Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hi @JuergenAuer This API is returning the error for this specific domain. For other domains its working fine. So API update won’t be an issue I guess. I am using http-01 acme challenge to register the cert.
@JuergenAuer We don’t create these files we are using SNI callback to generate certs on the fly. LetsEncrypt is creating all these files. We are using leStrore to store the generated certs and challanges
Which node library are you using to perform the certificate orchestration? Can you show a minimal standalone piece of code that exhibits the issue? There’s not a lot to go on here, because it comes down to your usage of the library.
@JuergenAuer The logs I got while running letsEncypt in debug mode is this
[le/lib/core.js] checkAsync failed to find certificates
[le/lib/core.js] calling le.acme.getCertificateAsync [ 'docs.gluapi.com' ]
[le/lib/core.js] setChallenge called for 'docs.gluapi.com'
[le/lib/core.js] removeChallenge called for 'docs.gluapi.com'
This log indicates that challenge was successfully created and removed. This log is the same for successful cert generation and for this domain. After this, we get an error as mentioned in the above comments. I checked the challenge token and secret too for both successful and this domain, there is nothing different same strings are generated as token and secret.
@JuergenAuer No, we don’t store any challenge files. We just store token and secret in LeChallenge store which is the database in our case. And the entries from database gets deleted with each cert registration attempt.
@JuergenAuer Also these IP address will not cause any issues as the cname to this domain is pointed to one of the machines. So this domain docs.gluapi.com just have CNAME pointed to some service and there is no A record to this or its parent domain (gluapi.com). Just want to confirm I can generate the certificate using letsEncrypt for this situation?
Hi @JuergenAuer Thanks for providing this information. This removed lot of confusion. I want to know if it is possible to get information from which account these certs have been created. Can we get that information?