Log files refer to ::1...GET /api/passphrase

Hi everybody,

I just installed Let's Encrypt certificates on two machines recently and apparently everything is working correctly.
The two machines (iMac, and MacMini) use High Sierra MacOS.
One of the machines (iMac) hosts just one site.
The other (Mac mini) hosts three sites.

Looking at the access_logs, there are differences I don't understand.

The iMac (one site only), appears to call regularly /api/passphrase and /api/license/timestamp/ which are noted with a code 404.

::1 - - [16/Feb/2021:02:46:36 +0100] "GET /api/passphrase HTTP/1.1" 404 212
::1 - - [16/Feb/2021:02:46:37 +0100] "GET /api/license/timestamp/53a4c0c0e4b0f503bd6e4368 HTTP/1.1" 404 244
::1 - - [16/Feb/2021:03:45:17 +0100] "GET /api/passphrase HTTP/1.1" 404 212

There are no such connections in the MacMini log (which hosts many sites).

What could be the problem ?

Thanks.

1 Like

::1 is the IPv6 localhost address; it can only be reached by itself.

That said, I don't know what the problem can be.
You may need to add some more detail to your logs; In order to see the exact FQDN that is trying to be reached.

1 Like

Hi @eddyk

please explain: Why should that be a Letsencrypt relevant question?

Letsencrypt doesn't use these folders.

1 Like

This is not related to Let's Encrypt at all, and is (as @rg305 mentioned) some software application running on your machine, but not one that has to do with your certificate.

I did some searches and found that some other people mainly on Windows asked on other forums about these same requests, but were never able to identify what was causing them. I'm afraid I don't know enough about macOS to suggest a command that could let you identify the process easily.

I guess you could try to make a CGI script that runs under the path /api/passphrase and that logs additional information from a command like ss -pt (on the basis that the program that created the local connection will still be running while it waits for the reply from the server).

2 Likes

Here is a very similar (unanswered) question from August 2019:

Which only provides the clue "V4+agent/1.0"

It kind of looks like some failed exploit attempt.
If such, then I would be really concerned since it is originating from you own system.

1 Like

Hi JuergenAuer,
These curious calls from one of my machines itself are not honoured as these directories do not exist; it is also shown by the 404 http code.
They appeared immediately after I installed HomeBrew to use Certbot on the machines to install Let's Encrypt certificats.
Now, HomeBrew installed on macOS High Sierra is not recommended anymore and not supported by HomeBrew or Apple.

Blockquote
==> You are using macOS 10.13.
==> We (and Apple) do not provide support for this old version.
This installation may not succeed.
After installation, you will encounter build failures with some formulae.

Thanks JuergenAuer for confirming Letsencrypt doesn't use these folders.
Many thanks also to rg305 and schoen for useful comments.

BTW, as of today, these calls have completely disappeared.
I will keep digging to try to understand where they came from.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.