Error: During secondary validation: Remote PerformValidation RPC failed

bnobre · July 4, 2024, 1:01am

I ran this command: certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain:
Type: serverInternal
Detail: During secondary validation: Remote PerformValidation RPC failed

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate with error: Some challenges have failed.

All simulated renewals failed.

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

MikeMcQ · July 4, 2024, 1:52am

That is an unusual error. Do you limit access to your server by country or geography? Because Let's Encrypt recently started using more points around the world to validate from. Seeing "Seconday validation" in the error message means this might be happening to you.

People who previously only allowed USA (and their home countries) would no longer work.

petercooperjr · July 4, 2024, 1:53am

That's an internal error with Let's Encrypt's servers. Are you consistently getting it, or does it work if you try again?

mesbahworld · July 4, 2024, 1:59am

I am getting the same error

petercooperjr · July 4, 2024, 2:08am

Another report here:

I'm guessing that staging is down.

MikeMcQ · July 4, 2024, 2:11am

I'm getting same RPC failed error from my own test server using --dry-run

mcpherrinm · July 4, 2024, 2:51am

We've identified a change we made (to our own certs, doh!) has broken the secondary validation.

We're going to roll that back now.

This will break certbot --dry-run and certbot --staging (or other uses of staging) commands only -- you should be able to renew still otherwise

Bruce5051 · July 4, 2024, 3:08am

For the staging environment only, correct?

mcpherrinm · July 4, 2024, 3:15am

Yes, staging only

mcpherrinm · July 4, 2024, 3:22am

It's fixed

bnobre · July 4, 2024, 12:14pm

It's working now... Thx

system · August 3, 2024, 12:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.