Wed Feb 5 01:14:16 YEKT 2020] Please check log file for more details: 1.log
[Wed Feb 5 01:14:16 YEKT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:16 YEKT 2020] payload=’{}’
[Wed Feb 5 01:14:16 YEKT 2020] POST
[Wed Feb 5 01:14:16 YEKT 2020] post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/2644379483/MANV4g’
[Wed Feb 5 01:14:16 YEKT 2020] CURL='curl -L --silent --dump-header /home/by/.acme.sh/http.header -g ’
[Wed Feb 5 01:14:17 YEKT 2020] ret=‘0’
[Wed Feb 5 01:14:17 YEKT 2020] code=‘400’
[Wed Feb 5 01:14:17 YEKT 2020] Return code: 1
[Wed Feb 5 01:14:17 YEKT 2020] Error renew mail.kf-fantel.com.
[Wed Feb 5 01:14:17 YEKT 2020] di=’/home/by/.acme.sh/pop.kf-fantel.com/’
[Wed Feb 5 01:14:17 YEKT 2020] d=‘pop.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] Using config home:/home/by/.acme.sh
[Wed Feb 5 01:14:17 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:17 YEKT 2020] DOMAIN_PATH=’/home/by/.acme.sh/pop.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] e[1;32mRenew: ‘pop.kf-fantel.com’e[0m
[Wed Feb 5 01:14:17 YEKT 2020] Le_API
[Wed Feb 5 01:14:17 YEKT 2020] Skip, Next renewal time is: e[1;32mFri Feb 28 19:49:27 UTC 2020e[0m
[Wed Feb 5 01:14:17 YEKT 2020] Add ‘e[1;31m–forcee[0m’ to force to renew.
[Wed Feb 5 01:14:17 YEKT 2020] Return code: 2
[Wed Feb 5 01:14:17 YEKT 2020] Skipped pop.kf-fantel.com
[Wed Feb 5 01:14:17 YEKT 2020] di=’/home/by/.acme.sh/smtp.kf-fantel.com/’
[Wed Feb 5 01:14:17 YEKT 2020] d=‘smtp.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] Using config home:/home/by/.acme.sh
[Wed Feb 5 01:14:17 YEKT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Wed Feb 5 01:14:17 YEKT 2020] DOMAIN_PATH=’/home/by/.acme.sh/smtp.kf-fantel.com’
[Wed Feb 5 01:14:17 YEKT 2020] e[1;32mRenew: 'smtp.kf-fantel.com’e[0m
[Wed Feb 5 01:14:17 YEKT 2020] Le_API
[Wed Feb 5 01:14:17 YEKT 2020] Skip, Next renewal time is: e[1;32mWed Feb 26 20:54:49 UTC 2020e[0m
[Wed Feb 5 01:14:17 YEKT 2020] Add ‘e[1;31m–forcee[0m’ to force to renew.
[Wed Feb 5 01:14:17 YEKT 2020] Return code: 2
[Wed Feb 5 01:14:17 YEKT 2020] Skipped smtp.kf-fantel.com
[Wed Feb 5 01:14:17 YEKT 2020] _error_level=‘1’
[Wed Feb 5 01:14:17 YEKT 2020] _set_level=‘2’
[Wed Feb 5 01:14:17 YEKT 2020] The NOTIFY_HOOK is empty, just return.
[Wed Feb 5 01:14:17 YEKT 2020] e[1;32m===End cron===e[0m

stevenzhu · February 4, 2020, 10:07pm

Hi,

Could you please confirm your website document root? (You can find that by going to Nginx virtual Host configuration for that site)

Also, can you confirm that the http based port is accessible for all internet? (No geo-based filter etc.)

Thank you

kf-fantel · February 5, 2020, 7:16am

Hello

I checked the connection via VPN to the mail.kf-fantel.com website from different regions it connects normally

stevenzhu · February 5, 2020, 4:42pm

Can you confirm your server IP? There is two IPs under this hostname now. (And one of them have connection refused)

Thank you

Topic		Replies	Views
Certificate renewal failed for second-level domain Help	4	726	December 18, 2021
Cannot renew certificate Help	16	1150	May 15, 2021
Repeating 400 error on cert renewal Help	8	494	May 22, 2020
Acme failure on NetGate pfSense Help	14	2353	November 26, 2022
I have a problem renewing my certificate Help	7	2815	August 23, 2018

Certificate Renewal Error

Related topics