Let's Encrypt automatische Verlängerung und IPv6

gpetrov · 1. Juli 2020 um 10:10

Nun, das IPv6-Problem und Let’s Encrypt waren wirklich unklar.

Beim Neuaufbau von Discourse funktionierte alles einwandfrei – ein neues Zertifikat wurde ausgestellt.

Aber die automatische Erneuerung über Let’s Encrypt funktionierte nicht – es kam zu einem Timeout, da die Seite während des Betriebs über IPv6 nicht erreichbar war, damit Let’s Encrypt den .well-known-Ordner überprüfen konnte.

Wir haben auch die Docker-Host-Installation überprüft, und es gab keine ip6tables-Weiterleitungen zum internen Docker-Netzwerk, wie es bei IPv4 der Fall war – obwohl in ip6tables alles erlaubt war …

Wir haben IPv6 auch in den Docker-Host-Einstellungen aktiviert und den Daemon neu gestartet, aber das hat ebenfalls nicht geholfen.

@jomaxro

jomaxro · 1. Juli 2020 um 10:32

Danke, George. Erste Frage: Können Sie bestätigen, dass Sie discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub befolgt haben?

Ich habe gerade eine unserer Digital-Ocean-„selbst gehosteten

gpetrov · 1. Juli 2020 um 10:44

Ja, das haben wir so gemacht. Wir haben Docker zunächst manuell installiert, bevor wir discourse-setup ausgeführt haben.

Das liegt schon eine Weile zurück (2,5 Jahre). Anfangs hat alles problemlos funktioniert – aber ein Jahr später, als wir den AAAA-Eintrag für IPv6 hinzugefügt haben, hörten die automatischen Verlängerungen auf zu funktionieren. Seitdem mussten wir bei jedem Mal discourse rebuild ausführen, um ein neues SSL-Zertifikat zu erhalten.

jomaxro · 1. Juli 2020 um 10:52

Hast du Logs vom Zeitpunkt des fehlgeschlagenen Auto-Updates? Die wären ziemlich hilfreich.

Hast du außerdem vom offiziellen Leitfaden abgewichen? Zusätzlicher Reverse-Proxy? Manuelle Änderungen an der app.yml? Firewall-Konfiguration auf dem Host-System? usw.

Ich möchte nicht den Eindruck erwecken, ich zweifle an dir, aber angesichts der Tausenden von selbst gehosteten Installationen, von denen wir wissen, dass sie im Umlauf sind – viele davon mit IPv6 – würden wir bei SSL-Zertifikats-Updates für IPv6-Websites viel mehr Rückmeldungen erwarten, wenn diese fehlschlagen würden.

gpetrov · 1. Juli 2020 um 11:00

We followed the official guide very strictly - no additions at all - no proxies what so ever. Just a bare bone VPS with Ubuntu on it and docker.

The VPS had ipv6 enabled but as I said we added the AAAA record to the DNS much later.
We didn’t enter any other specific ipv6 config on the server.

Here is the detailed logging of the failed SSL renewal:

[Tue Jun 30 00:51:02 UTC 2020] Running cmd: cron
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] ===Starting cron===
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:02 UTC 2020] ret='0'
[Tue Jun 30 00:51:02 UTC 2020] Already uptodate!
[Tue Jun 30 00:51:02 UTC 2020] Upgrade success!
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] Auto upgraded to: 2.8.7
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] _stopRenewOnError
[Tue Jun 30 00:51:02 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:02 UTC 2020] di='/shared/letsencrypt/community.wappler.io/'
[Tue Jun 30 00:51:02 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Le_API
[Tue Jun 30 00:51:02 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:02 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:03 UTC 2020] ret='0'
[Tue Jun 30 00:51:03 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:03 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:03 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:03 UTC 2020] Le_NextRenewTime='1591011136'
[Tue Jun 30 00:51:03 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:03 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:03 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:03 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:03 UTC 2020] Read key length:4096
[Tue Jun 30 00:51:03 UTC 2020] _createcsr
[Tue Jun 30 00:51:03 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:03 UTC 2020] RSA key
[Tue Jun 30 00:51:03 UTC 2020] HEAD
[Tue Jun 30 00:51:03 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] code='201'
[Tue Jun 30 00:51:04 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] payload
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:05 UTC 2020] _ret='0'
[Tue Jun 30 00:51:05 UTC 2020] code='200'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww","token":"4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU"'
[Tue Jun 30 00:51:05 UTC 2020] token='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] dvlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] d
[Tue Jun 30 00:51:05 UTC 2020] vlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:05 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:05 UTC 2020] writing token:4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU to /var/www/discourse/public/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU
[Tue Jun 30 00:51:05 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:05 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] payload='{}'
[Tue Jun 30 00:51:05 UTC 2020] POST
[Tue Jun 30 00:51:05 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:06 UTC 2020] _ret='0'
[Tue Jun 30 00:51:06 UTC 2020] code='200'
[Tue Jun 30 00:51:06 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:06 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:08 UTC 2020] checking
[Tue Jun 30 00:51:08 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] payload
[Tue Jun 30 00:51:08 UTC 2020] POST
[Tue Jun 30 00:51:08 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:08 UTC 2020] _ret='0'
[Tue Jun 30 00:51:08 UTC 2020] code='200'
[Tue Jun 30 00:51:08 UTC 2020] Pending
[Tue Jun 30 00:51:08 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:10 UTC 2020] checking
[Tue Jun 30 00:51:10 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] payload
[Tue Jun 30 00:51:10 UTC 2020] POST
[Tue Jun 30 00:51:10 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:11 UTC 2020] _ret='0'
[Tue Jun 30 00:51:11 UTC 2020] code='200'
[Tue Jun 30 00:51:11 UTC 2020] Pending
[Tue Jun 30 00:51:11 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:13 UTC 2020] checking
[Tue Jun 30 00:51:13 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] payload
[Tue Jun 30 00:51:13 UTC 2020] POST
[Tue Jun 30 00:51:13 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:14 UTC 2020] _ret='0'
[Tue Jun 30 00:51:14 UTC 2020] code='200'
[Tue Jun 30 00:51:14 UTC 2020] Pending
[Tue Jun 30 00:51:14 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:16 UTC 2020] checking
[Tue Jun 30 00:51:16 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] payload
[Tue Jun 30 00:51:16 UTC 2020] POST
[Tue Jun 30 00:51:16 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:16 UTC 2020] _ret='0'
[Tue Jun 30 00:51:16 UTC 2020] code='200'
[Tue Jun 30 00:51:16 UTC 2020] Pending
[Tue Jun 30 00:51:16 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:18 UTC 2020] checking
[Tue Jun 30 00:51:18 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] payload
[Tue Jun 30 00:51:18 UTC 2020] POST
[Tue Jun 30 00:51:18 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:19 UTC 2020] _ret='0'
[Tue Jun 30 00:51:19 UTC 2020] code='200'
[Tue Jun 30 00:51:19 UTC 2020] Pending
[Tue Jun 30 00:51:19 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:21 UTC 2020] checking
[Tue Jun 30 00:51:21 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] payload
[Tue Jun 30 00:51:21 UTC 2020] POST
[Tue Jun 30 00:51:21 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:23 UTC 2020] _ret='0'
[Tue Jun 30 00:51:23 UTC 2020] code='200'
[Tue Jun 30 00:51:23 UTC 2020] Pending
[Tue Jun 30 00:51:23 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:25 UTC 2020] checking
[Tue Jun 30 00:51:25 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] payload
[Tue Jun 30 00:51:25 UTC 2020] POST
[Tue Jun 30 00:51:25 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:25 UTC 2020] _ret='0'
[Tue Jun 30 00:51:25 UTC 2020] code='200'
[Tue Jun 30 00:51:25 UTC 2020] Pending
[Tue Jun 30 00:51:25 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:27 UTC 2020] checking
[Tue Jun 30 00:51:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] payload
[Tue Jun 30 00:51:27 UTC 2020] POST
[Tue Jun 30 00:51:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:28 UTC 2020] _ret='0'
[Tue Jun 30 00:51:28 UTC 2020] code='200'
[Tue Jun 30 00:51:28 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU: Timeout during connect (likely firewall problem)
[Tue Jun 30 00:51:28 UTC 2020] pid
[Tue Jun 30 00:51:28 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:28 UTC 2020] _clearupdns
[Tue Jun 30 00:51:28 UTC 2020] dns_entries
[Tue Jun 30 00:51:28 UTC 2020] skip dns.
[Tue Jun 30 00:51:28 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:28 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] payload='{}'
[Tue Jun 30 00:51:28 UTC 2020] POST
[Tue Jun 30 00:51:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] _ret='0'
[Tue Jun 30 00:51:29 UTC 2020] code='400'
[Tue Jun 30 00:51:29 UTC 2020] Return code: 1
[Tue Jun 30 00:51:29 UTC 2020] Error renew community.wappler.io.
[Tue Jun 30 00:51:29 UTC 2020] di='/shared/letsencrypt/community.wappler.io_ecc/'
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:29 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Le_API
[Tue Jun 30 00:51:29 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:29 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] GET
[Tue Jun 30 00:51:29 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] timeout=
[Tue Jun 30 00:51:29 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] ret='0'
[Tue Jun 30 00:51:29 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:29 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:29 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:29 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:29 UTC 2020] Le_NextRenewTime='1591011142'
[Tue Jun 30 00:51:29 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:29 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:29 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:29 UTC 2020] d
[Tue Jun 30 00:51:29 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:29 UTC 2020] Read key length:ec-256
[Tue Jun 30 00:51:29 UTC 2020] _createcsr
[Tue Jun 30 00:51:29 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:30 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:30 UTC 2020] d
[Tue Jun 30 00:51:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:30 UTC 2020] RSA key
[Tue Jun 30 00:51:30 UTC 2020] HEAD
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:30 UTC 2020] _ret='0'
[Tue Jun 30 00:51:30 UTC 2020] POST
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='201'
[Tue Jun 30 00:51:31 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] payload
[Tue Jun 30 00:51:31 UTC 2020] POST
[Tue Jun 30 00:51:31 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='200'
[Tue Jun 30 00:51:31 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:31 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA","token":"1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI"'
[Tue Jun 30 00:51:32 UTC 2020] token='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] dvlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] d
[Tue Jun 30 00:51:32 UTC 2020] vlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:32 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:32 UTC 2020] writing token:1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI to /var/www/discourse/public/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI
[Tue Jun 30 00:51:32 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:32 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] payload='{}'
[Tue Jun 30 00:51:32 UTC 2020] POST
[Tue Jun 30 00:51:32 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:32 UTC 2020] _ret='0'
[Tue Jun 30 00:51:32 UTC 2020] code='200'
[Tue Jun 30 00:51:32 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:32 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:34 UTC 2020] checking
[Tue Jun 30 00:51:34 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] payload
[Tue Jun 30 00:51:34 UTC 2020] POST
[Tue Jun 30 00:51:34 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:35 UTC 2020] _ret='0'
[Tue Jun 30 00:51:35 UTC 2020] code='200'
[Tue Jun 30 00:51:35 UTC 2020] Pending
[Tue Jun 30 00:51:35 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:37 UTC 2020] checking
[Tue Jun 30 00:51:37 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] payload
[Tue Jun 30 00:51:37 UTC 2020] POST
[Tue Jun 30 00:51:37 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:37 UTC 2020] _ret='0'
[Tue Jun 30 00:51:38 UTC 2020] code='200'
[Tue Jun 30 00:51:38 UTC 2020] Pending
[Tue Jun 30 00:51:38 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:40 UTC 2020] checking
[Tue Jun 30 00:51:40 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] payload
[Tue Jun 30 00:51:40 UTC 2020] POST
[Tue Jun 30 00:51:40 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:40 UTC 2020] _ret='0'
[Tue Jun 30 00:51:40 UTC 2020] code='200'
[Tue Jun 30 00:51:40 UTC 2020] Pending
[Tue Jun 30 00:51:40 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:42 UTC 2020] checking
[Tue Jun 30 00:51:42 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] payload
[Tue Jun 30 00:51:42 UTC 2020] POST
[Tue Jun 30 00:51:42 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:43 UTC 2020] _ret='0'
[Tue Jun 30 00:51:43 UTC 2020] code='200'
[Tue Jun 30 00:51:43 UTC 2020] Pending
[Tue Jun 30 00:51:43 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:45 UTC 2020] checking
[Tue Jun 30 00:51:45 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] payload
[Tue Jun 30 00:51:45 UTC 2020] POST
[Tue Jun 30 00:51:45 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:45 UTC 2020] _ret='0'
[Tue Jun 30 00:51:45 UTC 2020] code='200'
[Tue Jun 30 00:51:46 UTC 2020] Pending
[Tue Jun 30 00:51:46 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:48 UTC 2020] checking
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:48 UTC 2020] _ret='0'
[Tue Jun 30 00:51:48 UTC 2020] code='200'
[Tue Jun 30 00:51:48 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI: Error getting validation data
[Tue Jun 30 00:51:48 UTC 2020] pid
[Tue Jun 30 00:51:48 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:48 UTC 2020] _clearupdns
[Tue Jun 30 00:51:48 UTC 2020] dns_entries
[Tue Jun 30 00:51:48 UTC 2020] skip dns.
[Tue Jun 30 00:51:48 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:48 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload='{}'
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:49 UTC 2020] _ret='0'
[Tue Jun 30 00:51:49 UTC 2020] code='400'
[Tue Jun 30 00:51:49 UTC 2020] Return code: 1
[Tue Jun 30 00:51:49 UTC 2020] Error renew community.wappler.io_ecc.
[Tue Jun 30 00:51:49 UTC 2020] di='/shared/letsencrypt/example.com/'
[Tue Jun 30 00:51:49 UTC 2020] d='example.com'
[Tue Jun 30 00:51:49 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:49 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:49 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/example.com'
[Tue Jun 30 00:51:49 UTC 2020] Renew: 'example.com'
[Tue Jun 30 00:51:49 UTC 2020] Le_API
[Tue Jun 30 00:51:49 UTC 2020] Skip invalid cert for: example.com
[Tue Jun 30 00:51:49 UTC 2020] Return code: 2
[Tue Jun 30 00:51:49 UTC 2020] Skipped example.com
[Tue Jun 30 00:51:49 UTC 2020] _error_level='1'
[Tue Jun 30 00:51:49 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:49 UTC 2020] The NOTIFY_HOOK is empty, just return.
[Tue Jun 30 00:51:49 UTC 2020] ===End cron===

Falco · 1. Juli 2020 um 18:24

Das bedeutet normalerweise, dass der AAAA-DNS-Eintrag fehlerhaft war. Wie

angenommen wurde, war dies tatsächlich der Fall.

Da wir mehrere Sites bei DO problemlos mit IPv6 und Let’s Encrypt betreiben, scheint es sich um einen Benutzerfehler zu handeln. Bitte eröffnen Sie ein neues Thema, wenn Sie reproduzierbare Schritte angeben können.

Thema		Antworten	Aufrufe
Problem with my SSL certificate Self-hosting	16	11449	8. Juni 2024
Let's Encrypt renewal errors Self-hosting	11	1891	22. Februar 2020
Letsencrypt not renewing Self-hosting	6	1519	8. Juni 2024
Fresh installation with Let’s Encrypt errors Self-hosting	18	4071	26. Dezember 2019
Bootstrap error during Discourse install: ENOENT - /etc/runit/1.d/letsencrypt Self-hosting	24	403	21. November 2025

Let's Encrypt automatische Verlängerung und IPv6

Verwandte Themen