goury
October 21, 2022, 3:16pm
1
https://acme-v02.api.letsencrypt.org/acme/chall-v3/167099611386/e_WE9A
My domain is: megumin.ninamori.org
I ran this command: acme-nginx -o secret/megumin.ninamori.org.pem --domain-private-key secret/megumin.ninamori.org.key --domain megumin.ninamori.org --domain www.megumin.ninamori.org --virtual-host /etc/nginx/conf.d/0-letsencrypt.conf
It produced this output: https://acme-v02.api.letsencrypt.org/acme/chall-v3/167099611386/e_WE9A
My web server is (include version): Nginx 1.18.0
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: 163.172.189.79
I can login to a root shell on my machine (yes or no, or I don't know): I own it
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.3.2
WTF?
Server does respond correctly and there's no problems with hundreds domains I certify the same way on the same server.
What is going on?
UPD: nginx bad, acme-nginx bad too, will patch.
Thanks everybody and special thanks to Osiris.
\(^∀^)メ(^∀^)ノ
2 Likes
goury
October 21, 2022, 3:24pm
2
1 Like
Hello @goury , welcome to the Let's Encrypt community.
goury:
Certbot): 0.3.2
That is a very old version of Certbot
And to assist with debugging there is a great place to start is Let's Debug .
2 Likes
goury
October 21, 2022, 3:46pm
4
https://acme-v02.api.letsencrypt.org/acme/chall-v3/167110496686/CZg3cQ
ლ(ಠ_ಠლ)
very old version of Certbot
I ran this command: acme-nginx
Do you even read?
UPD: so I was frustrated and my point was that I said that I am using a different tool and also done this initial debugging, but now I feel ahsamed for being slightly aggressive.
Let it be a lesson to me and let it shame me forever.
4 Likes
goury:
Do you even read?
Yes. Here is it's contents:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "163.172.189.79: Invalid response from http://megumin.ninamori.org/.well-known/acme-challenge/RUza89uyOihewga4LMt3XvfuJuPDrtBbzX07ehXGklI: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/167110496686/CZg3cQ",
"token": "RUza89uyOihewga4LMt3XvfuJuPDrtBbzX07ehXGklI",
"validationRecord": [
{
"url": "http://megumin.ninamori.org/.well-known/acme-challenge/RUza89uyOihewga4LMt3XvfuJuPDrtBbzX07ehXGklI",
"hostname": "megumin.ninamori.org",
"port": "80",
"addressesResolved": [
"163.172.189.79"
],
"addressUsed": "163.172.189.79"
}
],
"validated": "2022-10-21T15:44:55Z"
}
2 Likes
Did you read the above?
Here is what I see for the URL
Which means you are not serving up the Challenge Response.
2 Likes
goury
October 21, 2022, 4:04pm
8
That's a lie, it was there when it was challenging
https://acme-v02.api.letsencrypt.org/acme/chall-v3/167113372046/sqKS0g
Am I supposed to keep this challenge file forever?
Can you please stop falsely blaming me?
1 Like
No, not at all; but can be helpful during debugging to keep the file around for a bit of time.
2 Likes
Also testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).
2 Likes
I am not falsely blaming anyone, merely showing my observations.
2 Likes
goury
October 21, 2022, 4:08pm
12
I've tried both and there's no difference.
It fails to verify challenge for this particular domain and not any other domain.
1 Like
How do the domains differ?
3 Likes
goury
October 21, 2022, 4:14pm
14
They don't, except that it worked for those other domains many times in the past.
I'll keep this one for a while:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/167114680006/AcGs3w
1 Like
goury:
They don't
So they are identical and the same exact domain is what you are telling me.
3 Likes
goury
October 21, 2022, 4:21pm
16
You can have ninamori.org and eri.ninamori.org as an example.
The only difference is in the names.
1 Like
Both ninamori.org and eri.ninamori.org are presently having IP Addressing issues with https://letsdebug.net/ HTTP-01 Challenge.
Let's Debug
Let's Debug
Presently I have seeing another on this forum today with the same https://letsdebug.net/ HTTP-01 Challenge issue.
Here: IP blocked? (New server, new IP, just in setup phase)
Possible there is an Internet issue causing some wider troubles.
Obviously I am not providing the help you seek, I am going to sit on the sidelines now.
Please wait for another, more helpful, community volunteer's assistance.
2 Likes
goury
October 21, 2022, 4:31pm
18
It seems someone've changed server's ipv6 address, but this shouldn't be an issue for ipv4-only domains
Yet both IPv4 And IPv6 are having issue presently from https://letsdebug.net/ perspective.
2 Likes
Osiris
October 21, 2022, 4:34pm
20
goury:
ლ(ಠ_ಠლ)
goury:
Do you even read?
While I understand that some IT issues can lead to frustration, please be more considerate to the volunteers on this Community, even if they've got something incorrect.
We're not obliged to help you as volunteers, so a more friendly tone might attract more volunteers to your thread.
5 Likes