Change validation challenge from dns to http


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ichasco.com

I ran this command:

It produced this output:

type “dns”
value grafana.ichasco.com
status “valid”
expires “2018-04-07T16:38:18Z”
challenges
0
type “http-01”
status “valid”
uri https://acme-v01.api.letsencrypt.org/acme/challenge/dDvvJaCq-4plt870L3-1LunObkA9L1hDI-UusEmjPOI/3739327509
token “acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk”
keyAuthorization “acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk.1hBoKcSftLVp56YBXO-melj62h2TwLt22sLePmEYKCo”
validationRecord
0
url http://grafana.ichasco.com/.well-known/acme-challenge/acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk
hostname grafana.ichasco.com
port “80”
addressesResolved
0 “145.239.78.192”
addressUsed “145.239.78.192”
1
type “dns-01”
status “pending”
uri https://acme-v01.api.letsencrypt.org/acme/challenge/dDvvJaCq-4plt870L3-1LunObkA9L1hDI-UusEmjPOI/3739327510
token “CwS-5pIE2xIkTbRsONl6enMeJiYlLDlBgS8UqBO485E”
combinations
0
0 1
1
0 0

{
“identifier”: {
“type”: “dns”,
“value”: “grafana.ichasco.com
},
“status”: “valid”,
“expires”: “2018-04-07T16:38:18Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/dDvvJaCq-4plt870L3-1LunObkA9L1hDI-UusEmjPOI/3739327509”,
“token”: “acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk”,
“keyAuthorization”: “acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk.1hBoKcSftLVp56YBXO-melj62h2TwLt22sLePmEYKCo”,
“validationRecord”: [
{
“url”: “http://grafana.ichasco.com/.well-known/acme-challenge/acWHRkUx19gfpvO5OUQPAN5DyRUZLfrsae0ZqTt9Ajk”,
“hostname”: “grafana.ichasco.com”,
“port”: “80”,
“addressesResolved”: [
“145.239.78.192”
],
“addressUsed”: “145.239.78.192”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/dDvvJaCq-4plt870L3-1LunObkA9L1hDI-UusEmjPOI/3739327510”,
“token”: “CwS-5pIE2xIkTbRsONl6enMeJiYlLDlBgS8UqBO485E”
}
],
“combinations”: [
[
1
],
[
0
]
]
}

My web server is (include version): Traefik v1.5.3

The operating system my web server runs on is (include version): debian 9

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

What exactly is the question and/or the problem you’re running into? Could you specify the exact command you ran or what you did what triggered the error/problem?

As far as I can see, your http-01 challenge is valid. So you should be able to issue certificates through the http-01 challenge.


#3

Yes, but I am having issues with the validation of it.
The error is:
proxy_1 | time=“2018-03-13T15:05:23Z” level=error msg=“Error getting ACME certificates [grafana.ichasco.com] : cannot obtain certificates map[grafana.ichasco.com:acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: too many certificates already issued for: ichasco.com: see https://letsencrypt.org/docs/rate-limits/]”

Thanks


#4

Validation is succeeding, then, I think. It’s running into something else.

The domain has a lot of certificates.

https://crt.sh/?q=%ichasco.com

It’s reached one of the rate limits and you need to wait a while before issuing certificates for new subdomains (or new combinations of domains).


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.