I keep getting new challenges


#1

We are getting Let’s Encrypt certificates for different domains via REST API for about half a year (should be round about 100 certs by now, so it worked for about 99% of all cases now xD ) and now, for one domain we keep getting new Challenges: de.store.asus.com

The workflow is always the following:
I check the challenges,
solve the http-01 challenge,
verify the challenge internally (basically a curl to get the file and then I check the content before I answer the challenge),
answer the challenge,
check for challenges again.
If the status is now valid, I order the certificate and save it
If, however, I now get a new set of challenges and the status is still pending, I start again from step 2 with the new http-01 challenge.

This worked great until now, but for the domain de.store.asus.com I more or less run into something like an endless loop here (we’re talking over 400 solved challenges now and I keep getting new ones).

Any suggestions why I keep getting new challenges with my workflow and how I can solve this once and for all without it taking weeks :wink: ?


#3

There seems to be a CAA issue:
https://letsdebug.net/de.store.asus.com/546?debug=y
shows:

;; QUESTION SECTION:
;asus.com.                      IN      CAA

;; ANSWER SECTION:
asus.com.               86399   IN      CAA     0 issue "globalsign.com"
asus.com.               86399   IN      CAA     0 iodef "mailto:dns_admin@asus.com"

So the root domain CAA record seems to be blocking your subdomain.


#4

Thank you very much =)


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.