Renovación automática de Let's Encrypt e IPv6

Bueno, el problema de IPv6 y Let’s Encrypt fue realmente vago.

Al reconstruir Discourse, todo funcionó perfectamente; se emitió un nuevo certificado.

Pero la renovación automática de Let’s Encrypt no funcionó: se produjo un tiempo de espera porque el sitio no era accesible a través de IPv6 (mientras se ejecutaba) para que Let’s Encrypt verificara la carpeta .well-known.

También verificamos la instalación del host de Docker y no tenía reenviadores de ip6tables hacia la red interna de Docker, como sí los tenía para IPv4, aunque en ip6tables todo estaba permitido…

También habilitamos IPv6 en la configuración del host de Docker y reiniciamos el demonio, pero tampoco ayudó.

@jomaxro

Gracias, George. Primera pregunta: ¿puedes confirmar que seguiste discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub?

Acabo de verificar uno de nuestros sitios de prueba “autohospedados” en Digital Ocean con IPv6 habilitado y puedo confirmar que el certificado SSL se renovó sin problemas.

Sí, eso es lo que seguimos; primero instalamos Docker manualmente antes de ejecutar discourse-setup.

Esto lo hicimos hace un tiempo (2,5 años); al principio funcionó todo bien, pero un año después, cuando añadimos el registro AAAA para IPv6, las renovaciones automáticas dejaron de funcionar y tuvimos que ejecutar discourse rebuild cada vez para obtener un nuevo certificado SSL.

¿Tienes algún registro del momento en que falló la renovación automática? Serían muy útiles.

Además, ¿siguiste el guía oficial exactamente o hiciste algún cambio? ¿Usaste un proxy inverso adicional? ¿Modificaciones manuales en el archivo app.yml? ¿Configuración del firewall en el sistema host? etc.

No quiero dar la impresión de que dudo de ti, pero dado que sabemos que hay miles de instalaciones autoalojadas en funcionamiento, muchas con IPv6, si las renovaciones de certificados SSL estuvieran fallando en sitios con IPv6, esperaríamos recibir muchas quejas.

We followed the official guide very strictly - no additions at all - no proxies what so ever. Just a bare bone VPS with Ubuntu on it and docker.

The VPS had ipv6 enabled but as I said we added the AAAA record to the DNS much later.
We didn’t enter any other specific ipv6 config on the server.

Here is the detailed logging of the failed SSL renewal:

[Tue Jun 30 00:51:02 UTC 2020] Running cmd: cron
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] ===Starting cron===
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:02 UTC 2020] ret='0'
[Tue Jun 30 00:51:02 UTC 2020] Already uptodate!
[Tue Jun 30 00:51:02 UTC 2020] Upgrade success!
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] Auto upgraded to: 2.8.7
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] _stopRenewOnError
[Tue Jun 30 00:51:02 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:02 UTC 2020] di='/shared/letsencrypt/community.wappler.io/'
[Tue Jun 30 00:51:02 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Le_API
[Tue Jun 30 00:51:02 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:02 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:03 UTC 2020] ret='0'
[Tue Jun 30 00:51:03 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:03 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:03 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:03 UTC 2020] Le_NextRenewTime='1591011136'
[Tue Jun 30 00:51:03 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:03 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:03 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:03 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:03 UTC 2020] Read key length:4096
[Tue Jun 30 00:51:03 UTC 2020] _createcsr
[Tue Jun 30 00:51:03 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:03 UTC 2020] RSA key
[Tue Jun 30 00:51:03 UTC 2020] HEAD
[Tue Jun 30 00:51:03 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] code='201'
[Tue Jun 30 00:51:04 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] payload
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:05 UTC 2020] _ret='0'
[Tue Jun 30 00:51:05 UTC 2020] code='200'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww","token":"4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU"'
[Tue Jun 30 00:51:05 UTC 2020] token='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] dvlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] d
[Tue Jun 30 00:51:05 UTC 2020] vlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:05 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:05 UTC 2020] writing token:4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU to /var/www/discourse/public/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU
[Tue Jun 30 00:51:05 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:05 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] payload='{}'
[Tue Jun 30 00:51:05 UTC 2020] POST
[Tue Jun 30 00:51:05 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:06 UTC 2020] _ret='0'
[Tue Jun 30 00:51:06 UTC 2020] code='200'
[Tue Jun 30 00:51:06 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:06 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:08 UTC 2020] checking
[Tue Jun 30 00:51:08 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] payload
[Tue Jun 30 00:51:08 UTC 2020] POST
[Tue Jun 30 00:51:08 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:08 UTC 2020] _ret='0'
[Tue Jun 30 00:51:08 UTC 2020] code='200'
[Tue Jun 30 00:51:08 UTC 2020] Pending
[Tue Jun 30 00:51:08 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:10 UTC 2020] checking
[Tue Jun 30 00:51:10 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] payload
[Tue Jun 30 00:51:10 UTC 2020] POST
[Tue Jun 30 00:51:10 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:11 UTC 2020] _ret='0'
[Tue Jun 30 00:51:11 UTC 2020] code='200'
[Tue Jun 30 00:51:11 UTC 2020] Pending
[Tue Jun 30 00:51:11 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:13 UTC 2020] checking
[Tue Jun 30 00:51:13 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] payload
[Tue Jun 30 00:51:13 UTC 2020] POST
[Tue Jun 30 00:51:13 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:14 UTC 2020] _ret='0'
[Tue Jun 30 00:51:14 UTC 2020] code='200'
[Tue Jun 30 00:51:14 UTC 2020] Pending
[Tue Jun 30 00:51:14 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:16 UTC 2020] checking
[Tue Jun 30 00:51:16 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] payload
[Tue Jun 30 00:51:16 UTC 2020] POST
[Tue Jun 30 00:51:16 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:16 UTC 2020] _ret='0'
[Tue Jun 30 00:51:16 UTC 2020] code='200'
[Tue Jun 30 00:51:16 UTC 2020] Pending
[Tue Jun 30 00:51:16 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:18 UTC 2020] checking
[Tue Jun 30 00:51:18 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] payload
[Tue Jun 30 00:51:18 UTC 2020] POST
[Tue Jun 30 00:51:18 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:19 UTC 2020] _ret='0'
[Tue Jun 30 00:51:19 UTC 2020] code='200'
[Tue Jun 30 00:51:19 UTC 2020] Pending
[Tue Jun 30 00:51:19 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:21 UTC 2020] checking
[Tue Jun 30 00:51:21 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] payload
[Tue Jun 30 00:51:21 UTC 2020] POST
[Tue Jun 30 00:51:21 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:23 UTC 2020] _ret='0'
[Tue Jun 30 00:51:23 UTC 2020] code='200'
[Tue Jun 30 00:51:23 UTC 2020] Pending
[Tue Jun 30 00:51:23 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:25 UTC 2020] checking
[Tue Jun 30 00:51:25 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] payload
[Tue Jun 30 00:51:25 UTC 2020] POST
[Tue Jun 30 00:51:25 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:25 UTC 2020] _ret='0'
[Tue Jun 30 00:51:25 UTC 2020] code='200'
[Tue Jun 30 00:51:25 UTC 2020] Pending
[Tue Jun 30 00:51:25 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:27 UTC 2020] checking
[Tue Jun 30 00:51:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] payload
[Tue Jun 30 00:51:27 UTC 2020] POST
[Tue Jun 30 00:51:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:28 UTC 2020] _ret='0'
[Tue Jun 30 00:51:28 UTC 2020] code='200'
[Tue Jun 30 00:51:28 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU: Timeout during connect (likely firewall problem)
[Tue Jun 30 00:51:28 UTC 2020] pid
[Tue Jun 30 00:51:28 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:28 UTC 2020] _clearupdns
[Tue Jun 30 00:51:28 UTC 2020] dns_entries
[Tue Jun 30 00:51:28 UTC 2020] skip dns.
[Tue Jun 30 00:51:28 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:28 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] payload='{}'
[Tue Jun 30 00:51:28 UTC 2020] POST
[Tue Jun 30 00:51:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] _ret='0'
[Tue Jun 30 00:51:29 UTC 2020] code='400'
[Tue Jun 30 00:51:29 UTC 2020] Return code: 1
[Tue Jun 30 00:51:29 UTC 2020] Error renew community.wappler.io.
[Tue Jun 30 00:51:29 UTC 2020] di='/shared/letsencrypt/community.wappler.io_ecc/'
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:29 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Le_API
[Tue Jun 30 00:51:29 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:29 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] GET
[Tue Jun 30 00:51:29 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] timeout=
[Tue Jun 30 00:51:29 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] ret='0'
[Tue Jun 30 00:51:29 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:29 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:29 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:29 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:29 UTC 2020] Le_NextRenewTime='1591011142'
[Tue Jun 30 00:51:29 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:29 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:29 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:29 UTC 2020] d
[Tue Jun 30 00:51:29 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:29 UTC 2020] Read key length:ec-256
[Tue Jun 30 00:51:29 UTC 2020] _createcsr
[Tue Jun 30 00:51:29 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:30 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:30 UTC 2020] d
[Tue Jun 30 00:51:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:30 UTC 2020] RSA key
[Tue Jun 30 00:51:30 UTC 2020] HEAD
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:30 UTC 2020] _ret='0'
[Tue Jun 30 00:51:30 UTC 2020] POST
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='201'
[Tue Jun 30 00:51:31 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] payload
[Tue Jun 30 00:51:31 UTC 2020] POST
[Tue Jun 30 00:51:31 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='200'
[Tue Jun 30 00:51:31 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:31 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA","token":"1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI"'
[Tue Jun 30 00:51:32 UTC 2020] token='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] dvlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] d
[Tue Jun 30 00:51:32 UTC 2020] vlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:32 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:32 UTC 2020] writing token:1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI to /var/www/discourse/public/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI
[Tue Jun 30 00:51:32 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:32 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] payload='{}'
[Tue Jun 30 00:51:32 UTC 2020] POST
[Tue Jun 30 00:51:32 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:32 UTC 2020] _ret='0'
[Tue Jun 30 00:51:32 UTC 2020] code='200'
[Tue Jun 30 00:51:32 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:32 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:34 UTC 2020] checking
[Tue Jun 30 00:51:34 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] payload
[Tue Jun 30 00:51:34 UTC 2020] POST
[Tue Jun 30 00:51:34 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:35 UTC 2020] _ret='0'
[Tue Jun 30 00:51:35 UTC 2020] code='200'
[Tue Jun 30 00:51:35 UTC 2020] Pending
[Tue Jun 30 00:51:35 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:37 UTC 2020] checking
[Tue Jun 30 00:51:37 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] payload
[Tue Jun 30 00:51:37 UTC 2020] POST
[Tue Jun 30 00:51:37 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:37 UTC 2020] _ret='0'
[Tue Jun 30 00:51:38 UTC 2020] code='200'
[Tue Jun 30 00:51:38 UTC 2020] Pending
[Tue Jun 30 00:51:38 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:40 UTC 2020] checking
[Tue Jun 30 00:51:40 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] payload
[Tue Jun 30 00:51:40 UTC 2020] POST
[Tue Jun 30 00:51:40 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:40 UTC 2020] _ret='0'
[Tue Jun 30 00:51:40 UTC 2020] code='200'
[Tue Jun 30 00:51:40 UTC 2020] Pending
[Tue Jun 30 00:51:40 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:42 UTC 2020] checking
[Tue Jun 30 00:51:42 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] payload
[Tue Jun 30 00:51:42 UTC 2020] POST
[Tue Jun 30 00:51:42 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:43 UTC 2020] _ret='0'
[Tue Jun 30 00:51:43 UTC 2020] code='200'
[Tue Jun 30 00:51:43 UTC 2020] Pending
[Tue Jun 30 00:51:43 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:45 UTC 2020] checking
[Tue Jun 30 00:51:45 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] payload
[Tue Jun 30 00:51:45 UTC 2020] POST
[Tue Jun 30 00:51:45 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:45 UTC 2020] _ret='0'
[Tue Jun 30 00:51:45 UTC 2020] code='200'
[Tue Jun 30 00:51:46 UTC 2020] Pending
[Tue Jun 30 00:51:46 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:48 UTC 2020] checking
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:48 UTC 2020] _ret='0'
[Tue Jun 30 00:51:48 UTC 2020] code='200'
[Tue Jun 30 00:51:48 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI: Error getting validation data
[Tue Jun 30 00:51:48 UTC 2020] pid
[Tue Jun 30 00:51:48 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:48 UTC 2020] _clearupdns
[Tue Jun 30 00:51:48 UTC 2020] dns_entries
[Tue Jun 30 00:51:48 UTC 2020] skip dns.
[Tue Jun 30 00:51:48 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:48 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload='{}'
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:49 UTC 2020] _ret='0'
[Tue Jun 30 00:51:49 UTC 2020] code='400'
[Tue Jun 30 00:51:49 UTC 2020] Return code: 1
[Tue Jun 30 00:51:49 UTC 2020] Error renew community.wappler.io_ecc.
[Tue Jun 30 00:51:49 UTC 2020] di='/shared/letsencrypt/example.com/'
[Tue Jun 30 00:51:49 UTC 2020] d='example.com'
[Tue Jun 30 00:51:49 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:49 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:49 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/example.com'
[Tue Jun 30 00:51:49 UTC 2020] Renew: 'example.com'
[Tue Jun 30 00:51:49 UTC 2020] Le_API
[Tue Jun 30 00:51:49 UTC 2020] Skip invalid cert for: example.com
[Tue Jun 30 00:51:49 UTC 2020] Return code: 2
[Tue Jun 30 00:51:49 UTC 2020] Skipped example.com
[Tue Jun 30 00:51:49 UTC 2020] _error_level='1'
[Tue Jun 30 00:51:49 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:49 UTC 2020] The NOTIFY_HOOK is empty, just return.
[Tue Jun 30 00:51:49 UTC 2020] ===End cron===

Eso suele significar que la entrada DNS AAAA estaba rota. Según

Supongo que ese fue realmente el caso.

Dado que alojamos varios sitios en DO sin problemas con IPv6 y Let’s Encrypt, esto parece ser un error del usuario. Por favor, abre un nuevo tema si puedes proporcionar pasos para reproducir el problema.