HARDKoD
September 1, 2020, 5:21pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mail.giatt.ru
[2020-09-01 20:12:53] LEScript.INFO: Getting list of URLs for API
[2020-09-01 20:12:54] LEScript.INFO: Requesting new nonce for client communication
[2020-09-01 20:12:54] LEScript.INFO: Account already registered. Continuing.
[2020-09-01 20:12:54] LEScript.INFO: Sending registration to letsencrypt server
[2020-09-01 20:12:54] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
[2020-09-01 20:12:55] LEScript.INFO: Account: https://acme-v02.api.letsencrypt.org/acme/acct/95373810
[2020-09-01 20:12:55] LEScript.INFO: Starting certificate generation process for domains
[2020-09-01 20:12:55] LEScript.INFO: Requesting challenge for mail.giatt.ru
[2020-09-01 20:12:55] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
[2020-09-01 20:12:57] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6888219127
[2020-09-01 20:12:58] LEScript.INFO: Got challenge token for mail.giatt.ru
[2020-09-01 20:12:58] LEScript.INFO: Token for mail.giatt.ru saved at /opt/www//.well-known/acme-challenge/2ZMl_2HFNPouIorRAK-4tCeQYcULS0ODUrDmbjSszuU and should be available at http://mail.giatt.ru/.well-known/acme-challenge/2ZMl_2HFNPouIorRAK-4tCeQYcULS0ODUrDmbjSszuU
[2020-09-01 20:12:58] LEScript.ERROR: Please check http://mail.giatt.ru/.well-known/acme-challenge/2ZMl_2HFNPouIorRAK-4tCeQYcULS0ODUrDmbjSszuU - token not available
[2020-09-01 20:12:58] LEScript.ERROR: #0 /opt/admin/src/AppBundle/Handler/LeHandler.php(62): Analogic\ACME\Lescript->signDomains()
[2020-09-01 20:12:58] LEScript.ERROR: #1 /opt/admin/src/AppBundle/Controller/LeController.php(71): AppBundle\Handler\LeHandler->renew()
[2020-09-01 20:12:58] LEScript.ERROR: #2 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(151): AppBundle\Controller\LeController->issueAction()
[2020-09-01 20:12:58] LEScript.ERROR: #3 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
[2020-09-01 20:12:58] LEScript.ERROR: #4 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(200): Symfony\Component\HttpKernel\HttpKernel->handle()
[2020-09-01 20:12:58] LEScript.ERROR: #5 /opt/admin/web/app.php(16): Symfony\Component\HttpKernel\Kernel->handle()
[2020-09-01 20:12:58] LEScript.ERROR: #6 {main}
I can download token easy, but still error in LEScript.
Any help?
1 Like
Osiris
September 1, 2020, 5:55pm
2
Very strange… It looks like your script is “pre-checking” the token before it signals Let’s Encrypt to validate the authorization. I can download the token too…
If you look at the contents of your authorization at https://acme-v02.api.letsencrypt.org/acme/authz-v3/6888219127 (from your log), you’ll see all the statusses are “pending”: no success, but no failure either. If Let’s Encrypt wasn’t able to verify the hostname due to the same issue your ACME client has, it would result in a failure in that “status”, not pending.
How did you try to download the token yourself? From the same machine as where LEScript runs? If not, could you try downloading it from that machine?
2 Likes
rg305
September 1, 2020, 6:02pm
3
I agree with @Osiris , based on this msg:
Please check http://mail.giatt.ru/.well-known/acme-challenge/2ZMl_2HFNPouIorRAK-4tCeQYcULS0ODUrDmbjSszuU - token not available
It would seem that your script can’t reach that site.
That could be due to:
split DNS (providing different IPs to to different nets)
localhost doesn’t know itself as also “mail.giatt.ru ”
web server providing different content (paths) to different nets (internal/external)
So, yes, test that link from itself to be sure that is not part of the problem.
1 Like
Hi @HARDKoD
check, if there is an update of that script.
Or if it is possible to skip that pre-check.
If both isn't possible: Switch to another client.
Last updated: Jul 22, 2023 | See all Documentation Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose a piece...
HARDKoD
September 1, 2020, 10:17pm
5
Fix download problem. Thx guys, Problem was i cant download file from server itself. But now - next problem:
[2020-09-02 01:14:28] LEScript.INFO: Sending request to challenge
[2020-09-02 01:14:28] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6923593461/TVd-hA
[2020-09-02 01:14:29] LEScript.INFO: Verification pending, sleeping 1s
[2020-09-02 01:14:30] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6923593461/TVd-hA
[2020-09-02 01:14:31] LEScript.INFO: Verification pending, sleeping 1s
[2020-09-02 01:14:32] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6923593461/TVd-hA
[2020-09-02 01:14:33] LEScript.INFO: Verification pending, sleeping 1s
[2020-09-02 01:14:34] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6923593461/TVd-hA
[2020-09-02 01:14:35] LEScript.INFO: Verification pending, sleeping 1s
[2020-09-02 01:14:36] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/6923593461/TVd-hA
[2020-09-02 01:14:37] LEScript.ERROR: 400 { "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 }
[2020-09-02 01:14:37] LEScript.ERROR: #0 /opt/admin/vendor/analogic/lescript/Lescript.php(544): Analogic\ACME\Client->curl()
[2020-09-02 01:14:37] LEScript.ERROR: #1 /opt/admin/vendor/analogic/lescript/Lescript.php(422): Analogic\ACME\Client->post()
[2020-09-02 01:14:37] LEScript.ERROR: #2 /opt/admin/vendor/analogic/lescript/Lescript.php(165): Analogic\ACME\Lescript->signedRequest()
[2020-09-02 01:14:37] LEScript.ERROR: #3 /opt/admin/src/AppBundle/Handler/LeHandler.php(62): Analogic\ACME\Lescript->signDomains()
[2020-09-02 01:14:37] LEScript.ERROR: #4 /opt/admin/src/AppBundle/Controller/LeController.php(71): AppBundle\Handler\LeHandler->renew()
[2020-09-02 01:14:37] LEScript.ERROR: #5 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(151): AppBundle\Controller\LeController->issueAction()
[2020-09-02 01:14:37] LEScript.ERROR: #6 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
[2020-09-02 01:14:37] LEScript.ERROR: #7 /opt/admin/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(200): Symfony\Component\HttpKernel\HttpKernel->handle()
[2020-09-02 01:14:37] LEScript.ERROR: #8 /opt/admin/web/app.php(16): Symfony\Component\HttpKernel\Kernel->handle()
[2020-09-02 01:14:37] LEScript.ERROR: #9 {main}
griffin
September 1, 2020, 10:33pm
6
The script should be posting to the challenge url once then repeatedly posting to the authorization url associated with the challenge in order to check status, NOT repeatedly posting to the challenge url.
1 Like
HARDKoD:
But now - next problem:
Your script is buggy. Update it or use another client. I don't think you can fix that.
2 Likes
system
Closed
October 1, 2020, 10:37pm
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.