Openresty lua fails to renew / re-issue

p5ych0 · October 26, 2019, 11:30am

I’m using openresty with LUA
and since yesterday I’m experiencing troubles getting a certificate

nginx log contains the following lines

2019/10/26 11:25:53 [error] 772#772: *92 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=bf75b46a196d22066bf75b46a196d22066bf75b46a196d22066 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain freeroll.khelo365.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
# INFO: Using additional config file /etc/resty-auto-ssl/letsencrypt/conf.d/custom.sh
err:
Error retrieving terms of service from certificate authority.
Please set LICENSE in config manually.
, context: ssl_certificate_by_lua*, client: 63.143.42.247, server: 0.0.0.0:443
2019/10/26 11:25:53 [error] 772#772: *92 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 63.143.42.247, server: 0.0.0.0:443

“dehydrated” has not been overriden.

any ideas how to resolve this issue?

JuergenAuer · October 26, 2019, 11:36am

Hi @p5ych0

I don't know how that client works. But that looks you should update your client.

Or check

https://acme-v02.api.letsencrypt.org/directory

there is the url of the "termsOfService". Perhaps you can change your config file manual.

p5ych0 · October 26, 2019, 11:43am

my current values are

CA=“https://acme-v01.api.letsencrypt.org/directory”

Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms)

CA_TERMS=“https://acme-v01.api.letsencrypt.org/terms”

Path to license agreement (default: )

#LICENSE=""

changing to v01 didn’t help

JuergenAuer · October 26, 2019, 11:44am

v1 is deprecated. Read

Support ends 2019-10-31. So you should

update your client to use v2 (or, if this isn't possible)
switch to another client

JuergenAuer · October 26, 2019, 11:51am

PS: That's

wrong. Read the v01 - directory, there is another path and file.

p5ych0 · October 26, 2019, 1:57pm

thank you all. updated the client and everything works fine now.
case closed ))

system · November 25, 2019, 1:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Curl returned with 35 error Help	5	1284	January 25, 2023
Can not retrieve terms of service from certificate authority Help	3	820	October 30, 2019
Issuing new certificate failed: dehydrated failure Help	5	3508	October 13, 2018
Renewal with lua-resty-auto-ssl and dehydrated client Help	4	1581	July 17, 2018
Too many registrations for this IP/domains - Error status 429 Help	10	7781	April 29, 2018

Openresty lua fails to renew / re-issue

Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms)

Path to license agreement (default: )

Related topics