Renewing cert times out


#1

My domain is: dlld.org

I ran this command:
/bin/certbot -d certonly “*.dlld.org” -d dlld.org --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -a dns-rfc2136 --dns-rfc2136-propagation-seconds 30 --keep-until-expiring --dns-rfc2136-credentials /etc/credentials.org

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-rfc2136, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for dlld.org
dns-01 challenge for dlld.org

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): Cenbtos Version 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

My cert expires in 10 days and I would like to get it fixed before then.
tail end of the letsencrypt log
2019-03-20 12:50:11,468:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz/XJVFcd_VZj4I54NTO9KWXZrYWF1PSJp-KjKMkPA6yuk HTTP/1.1” 200 419
2019-03-20 12:50:11,469:DEBUG:acme.client:Received response:
HTTP 200
content-length: 419
expires: Wed, 20 Mar 2019 19:50:11 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
pragma: no-cache
boulder-requester: 31894286
date: Wed, 20 Mar 2019 19:50:11 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: TYUrgMB9_PIPhxwkDZPXCAeF5xdtVozMXHs1vz1AhN8

{
“identifier”: {
“type”: “dns”,
“value”: “dlld.org
},
“status”: “pending”,
“expires”: “2019-03-27T15:50:59Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/XJVFcd_VZj4I54NTO9KWXZrYWF1PSJp-KjKMkPA6yuk/13852286324”,
“token”: “gMwfyNmh7E6FUOokGR0tCjoxvYINyTJUvdALbx2pDT0”
}
],
“wildcard”: true
}
2019-03-20 12:50:11,470:DEBUG:acme.client:Storing nonce: TYUrgMB9_PIPhxwkDZPXCAeF5xdtVozMXHs1vz1AhN8
2019-03-20 12:50:11,470:INFO:certbot.auth_handler:Performing the following challenges:
2019-03-20 12:50:11,471:INFO:certbot.auth_handler:dns-01 challenge for dlld.org
2019-03-20 12:50:11,471:INFO:certbot.auth_handler:dns-01 challenge for dlld.org


#2

Where is the timeout message? Or does it sit on that final line indefinitely?

Could you share your credentials file (with the secret redacted)?

Can you perform a manual nsupdate from the same server where Certbot is installed, using those same credentials successfully?


#3

It sat on the line forever.
Boy do I feel dumb.
I see why now, I moved the servers from in house to the cloud and didn’t change dns server ip addresses.
Thanks for getting me to look in the credential files. I looked at them but didn’t see the ip until I pasted it her\e.

Target DNS server

dns_rfc2136_server = 192.168.0.178

TSIG key name

dns_rfc2136_name = Kdlld.org.tsig.+165+39322.key.

TSIG key secret

dns_rfc2136_secret = Secret

TSIG key algorithm

dns_rfc2136_algorithm = HMAC-SHA512


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.