Http-01 challenge failing for alternate requests


#1

Hi All,

I’m generating SSLs on the fly for different custom domains and I’m using Staging url for testing purposes.

While testing, HTTP-01 challenge validation requests are going invalid for alternate requests for the same domain name.

I’m doing a Map-> UnMap -> Map.

Here’s a sample url:
https://acme-staging-v02.api.letsencrypt.org/acme/authz/TCy-jnHd9L2xodq_khUN4FmOQuxpA2YhfZmiyBxNj5Y

For the alternate request I’m getting “Remote PerformValidation RPCs failed

The address is resolved for http-01 challenge but still the status is going invalid overall.

I’m not sure if this is related to the latest update somehow. I appreciate any help on this.

Thanks!


#2

Normally, if you get such a result:

type: urn:ietf:params:acme:error:serverInternal
status 500

it’s not your problem. So try it again.


#3

There have been two past threads about this error message:

It’s hard to say what’s wrong – it’s an extremely vague error message!

(But Let’s Encrypt has better server-side logging now, so they can probably figure it out.)

It could be some sort of Let’s Encrypt failure, and it’s worth trying again.

But it could also be an ordinary validation failure – for example, an Internet issue causing DNS resolution of or HTTP requests to your site to time out from one of the VAs – except the error message got eaten.


#4

thanks for you reply. I don;t think it’s an ordinary validation failure.

The DNS changes are intact. I’m just trying to generate the certificates multiple times, so if the domain is verified once - the validation should continue for next requests as well.

I’m able to follow the challenge url and I’m getting the right challenge text back for the failed requests.


#5

thanks.

I guess once the challenge validation is performed, the validation status is permanent.

Is there any option to renew/refresh the challenge for an order? or do I have to place a new order every time for getting another challenge?


#6

A valid authorization is cached for 30 days, but that duration isn’t fixed.

And yes, I believe that a new order is the only way to get a new authz in ACME v2.


#7

No, if the status is invalid, the order can’t longer used.

Yes, you need a new order.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.