Http-01 challenge failing for alternate requests

iamsunny · June 21, 2018, 5:01pm

Hi All,

I’m generating SSLs on the fly for different custom domains and I’m using Staging url for testing purposes.

While testing, HTTP-01 challenge validation requests are going invalid for alternate requests for the same domain name.

I’m doing a Map-> UnMap -> Map.

Here’s a sample url:
https://acme-staging-v02.api.letsencrypt.org/acme/authz/TCy-jnHd9L2xodq_khUN4FmOQuxpA2YhfZmiyBxNj5Y

For the alternate request I’m getting “Remote PerformValidation RPCs failed”

The address is resolved for http-01 challenge but still the status is going invalid overall.

I’m not sure if this is related to the latest update somehow. I appreciate any help on this.

Thanks!

JuergenAuer · June 21, 2018, 6:03pm

Normally, if you get such a result:

type: urn:ietf:params:acme:error:serverInternal
status 500

it's not your problem. So try it again.

mnordhoff · June 21, 2018, 6:12pm

There have been two past threads about this error message:

It's hard to say what's wrong -- it's an extremely vague error message!

(But Let's Encrypt has better server-side logging now, so they can probably figure it out.)

It could be some sort of Let's Encrypt failure, and it's worth trying again.

But it could also be an ordinary validation failure -- for example, an Internet issue causing DNS resolution of or HTTP requests to your site to time out from one of the VAs -- except the error message got eaten.

iamsunny · June 22, 2018, 5:10am

thanks for you reply. I don;t think it’s an ordinary validation failure.

The DNS changes are intact. I’m just trying to generate the certificates multiple times, so if the domain is verified once - the validation should continue for next requests as well.

I’m able to follow the challenge url and I’m getting the right challenge text back for the failed requests.

iamsunny · June 22, 2018, 5:13am

thanks.

I guess once the challenge validation is performed, the validation status is permanent.

Is there any option to renew/refresh the challenge for an order? or do I have to place a new order every time for getting another challenge?

_az · June 22, 2018, 5:26am

A valid authorization is cached for 30 days, but that duration isn't fixed.

And yes, I believe that a new order is the only way to get a new authz in ACME v2.

JuergenAuer · June 22, 2018, 10:34am

No, if the status is invalid, the order can't longer used.

Yes, you need a new order.

system · July 22, 2018, 10:34am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.