Hello
I’m selhosted on a raspbian, and i use LE since the begin of 2017.
I have 5 subdomains and i can renew 3 of them without any problems.
problem solved :
Just a problem with my fail2ban jail (only somes IP was rejected by iptables).
sorry for the disturbance
You’re not stopping your Apache server, are you?
When I try against your domains, I’m correctly getting 404 errors on the authorizations, rather than timeouts.
e.g. https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/252277
Seems to work fine. Your Apache server needs to be running while acme.sh runs.
Yes, i’m running Apache when i run acme.sh
This is the same context when i renew the 3 other subdomains successfully.
I don’t know if you’ve done so already, but have you tried again?
It may have been an intermittent network issue or even a CPU stall on the rpi due to busyness (Let’s Encrypt will only wait 10 seconds fora response). My own repeated attempts against even v1 production ACME server still do not give a timeout.
i’m trying again, but i have the same result/error.
That’s a week i’m trying to renew those two certificates. 
with a --renew and a --debug 2:
/home/pi/acme.sh/acme.sh --renew -d stream.ubiklain.fr -w /var/www/xbmc-video-server/ --certpath /etc/letsencrypt/live/stream.ubiklain.fr/cert.pem --keypath /etc/letsencrypt/live/stream.ubiklain.fr/privkey.pem --fullchainpath /etc/letsencrypt/live/stream.ubiklain.fr/fullchain.pem --force --debug 2
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Lets find script dir.
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _SCRIPT_='/home/pi/acme.sh/acme.sh'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _script='/home/pi/acme.sh/acme.sh'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _script_home='/home/pi/acme.sh'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Using config home:/usr/local/share/acme.sh
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] LE_WORKING_DIR='/usr/local/share/acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.4
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Using config home:/usr/local/share/acme.sh
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] DOMAIN_PATH='/usr/local/share/acme.sh/stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Renew: 'stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Using config home:/usr/local/share/acme.sh
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[mercredi 4 avril 2018, 00:55:30 (UTC+0200)] Le_NextRenewTime
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _on_before_issue
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] '/var/www/xbmc-video-server/' does not contain 'no'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Le_LocalAddress
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Check for domain='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _currentRoot='/var/www/xbmc-video-server/'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] '/var/www/xbmc-video-server/' does not contain 'apache'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _saved_account_key_hash='WPbROQehKMFVmnRJaVhCI7jdxLO2ZhwvwojUiN34ztM='
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _saved_account_key_hash is not changed, skip register account.
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Read key length:
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _createcsr
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] domain='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] domainlist
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] csrkey='/usr/local/share/acme.sh/stream.ubiklain.fr/stream.ubiklain.fr.key'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] csr='/usr/local/share/acme.sh/stream.ubiklain.fr/stream.ubiklain.fr.csr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] csrconf='/usr/local/share/acme.sh/stream.ubiklain.fr/stream.ubiklain.fr.csr.conf'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Single domain='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _is_idn_d='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _idn_temp
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _csr_cn='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Getting domain auth token for each domain
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] ok, let's start to verify
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] Verifying:stream.ubiklain.fr
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] d='stream.ubiklain.fr'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] keyauthorization='wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _currentRoot='dns'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] tigger domain validation.
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] _t_key_authz='wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] payload='{"resource": "challenge", "keyAuthorization": "wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM"}'
[mercredi 4 avril 2018, 00:55:31 (UTC+0200)] RSA key
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] GET
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] url='https://acme-v01.api.letsencrypt.org/directory'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] timeout
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] _CURL='curl -L --silent --dump-header /usr/local/share/acme.sh/http.header --trace-ascii /tmp/tmp.TbhFQB8d3R '
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] ret='0'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: bnWmI_nuNwILro8eNqETGXq6WdolJos1GD1B1cKWzlE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 03 Apr 2018 22:55:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 03 Apr 2018 22:55:32 GMT
Connection: keep-alive
'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] _CACHED_NONCE='bnWmI_nuNwILro8eNqETGXq6WdolJos1GD1B1cKWzlE'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] nonce='bnWmI_nuNwILro8eNqETGXq6WdolJos1GD1B1cKWzlE'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] POST
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "8r7z2FcmWDwaujOmz4nCDX8e-9D2MpFeNBX2HBFdGsm9Tw8GqGByLyMYrah1QWasDpxqy17NvNsDG5gjZrgbjRrlPjv82rAPRqFjDRRH6haSLcHr8iVFUEbWsZ5BbIenW2OLVRfHSUOp7N6wzGGLEUPCjhYZAgY64OghmtkjZEde_KcigQkset0PgArLbAzlJdqQIhoyjileL4A94x3ZUAQAdeA86pGVM498Hj2_F3JQku8MV8KXkgIm-yUVxkKkbCStUw3jnaEJGRbeo1QE_iJUHUGteIU9IEaQgPpIUcO-Bnya30jA1tJ6dxxWELIxPrZGEhMvee2mXQuKdUwAWw"}}, "protected": "eyJub25jZSI6ICJibldtSV9udU53SUxybzhlTnFFVEdYcTZXZG9sSm9zMUdEMUIxY0tXemxFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvRGgwclF4WjJhd24xQ2ZnMk9Gb2o4aVBDdmJPTVJzS0ZXbVVfSnRsSWJfQS80MDYzNzQxMjc1IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiOHI3ejJGY21XRHdhdWpPbXo0bkNEWDhlLTlEMk1wRmVOQlgySEJGZEdzbTlUdzhHcUdCeUx5TVlyYWgxUVdhc0RweHF5MTdOdk5zREc1Z2pacmdialJybFBqdjgyckFQUnFGakRSUkg2aGFTTGNIcjhpVkZVRWJXc1o1QmJJZW5XMk9MVlJmSFNVT3A3TjZ3ekdHTEVVUENqaFlaQWdZNjRPZ2htdGtqWkVkZV9LY2lnUWtzZXQwUGdBckxiQXpsSmRxUUlob3lqaWxlTDRBOTR4M1pVQVFBZGVBODZwR1ZNNDk4SGoyX0YzSlFrdThNVjhLWGtnSW0teVVWeGtLa2JDU3RVdzNqbmFFSkdSYmVvMVFFX2lKVUhVR3RlSVU5SUVhUWdQcElVY08tQm55YTMwakExdEo2ZHh4V0VMSXhQclpHRWhNdmVlMm1YUXVLZFV3QVd3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJ3UjVpb1FPMzFzZEVFV3FfRW15dXlUSXpjUlJVRnpGemJLX0JnXzNCeUQ4LnFnVng1RG9mbjRHcHRwSlo4dTNvT3VpZ09HQTY5R21TMURiR3BpNnJ0ZE0ifQ", "signature": "FQmliCMe-b0gztWbvAfn4TOlmuYYI4TmzNOxTXdxDFUpHWUwkJoVSq_8jKSs62UtVnhbGJDxIUoLynvvLAkZPoj_j0Hw1-x-ns-uZmv3L0ZqKPYx9TzcD_J5s_R7Si0FxZum-XedSsaQGJzkoDFQp5DTfYL7CThBdKt8HjoGjn4kvWJq97AtzmSu-3BYxgqa-Q3UBevJZf7ydH_Nr3ZEWSTBriAe5FYTmF7OkNJE3NMJK1uPNAzeeQWUkgU33y3rxSJ5-4wx_xLq00qV1b_0_q6H4PWdymatlM-hF20cjbywOCqqWgzwkoOokP61uIedLuHwsDfkHbLytOL8womETQ"}'
[mercredi 4 avril 2018, 00:55:32 (UTC+0200)] _CURL='curl -L --silent --dump-header /usr/local/share/acme.sh/http.header --trace-ascii /tmp/tmp.8d7lCtYq25 '
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] _ret='0'
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] original='{
"type": "urn:acme:error:malformed",
"detail": "Unable to update challenge :: authorization is not pending",
"status": 400
}'
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 03 Apr 2018 22:55:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 131
Boulder-Requester: 26523141
Replay-Nonce: GqzCx3oGfSFEXG_z14mm4RZzK1gprLzSl8u3G9OKe_s
Expires: Tue, 03 Apr 2018 22:55:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 03 Apr 2018 22:55:33 GMT
Connection: close
'
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: authorization is not pending","status": 400}'
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] code='400'
[mercredi 4 avril 2018, 00:55:33 (UTC+0200)] stream.ubiklain.fr:Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: authorization is not pending","status": 400}
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] Skip for removelevel:
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] pid
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] No need to restore nginx, skip.
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _clearupdns
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] skip dns.
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _on_issue_err
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] Please check log file for more details: /usr/local/share/acme.sh/acme.sh.log
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _chk_vlist='stream.ubiklain.fr#wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM#https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275#dns-01#dns,'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] start to deactivate authz
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] tigger domain validation.
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _t_key_authz='wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] payload='{"resource": "challenge", "keyAuthorization": "wR5ioQO31sdEEWq_EmyuyTIzcRRUFzFzbK_Bg_3ByD8.qgVx5Dofn4GptpJZ8u3oOuigOGA69GmS1DbGpi6rtdM"}'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] Use cached jwk for file: /usr/local/share/acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] Use _CACHED_NONCE='GqzCx3oGfSFEXG_z14mm4RZzK1gprLzSl8u3G9OKe_s'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] nonce='GqzCx3oGfSFEXG_z14mm4RZzK1gprLzSl8u3G9OKe_s'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] POST
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Dh0rQxZ2awn1Cfg2OFoj8iPCvbOMRsKFWmU_JtlIb_A/4063741275'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "8r7z2FcmWDwaujOmz4nCDX8e-9D2MpFeNBX2HBFdGsm9Tw8GqGByLyMYrah1QWasDpxqy17NvNsDG5gjZrgbjRrlPjv82rAPRqFjDRRH6haSLcHr8iVFUEbWsZ5BbIenW2OLVRfHSUOp7N6wzGGLEUPCjhYZAgY64OghmtkjZEde_KcigQkset0PgArLbAzlJdqQIhoyjileL4A94x3ZUAQAdeA86pGVM498Hj2_F3JQku8MV8KXkgIm-yUVxkKkbCStUw3jnaEJGRbeo1QE_iJUHUGteIU9IEaQgPpIUcO-Bnya30jA1tJ6dxxWELIxPrZGEhMvee2mXQuKdUwAWw"}}, "protected": "eyJub25jZSI6ICJHcXpDeDNvR2ZTRkVYR196MTRtbTRSWnpLMWdwckx6U2w4dTNHOU9LZV9zIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvRGgwclF4WjJhd24xQ2ZnMk9Gb2o4aVBDdmJPTVJzS0ZXbVVfSnRsSWJfQS80MDYzNzQxMjc1IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiOHI3ejJGY21XRHdhdWpPbXo0bkNEWDhlLTlEMk1wRmVOQlgySEJGZEdzbTlUdzhHcUdCeUx5TVlyYWgxUVdhc0RweHF5MTdOdk5zREc1Z2pacmdialJybFBqdjgyckFQUnFGakRSUkg2aGFTTGNIcjhpVkZVRWJXc1o1QmJJZW5XMk9MVlJmSFNVT3A3TjZ3ekdHTEVVUENqaFlaQWdZNjRPZ2htdGtqWkVkZV9LY2lnUWtzZXQwUGdBckxiQXpsSmRxUUlob3lqaWxlTDRBOTR4M1pVQVFBZGVBODZwR1ZNNDk4SGoyX0YzSlFrdThNVjhLWGtnSW0teVVWeGtLa2JDU3RVdzNqbmFFSkdSYmVvMVFFX2lKVUhVR3RlSVU5SUVhUWdQcElVY08tQm55YTMwakExdEo2ZHh4V0VMSXhQclpHRWhNdmVlMm1YUXVLZFV3QVd3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJ3UjVpb1FPMzFzZEVFV3FfRW15dXlUSXpjUlJVRnpGemJLX0JnXzNCeUQ4LnFnVng1RG9mbjRHcHRwSlo4dTNvT3VpZ09HQTY5R21TMURiR3BpNnJ0ZE0ifQ", "signature": "celw4YORAx_prJmpYg6Ffl-7qlxKkX3AW6F2rqWlRlNMcFTGNgHZNoeE_1oIbPjLW8ecvK6Z-fYbqegrsT_fnf6GJNkEUYnlwtp-EUFicTaSCR6cUuX7t78quFX7hqY9ZZpe21N6MkqmO2JRyt4SayP0gDKpZHaiHKl-MbvtFgmZtoAolK5QJuYnhHB7IZgEv5b8lS3gVCZRXyfXmk-_aXDNQX-TjtpnAEu13bhzp0yIllUc8gcnWl0Ku5J_9f9HJGTE_6Qam-fad8BxxHyaRXHGQ-3aaQx_DL5WDKvdaWeParbqVGTf7mBL1N-5gsxdLtab-jgqo0FtnjkLXRNeOg"}'
[mercredi 4 avril 2018, 00:55:34 (UTC+0200)] _CURL='curl -L --silent --dump-header /usr/local/share/acme.sh/http.header --trace-ascii /tmp/tmp.WItAmSlR7x '
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] _ret='0'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] original='{
"type": "urn:acme:error:malformed",
"detail": "Unable to update challenge :: authorization is not pending",
"status": 400
}'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 03 Apr 2018 22:55:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 131
Boulder-Requester: 26523141
Replay-Nonce: 62UsJ-vqURGY4tsl_3XHwCfqCIyyHaVFnz9URJjU1bE
Expires: Tue, 03 Apr 2018 22:55:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 03 Apr 2018 22:55:35 GMT
Connection: close
'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: authorization is not pending","status": 400}'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] code='400'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] '/var/www/xbmc-video-server/' does not contain 'dns'
[mercredi 4 avril 2018, 00:55:35 (UTC+0200)] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1t 3 May 2016
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIXOK thanks,
FYI, i have the same problem with certbot-auto
Hi @ubiklain,
I’ve tested it a few times from different locations and I’m getting random timeouts too:
$ for i in {1..5};do echo "######## Test $i ########";curl -ikL -m 10 http://stream.ubiklain.fr/.well-known/acme-challenge/test ; echo -e "######## End test $i ########\n";done
######## Test 1 ########
HTTP/1.1 200 OK
Date: Tue, 03 Apr 2018 23:20:38 GMT
Server: Apache/2.4.10 (Raspbian)
Last-Modified: Sat, 24 Mar 2018 18:04:34 GMT
ETag: "6-5682c5f8caff6"
Accept-Ranges: bytes
Content-Length: 6
test
######## End test 1 ########
######## Test 2 ########
curl: (28) Connection timed out after 10000 milliseconds
######## End test 2 ########
######## Test 3 ########
HTTP/1.1 200 OK
Date: Tue, 03 Apr 2018 23:20:48 GMT
Server: Apache/2.4.10 (Raspbian)
Last-Modified: Sat, 24 Mar 2018 18:04:34 GMT
ETag: "6-5682c5f8caff6"
Accept-Ranges: bytes
Content-Length: 6
test
######## End test 3 ########
######## Test 4 ########
curl: (28) Connection timed out after 10000 milliseconds
######## End test 4 ########
######## Test 5 ########
HTTP/1.1 200 OK
Date: Tue, 03 Apr 2018 23:20:59 GMT
Server: Apache/2.4.10 (Raspbian)
Last-Modified: Sat, 24 Mar 2018 18:04:34 GMT
ETag: "6-5682c5f8caff6"
Accept-Ranges: bytes
Content-Length: 6
test
######## End test 5 ########
I don’t know whether it is your connection, a CPU issue or a faulty SD card… but the timeouts are real.
Keep trying.
Good luck,
sahsanu
That’s very weird, because i’m trying again and again for a week and i have only the problem on this two domains.
If i run a --renew on another subdomain it’s work fine on first try.
My RPi is OK, my FileSystem is on a SSD and not on SD Card and my friends/family can access anytime without failure on my vhosts (without ssl for the two with certificate problem).
Thanks for your advices.
upgrade to the latest acme.sh v2.7.9
Thanks for your reply @Neilpang
I tried to upgrade :
./acme.sh --upgrade
[mercredi 4 avril 2018, 18:30:43 (UTC+0200)] Installing from online archive.
[mercredi 4 avril 2018, 18:30:43 (UTC+0200)] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[mercredi 4 avril 2018, 18:30:44 (UTC+0200)] Extracting master.tar.gz
[mercredi 4 avril 2018, 18:30:44 (UTC+0200)] Installing to /home/pi/.acme.sh
[mercredi 4 avril 2018, 18:30:45 (UTC+0200)] Installed to /home/pi/.acme.sh/acme.sh
[mercredi 4 avril 2018, 18:30:45 (UTC+0200)] Installing alias to '/home/pi/.bashrc'
[mercredi 4 avril 2018, 18:30:45 (UTC+0200)] OK, Close and reopen your terminal to start using acme.sh
[mercredi 4 avril 2018, 18:30:45 (UTC+0200)] Good, bash is found, so change the shebang to use bash as preferred.
[mercredi 4 avril 2018, 18:30:46 (UTC+0200)] OK
[mercredi 4 avril 2018, 18:30:46 (UTC+0200)] Install success!
[mercredi 4 avril 2018, 18:30:46 (UTC+0200)] Upgrade success!
pi@raspberrypi mer. avril 04 18:30:46 ~/acme.sh
./acme.sh --version
https://github.com/Neilpang/acme.sh
v2.7.4
Still 2.7.4
So i manually pull origin from github :
git pull origin master
and i’m on 2.7.8 now :
./acme.sh --version
https://github.com/Neilpang/acme.sh
v2.7.8
Where can i find the 2.7.9 ? in another branch ?
With 2.7.8, i have the same problems, the 2 subdomains are timeout but i can access to the acme challenge :
http://stream.ubiklain.fr/.well-known/acme-challenge/2UoGGVjJOWZqaoOjr9Zy4nVG4NjCgRxoZp5Rk7MafZ4
Thank you
please try again with the master now.
Thanks.
it was iptables who banned some IP.
problem solved
report issue on github, and paste the full log with --debug 2.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.