Vigor2960 [handle_reg_response] The same ip registered too many times

Help Aide (en français)
1

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, https://crt.sh/?q=example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais : Oui

Mon nom de domaine est : corniche.rabozee.net

J’ai exécuté cette commande : I have a Draytek Vigor 2960 router. It includes a Let’s Encrypt automated client which I configure to generate a lets encrypt certificate for accessing the Draytek (my WAN address is 95.182.214.55

Elle a produit cette sortie :
2019/12/09 22:10:25 : >>>> Let’s encrypt issue …
2019/12/09 22:10:26 : >>>> [DDNS Profile : ddns4 ] start issue …
2019/12/09 22:10:26 : Looking up for let’s encrypt server…
2019/12/09 22:10:27 : Get Agreement URL : https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019/12/09 22:10:27 : Gernerate RSA KEY…
2019/12/09 22:10:50 : Connect to register server…
2019/12/09 22:10:52 : [handle_reg_response]Bad HTTP : 403
2019/12/09 22:10:52 : [handle_reg_response]The same ip registered too many times.
2019/12/09 22:10:52 : Error: failed to register acme server.
2019/12/09 22:12:08 : >>>> Wait about 51 min to try renew certificate : ddns4 again

Up till now, for 2 years at least, I got no issue of this kind. I have also a Synology behind the same IP but normally its certificate is renewed at several weeks from the Draytek’s one so no overload here.

Mon serveur Web est (inclure la version) : Draytek router operating system

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : Draytek linux system (I guess)

Mon hébergeur, le cas échéant, est : n/a

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : n/a

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : n/a

Can you take a look and maybe point out what do I do wrong suddenly (as I said, everything is fine since several years, my configuration did not change with respect to the Draytek and the Synology, , but since November 2019, the Draytek does not succeed receiving a renewal for my certificate).

Regards,
Michel

2

I believe this error message is the Draytek software misinterpreting the error condition from Let’s Encrypt.

In November 2019, the “old” version of the Let’s Encrypt API was disabled for new registrations. You can find more information on the topic here: End of Life Plan for ACMEv1 .

If the Draytek software has not been updated to use the new Let’s Encrypt ACMEv2 API, then that part of the router’s functionality will no longer work.

This answer is speculative, but I think given the error message and that you mention November specifically, it is a likely explanation.

1 Like
3

Oh, I see… According to the logs I extracted from the router, the issue began on 11-NOV-2019. Hence your explanation fits. And for now, I did not get a firmware update :frowning:

Will it be the same story for my Synology ? It runs the latest DSM, and when I execute “/usr/syno/sbin/syno-letsencrypt renew-all -v” I receive a valid answer (my certificate there is still valid till 28-JAN-2020).

DEBUG: Issuer name of certificate. [Let’s Encrypt]->[/usr/syno/etc/certificate/_archive/sO4LSq/cert.pem]
DEBUG: cert is not expired. [/usr/syno/etc/certificate/_archive/sO4LSq]

Is this meaning the Synology already uses the correct ACME version ? Or will I only see that on 28-DEC-2019 when the renewing process will start ?

Thank you !

4

I believe that Synology have kept their Let’s Encrypt integration up to date, yes. You should not have any problems with DSM.

5

Thank you ! I will try to contact Draytek :slight_smile: Wish me luck!

2 Likes
6

Hi !

A quick feedback for anyone concerned:

I successfully contacted Draytek; they have a beta firmware (1.5_beta) in development for the Vigor2960

It resolves the ACMEv1 no more supported issue !

LOG:
2019/12/10 11:26:16 : >>>> Let’s encrypt issue …
2019/12/10 11:26:16 : >>>> [DDNS Profile : ddns4 ] start issue …
2019/12/10 11:26:16 : Looking up for let’s encrypt server…
2019/12/10 11:26:17 : Get Agreement URL : https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019/12/10 11:26:17 : Gernerate RSA KEY…
2019/12/10 11:26:44 : Connect to server and creating new account…
2019/12/10 11:26:46 : Request a challenge for the given domain name…
2019/12/10 11:26:46 : Domain Name : corniche.rabozee.net
2019/12/10 11:26:47 : Start authentication!
2019/12/10 11:26:48 : Start to CHNG!
2019/12/10 11:26:51 : Key pair validation success
2019/12/10 11:26:56 : Domain verify # 1
2019/12/10 11:26:57 : Domain verify success…
2019/12/10 11:26:57 : Start Issue
2019/12/10 11:27:08 : Let’s Encrypt process is running… 51 sec
2019/12/10 11:27:16 : Generating certificate success
2019/12/10 11:27:17 : Sending certificate signing requset…
2019/12/10 11:27:17 : Downloading certificate from server…
2019/12/10 11:27:19 : Certificate updated successfully.
2019/12/10 11:27:19 : Start import certificate…
2019/12/10 11:27:20 : Certificate IMPORT finished!!

3 Likes