nomopo
March 27, 2022, 8:24pm
1
Por favor, complete los campos del siguiente formulario para que podamos ayudarle de la mejor forma posible. Nota: debe proporcionar su nombre de dominio para obtener ayuda. Los nombres de dominio de los certificados emitidos se hacen públicos en los registros de Transparencia de Certificados (por ejemplo, https://crt.sh/?q=example.com ), por lo que esconder aquí su nombre de dominio no sirve de nada, únicamente nos dificulta prestarle la ayuda solicitada.
Puedo leer las respuestas en Inglés (sí o no): SI
Mi dominio es: app.nredes.dev
Ejecuté este comando:v-add-letsencrypt-domain user app.nredes.dev
Produjo esta salida: Error: Let's Encrypt validation status 400 (app.nredes.dev). Details: Unable to update challenge :: authorization must be pending
Mi servidor web es (incluya la versión): ubuntu 20.04 con hestiacp
El sistema operativo en el que se ejecuta mi servidor web es (incluya la versión): ubuntu 20.4
Mi proveedor de alojamiento web (si aplica) es: Webuphosting.com
Puedo iniciar una sesión en una shell root en mi servidor (sí, no o no lo sé): si
Estoy usando un panel de control para administrar mi sitio (no o proporcione el nombre y la versión del panel de control): hestiacp 1.5.11
La versión de mi cliente es (por ejemplo, si usa certbot, muestre la salida de certbot --version
o certbot-auto --version
):
Todos los subdominios que tengo en ese servidor no me los valida. El dominio está alojado en webuphosting.com con un cpanel donde tengo direcciones A a cada subdominio.
nomopo
March 27, 2022, 9:27pm
2
I have this log:
Date Time: 2022-03-27 23:01:30
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: neomorbius
domain: citra.nredes.dev
aliases:
proto: http-01
wildcard:
==[Step 1]==
status: 200
nonce: 0002_6-TPC5DNY6UKOLg8sp14XbO_8QJhVLLZMoXpDXzMIY
answer: HTTP/2 200
server: nginx
date: Sun, 27 Mar 2022 21:01:31 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0002_6-TPC5DNY6UKOLg8sp14XbO_8QJhVLLZMoXpDXzMIY
x-frame-options: DENY
strict-transport-security: max-age=604800
==[API call]==
exit status: 0
==[Step 2]==
{
"status": "pending",
"expires": "2022-04-03T21:01:32Z",
"identifiers": [
{
"type": "dns",
"value": "citra.nredes.dev"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/92091404450 "
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/469244510/75099432630 "
}
==[API call]==
exit status: 0
==[Step 3]==
status: 200
nonce: 01016CmkcbIzI74jaOOjpjmsQ8wkdzhM0zU8s27J0WXw5yw
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/92091404450/rVkh5w
token: GV2VCP-p-bnwt18UJy0TabrswmYzYr89M-On-MUu7Zg
answer: HTTP/2 200
server: nginx
date: Sun, 27 Mar 2022 21:01:33 GMT
content-type: application/json
content-length: 797
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 01016CmkcbIzI74jaOOjpjmsQ8wkdzhM0zU8s27J0WXw5yw
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "citra.nredes.dev"
},
"status": "pending",
"expires": "2022-04-03T21:01:32Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92091404450/rVkh5w ",
"token": "GV2VCP-p-bnwt18UJy0TabrswmYzYr89M-On-MUu7Zg"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92091404450/8yafDg ",
"token": "GV2VCP-p-bnwt18UJy0TabrswmYzYr89M-On-MUu7Zg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92091404450/O0sAmg ",
"token": "GV2VCP-p-bnwt18UJy0TabrswmYzYr89M-On-MUu7Zg"
}
]
}
==[API call]==
exit status: 0
==[Step 5]==
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92091404450/rVkh5w ",
"token": "GV2VCP-p-bnwt18UJy0TabrswmYzYr89M-On-MUu7Zg"
}
==[API call]==
exit status: 0
==[Step 5]==
status: 400
nonce: 0102KOozpmJyuxFhSwlAl6IRwItgLgOy4doujaLBYVrTINQ
validation:
details: Unable to update challenge :: authorization must be pending
answer: HTTP/2 400
server: nginx
date: Sun, 27 Mar 2022 21:01:43 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0102KOozpmJyuxFhSwlAl6IRwItgLgOy4doujaLBYVrTINQ
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}
==[Abort Step 5]==
=> Wrong status
_az
March 27, 2022, 9:35pm
3
I think probably this is due to the fact that one of your domain's nameservers, ns2.tuhosting.cloud
, is offline.
The process to obtain a certificate sometimes has trouble when there are only 2 nameservers and 1 is offline.
You can try again and hope for a different result, or you can ask your host why the nameserver is offline.
2 Likes
nomopo
March 28, 2022, 5:01pm
4
ok then i change all dns but i have same problem:
Date Time: 2022-03-28 18:54:03
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: neomorbius
domain: nredes.dev
aliases:
proto: http-01
wildcard:
==[Step 1]==
status: 200
nonce: 0102GuGfM6FPYZXPQQWQ2TDDOjIbGW4v8PPfGWYIzTk3E8E
answer: HTTP/2 200
server: nginx
date: Mon, 28 Mar 2022 16:54:04 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0102GuGfM6FPYZXPQQWQ2TDDOjIbGW4v8PPfGWYIzTk3E8E
x-frame-options: DENY
strict-transport-security: max-age=604800
==[API call]==
exit status: 0
==[Step 2]==
{
"status": "pending",
"expires": "2022-04-04T16:54:04Z",
"identifiers": [
{
"type": "dns",
"value": "nredes.dev"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/92375619820 "
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/469244510/75332701770 "
}
==[API call]==
exit status: 0
==[Step 3]==
status: 200
nonce: 0102CjsxoJBs_InKHSNr81SLQ5ltVw7w6TSohUtkS_bJeWM
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/92375619820/eH8LSw
token: _IvJ7iQBnIP3PuqGxokE8jAT8Vc6CXuXWjqT4Q5esZY
answer: HTTP/2 200
server: nginx
date: Mon, 28 Mar 2022 16:54:05 GMT
content-type: application/json
content-length: 791
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0102CjsxoJBs_InKHSNr81SLQ5ltVw7w6TSohUtkS_bJeWM
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "nredes.dev"
},
"status": "pending",
"expires": "2022-04-04T16:54:04Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92375619820/eH8LSw ",
"token": "_IvJ7iQBnIP3PuqGxokE8jAT8Vc6CXuXWjqT4Q5esZY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92375619820/M-QQRQ ",
"token": "_IvJ7iQBnIP3PuqGxokE8jAT8Vc6CXuXWjqT4Q5esZY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92375619820/rOK0zQ ",
"token": "_IvJ7iQBnIP3PuqGxokE8jAT8Vc6CXuXWjqT4Q5esZY"
}
]
}
==[API call]==
exit status: 0
==[Step 5]==
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92375619820/eH8LSw ",
"token": "_IvJ7iQBnIP3PuqGxokE8jAT8Vc6CXuXWjqT4Q5esZY"
}
==[API call]==
exit status: 0
==[Step 5]==
status: 400
nonce: 0002pWmMgz2lUHFrhD7jjy7C9-Rs0BUx2cyGCE3K9eyi8Oc
validation:
details: Unable to update challenge :: authorization must be pending
answer: HTTP/2 400
server: nginx
date: Mon, 28 Mar 2022 16:54:15 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0002pWmMgz2lUHFrhD7jjy7C9-Rs0BUx2cyGCE3K9eyi8Oc
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}
==[Abort Step 5]==
=> Wrong status
rg305
March 28, 2022, 7:02pm
6
That picture says a lot!
Root Internet DNS systems says that your authoritative DNS servers are:
nredes.dev nameserver = ns1.vpspanel.es [86.105.50.78]
nredes.dev nameserver = ns2.vpspanel.es [217.61.97.30]
But when you are those servers, they say NOT, use:
nredes.dev nameserver = ns1.vpspanel.com [64.98.145.30]
nredes.dev nameserver = ns2.vpspanel.com [64.98.145.30]
[which is just one IP - single point of failure]
And when you ask that one IP, it say:
nslookup -q=ns nredes.dev 64.98.145.30
Server: UnKnown
Address: 64.98.145.30
*** UnKnown can't find nredes.dev: No response from server
Your DNS is broken.
1 Like
nomopo
March 28, 2022, 8:17pm
7
now it work's fine. i have answer from dns and dns propagation.
but it doesn't work. i have same message error 400
rg305
March 28, 2022, 9:43pm
8
rg305:
Your DNS is broken.
Name: url.hover.com
Address: 64.98.145.30
64.98.145.30 is unwilling to validate your DNS zone.
3 Likes
nomopo
March 29, 2022, 1:43pm
9
ok now i validate NREDES.DEV, parent domain, but i need to validate some subdomains, that are in same server (hestiacp). and i have this error when i like to validate it.
=============================
Date Time: 2022-03-29 15:39:08
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: neomorbius
domain: citra.nredes.dev
aliases:
proto: http-01
wildcard:
==[Step 1]==
status: 200
nonce: 0002Dv0kgMTED1RFc4bvXWOzo2QCHh0NednS5lRvo4BdUmE
answer: HTTP/2 200
server: nginx
date: Tue, 29 Mar 2022 13:39:09 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0002Dv0kgMTED1RFc4bvXWOzo2QCHh0NednS5lRvo4BdUmE
x-frame-options: DENY
strict-transport-security: max-age=604800
==[API call]==
exit status: 0
==[Step 2]==
{
"status": "pending",
"expires": "2022-04-05T13:39:10Z",
"identifiers": [
{
"type": "dns",
"value": "citra.nredes.dev"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/92670702650 "
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/469244510/75575114340 "
}
==[API call]==
exit status: 0
==[Step 3]==
status: 200
nonce: 0101QTAPv-kwEkHViQUWitMIHJOj158JqNVFiXca-4sW7cw
url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/92670702650/iG3GuA
token: EJ0ANjMQN_IhutitZCWHj6RPiXsWQUJOYrgrRn0nYi8
answer: HTTP/2 200
server: nginx
date: Tue, 29 Mar 2022 13:39:10 GMT
content-type: application/json
content-length: 797
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0101QTAPv-kwEkHViQUWitMIHJOj158JqNVFiXca-4sW7cw
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "citra.nredes.dev"
},
"status": "pending",
"expires": "2022-04-05T13:39:10Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92670702650/iG3GuA ",
"token": "EJ0ANjMQN_IhutitZCWHj6RPiXsWQUJOYrgrRn0nYi8"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92670702650/pqnl6A ",
"token": "EJ0ANjMQN_IhutitZCWHj6RPiXsWQUJOYrgrRn0nYi8"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92670702650/IxEM0Q ",
"token": "EJ0ANjMQN_IhutitZCWHj6RPiXsWQUJOYrgrRn0nYi8"
}
]
}
==[API call]==
exit status: 0
==[Step 5]==
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/92670702650/iG3GuA ",
"token": "EJ0ANjMQN_IhutitZCWHj6RPiXsWQUJOYrgrRn0nYi8"
}
==[API call]==
exit status: 0
==[Step 5]==
status: 400
nonce: 0001OBwc1tspiZkPjVp_yunQkOV4lIwmvFI6U5ro-Mgwh3Y
validation:
details: Unable to update challenge :: authorization must be pending
answer: HTTP/2 400
server: nginx
date: Tue, 29 Mar 2022 13:39:20 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 469244510
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0001OBwc1tspiZkPjVp_yunQkOV4lIwmvFI6U5ro-Mgwh3Y
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}
==[Abort Step 5]==
=> Wrong status
rg305
March 29, 2022, 11:58pm
10
You are NOT listening.
You are NOT understanding.
The DNS for your domain is broken .
When the domain DNS is broken , the DNS for all subdomains will also be broken .
1 Like