Issueing a certificate in letsencrypt_test works, but when running it towards letsencrypt it fails

When I try to issue an certificate, it works all fine when running the acme.sh script towards letsencrypt_test but that gives me a certificate that isnt complete (it is for test purposes) but when I try to run exacly the same command but towards letsencrypt (without _test)

My domain is:djupsund.ax

I ran this command:
acme.sh --debug --force --issue -d ha.djupsund.ax --stateless --server letsencrypt

It produced this output:
[Thu Jan 11 10:45:06 AM EET 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected '
[Thu Jan 11 10:45:06 AM EET 2024] errordetail='The key authorization file from the server did not match this challenge. Expected '
[Thu Jan 11 10:45:06 AM EET 2024] Invalid status, ha.djupsund.ax:Verify error detail:The key authorization file from the server did not match this challenge. Expected
[Thu Jan 11 10:45:06 AM EET 2024] Debug: get token url.
[Thu Jan 11 10:45:06 AM EET 2024] GET

My web server is (include version):haproxy

The operating system my web server runs on is (include version): Almalinux

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

Hi @ZipherX, and welcome to the LE community forum :slight_smile:

Please only use the force when absolutely necessary:

Why are you using acme.sh in --stateless mode?
Are you sure you understand how to use that mode?

It looks like you are using an outdated key.

2 Likes

I took the commands from the instructions (--stateless), I added force to override the certificate generated by the test run, Is ther e a better way?

How do I update the key? and how comes the key works for _test but not the real?

But why are you using --stateless mode?
If you have a working web server, it may be simpler to use that directly OR use webroot as well.

What did those instructions say about that?

Those are two completely separate systems.
They use two separate accounts [and keys].

4 Likes

Im running it with HAProxy and the documentation I found recomended it to be run stateless

OK, so I set up a different account for the prod system and get different keys. I will try that

Thank you, this resolved the issue, i.e. create a prod enviropnment account and use that key instead!
Case solved!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.