Terraform ACME provider 403 error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vpn.example.paidycdn.com

I ran this command: I am using Terraform acme provider with acme_certificate and acme_registration for several domains. This setup worked for the past few weeks. Since yesterday when running terraform apply on some of the domains I receive 403 error. Now I cannot modify or destroy certificates.

It produced this output:

Error I am receiving in Terraform is

acme_registration.reg: acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Account is not valid, has status “deactivated”

My web server is (include version): OpenVPN Access Server AWS AIM appliance

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi @dmytro,

It sounds like the Terraform ACME plugin deactivated its own account, probably as a result of a terraform destroy operation? I haven't used the Terraform ACME plugin personally so I'm largely speculating. I believe this ACME client can be fairly aggressive about deactivating resources and revoking certificates when instructed to tear down its own resources.

Since there's no way in ACME to "re-activate" an account I recommend you try to find a way to clear your state and start fresh with a new ACME account. Unless there is a helpful Terraform ACME user in the forum who can add more concrete suggestions to this thread it might be a good idea to ask this question in a more Terraform-focused venue.

Good luck!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.