During secondary validation: Remote PerformValidation RPC failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: machineshedsports.com

I ran this command: certbot renew -v

It produced this output:

  • The following errors were reported by the server:

    Domain: www.machineshedsports.com
    Type: serverInternal
    Detail: During secondary validation: Remote PerformValidation RPC
    failed

    Domain: machineshedsports.com
    Type: serverInternal
    Detail: During secondary validation: Remote PerformValidation RPC
    failed

    Unfortunately, an error on the ACME server prevented you from
    completing authorization. Please try again later.

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux release 7.7.1908

My hosting provider, if applicable, is: self/not applicable

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.39.0

other notes:
validation was attempted using http-01, while it was running i manually checked that the server was able to serve back the challenge at machineshedfitness.com/.well-known/acme-challenge/XXXXXXX and it was serving the token at that url as expected so it would appear the issue is on letsencrypt side? any help appreciated

I would concur, as pretty much any "serverInternal" error would be.

Have you tried again later?

2 Likes

yep, i tried again just now, same result

I did check https://letsencrypt.status.io/ before posting, but it doesn't list any issues currently....

I have the same issue on 2 separate servers.

same, i have two servers currently that are doing this

So based on when you first posted, you've been experiencing this for over half an hour? Very odd.

@lestaff, I'm going to throw this one to you guys.

3 Likes

yeah, not sure where to go at this point besides waiting even longer before "trying again later"

I am using webroot/http validation method

I ran certbot with verbose, it shows

Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/XXXXX

response is
{
"identifier": {
"type": "dns",
"value": "machineshedsports.com"
},
"status": "pending",
"expires": "2022-06-24T23:46:49Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/XXX/Kjy-DQ",
"token": "XXX"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/XXX/C6xwlw",
"token": "XXX"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/XXX/Zykj1Q",
"token": "XXX"
}
]
}

I then check the webroot path and the file is there for
.well-known/acme-challenge/XXXXX

I then load that in the browser using machineshedfitness.com/.well-known/acme-challenge/XXX and it shows the token

so everything on this end look correct, just fails back with that error from certbot
{
"identifier": {
"type": "dns",
"value": "machineshedsports.com"
},
"status": "invalid",
"expires": "2022-06-24T23:46:49Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:serverInternal",
"detail": "During secondary validation: Remote PerformValidation RPC failed",
"status": 500
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/XXX/XXX",
"token": "XXX",
"validationRecord": [
{
"url": "http://machineshedsports.com/.well-known/acme-challenge/XXX",
"hostname": "machineshedsports.com",
"port": "80",
"addressesResolved": [
"157.245.236.25"
],
"addressUsed": "157.245.236.25"
},
{
"url": "https://machineshedfitness.com/.well-known/acme-challenge/XXX",
"hostname": "machineshedfitness.com",
"port": "443",
"addressesResolved": [
"157.245.236.25"
],
"addressUsed": "157.245.236.25"
}
],
"validated": "2022-06-17T23:46:49Z"
}
]
}

well, i guess it was just a "try again a lotta bit later" issue, cause it just went through :man_shrugging:

FYI. I am having this problem too. It only happens to one of my domains, the others worked fine.

Frustrating ...

yeah, i kept waiting for a red bubble on https://letsencrypt.status.io/ but it still shows green

or at least one of those "purple.... degraded" indicators

Wow this is aggravating from beginning to working took 4 hours of waiting.

What kind of internal server issues are you folks having? Curious ...

I pushed out a bad config change while altering some syslog values in the RVA config. The syslog block goes in the syslog hole, not the RVA. Secondary validation failures should be clearing up in staging and prod right now. A future improvement will be to run config tests prior to restarting that daemon. I'll get a status.io backfilled.

10 Likes

glad that it wasn't something I did and that it should be clearing up :+1:

"bad config change while altering some syslog values" we'll just call that a "Phil" from now on :smile:

4 Likes