I recently had to migrate my server hence I changed:
- IP address (DNS entries changed 4 days ago) for my domain finart.xyz
- client (letencrypt’s official client → acme-tiny from debian/jessie)
On my previous setup, it was working fine, i.e. I used to receve certificates.
I re-used my account and server keys by following acme-tiny’s guide, but the validation is still pending:
Output of the script:
user@machine: acme-tiny --account-key /etc/letsencrypt/account.key --csr finart.xyz.csr --acme-dir /var/www/acme-challenge/ > signed.crt
Parsing account key…
Challenge URI: https://acme-v01.api.letsencrypt.org/acme/challenge/yIjLvQFg72p8OjQ0ThCBpRxGDP4RiaT3yqWaQmafucY/95932503
I added the URI display to see it; the json says ‘pending’ as does the script that infloops while waiting for file change.
I ran a tcpdump to see incoming traffic on HTTP but saw nothing (interesting) except the script itself that does verify that redirect is ok, of course querying the challenge URL from an other host does return something (token . something).
Every time I re-run the script, it re-uses the same challenge URI (might be ok), but the status is still pending.
- with my previous server, I was issuing certificate for two domains (finart.xyz and mail.finart.xyz), I changed to only generate cert for finart.xyz
- I first tried it on 31/01/2017, and the script stopped due to acme-v01 migration
Any thought ?