Renouvellement automatique et IPv6 pour Let's Encrypt

Eh bien, le problème IPv6 et Let’s Encrypt était vraiment flou.

Lors de la reconstruction de Discourse, tout s’est bien passé : un nouveau certificat a été émis.

Mais le renouvellement automatique de Let’s Encrypt n’a pas fonctionné : il a expiré car le site n’était pas accessible via IPv6 (lorsqu’il était en cours d’exécution) pour que Let’s Encrypt puisse vérifier le dossier .well-known.

Nous avons également vérifié l’installation de l’hôte Docker et il n’avait pas de règles de transfert ip6tables vers le réseau interne de Docker, contrairement à IPv4, mais dans ip6tables, tout était autorisé…

Nous avons également activé IPv6 dans les paramètres de l’hôte Docker et redémarré le démon, mais cela n’a pas aidé non plus.

@jomaxro

Merci, George. Première question, pouvez-vous confirmer que vous avez suivi discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub ?

Je viens de vérifier l’un de nos sites de test « auto-hébergés » sur Digital Ocean qui a IPv6 activé, et je peux confirmer que le certificat SSL a été renouvelé sans problème.

Oui, c’est bien ce que nous avons suivi : nous avons d’abord installé Docker manuellement avant d’exécuter discourse-setup.

Cela remonte à un certain temps (2,5 ans). Au début, tout fonctionnait parfaitement, mais un an plus tard, lorsque nous avons ajouté l’enregistrement AAAA pour IPv6, les renouvellements automatiques ont cessé de fonctionner. Nous avons dû exécuter discourse rebuild à chaque fois pour obtenir un nouveau certificat SSL.

Avez-vous des journaux (logs) correspondant au moment où le renouvellement automatique a échoué ? Ils seraient très utiles.

Par ailleurs, avez-vous dévié d’une quelconque manière du guide officiel ? Un proxy inverse supplémentaire ? Des modifications manuelles du fichier app.yml ? Une configuration du pare-feu sur le système hôte ? Etc.

Je ne veux pas donner l’impression de douter de vous, mais étant donné les milliers d’installations auto-hébergées que nous savons exister, dont beaucoup avec IPv6, si les renouvellements de certificats SSL échouaient pour les sites en IPv6, nous nous attendrions à entendre beaucoup de plaintes.

We followed the official guide very strictly - no additions at all - no proxies what so ever. Just a bare bone VPS with Ubuntu on it and docker.

The VPS had ipv6 enabled but as I said we added the AAAA record to the DNS much later.
We didn’t enter any other specific ipv6 config on the server.

Here is the detailed logging of the failed SSL renewal:

[Tue Jun 30 00:51:02 UTC 2020] Running cmd: cron
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] ===Starting cron===
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:02 UTC 2020] ret='0'
[Tue Jun 30 00:51:02 UTC 2020] Already uptodate!
[Tue Jun 30 00:51:02 UTC 2020] Upgrade success!
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] Auto upgraded to: 2.8.7
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] _stopRenewOnError
[Tue Jun 30 00:51:02 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:02 UTC 2020] di='/shared/letsencrypt/community.wappler.io/'
[Tue Jun 30 00:51:02 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Le_API
[Tue Jun 30 00:51:02 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:02 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:03 UTC 2020] ret='0'
[Tue Jun 30 00:51:03 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:03 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:03 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:03 UTC 2020] Le_NextRenewTime='1591011136'
[Tue Jun 30 00:51:03 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:03 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:03 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:03 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:03 UTC 2020] Read key length:4096
[Tue Jun 30 00:51:03 UTC 2020] _createcsr
[Tue Jun 30 00:51:03 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:03 UTC 2020] RSA key
[Tue Jun 30 00:51:03 UTC 2020] HEAD
[Tue Jun 30 00:51:03 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] code='201'
[Tue Jun 30 00:51:04 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] payload
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:05 UTC 2020] _ret='0'
[Tue Jun 30 00:51:05 UTC 2020] code='200'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww","token":"4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU"'
[Tue Jun 30 00:51:05 UTC 2020] token='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] dvlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] d
[Tue Jun 30 00:51:05 UTC 2020] vlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:05 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:05 UTC 2020] writing token:4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU to /var/www/discourse/public/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU
[Tue Jun 30 00:51:05 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:05 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] payload='{}'
[Tue Jun 30 00:51:05 UTC 2020] POST
[Tue Jun 30 00:51:05 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:06 UTC 2020] _ret='0'
[Tue Jun 30 00:51:06 UTC 2020] code='200'
[Tue Jun 30 00:51:06 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:06 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:08 UTC 2020] checking
[Tue Jun 30 00:51:08 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] payload
[Tue Jun 30 00:51:08 UTC 2020] POST
[Tue Jun 30 00:51:08 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:08 UTC 2020] _ret='0'
[Tue Jun 30 00:51:08 UTC 2020] code='200'
[Tue Jun 30 00:51:08 UTC 2020] Pending
[Tue Jun 30 00:51:08 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:10 UTC 2020] checking
[Tue Jun 30 00:51:10 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] payload
[Tue Jun 30 00:51:10 UTC 2020] POST
[Tue Jun 30 00:51:10 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:11 UTC 2020] _ret='0'
[Tue Jun 30 00:51:11 UTC 2020] code='200'
[Tue Jun 30 00:51:11 UTC 2020] Pending
[Tue Jun 30 00:51:11 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:13 UTC 2020] checking
[Tue Jun 30 00:51:13 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] payload
[Tue Jun 30 00:51:13 UTC 2020] POST
[Tue Jun 30 00:51:13 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:14 UTC 2020] _ret='0'
[Tue Jun 30 00:51:14 UTC 2020] code='200'
[Tue Jun 30 00:51:14 UTC 2020] Pending
[Tue Jun 30 00:51:14 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:16 UTC 2020] checking
[Tue Jun 30 00:51:16 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] payload
[Tue Jun 30 00:51:16 UTC 2020] POST
[Tue Jun 30 00:51:16 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:16 UTC 2020] _ret='0'
[Tue Jun 30 00:51:16 UTC 2020] code='200'
[Tue Jun 30 00:51:16 UTC 2020] Pending
[Tue Jun 30 00:51:16 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:18 UTC 2020] checking
[Tue Jun 30 00:51:18 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] payload
[Tue Jun 30 00:51:18 UTC 2020] POST
[Tue Jun 30 00:51:18 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:19 UTC 2020] _ret='0'
[Tue Jun 30 00:51:19 UTC 2020] code='200'
[Tue Jun 30 00:51:19 UTC 2020] Pending
[Tue Jun 30 00:51:19 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:21 UTC 2020] checking
[Tue Jun 30 00:51:21 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] payload
[Tue Jun 30 00:51:21 UTC 2020] POST
[Tue Jun 30 00:51:21 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:23 UTC 2020] _ret='0'
[Tue Jun 30 00:51:23 UTC 2020] code='200'
[Tue Jun 30 00:51:23 UTC 2020] Pending
[Tue Jun 30 00:51:23 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:25 UTC 2020] checking
[Tue Jun 30 00:51:25 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] payload
[Tue Jun 30 00:51:25 UTC 2020] POST
[Tue Jun 30 00:51:25 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:25 UTC 2020] _ret='0'
[Tue Jun 30 00:51:25 UTC 2020] code='200'
[Tue Jun 30 00:51:25 UTC 2020] Pending
[Tue Jun 30 00:51:25 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:27 UTC 2020] checking
[Tue Jun 30 00:51:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] payload
[Tue Jun 30 00:51:27 UTC 2020] POST
[Tue Jun 30 00:51:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:28 UTC 2020] _ret='0'
[Tue Jun 30 00:51:28 UTC 2020] code='200'
[Tue Jun 30 00:51:28 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU: Timeout during connect (likely firewall problem)
[Tue Jun 30 00:51:28 UTC 2020] pid
[Tue Jun 30 00:51:28 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:28 UTC 2020] _clearupdns
[Tue Jun 30 00:51:28 UTC 2020] dns_entries
[Tue Jun 30 00:51:28 UTC 2020] skip dns.
[Tue Jun 30 00:51:28 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:28 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] payload='{}'
[Tue Jun 30 00:51:28 UTC 2020] POST
[Tue Jun 30 00:51:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] _ret='0'
[Tue Jun 30 00:51:29 UTC 2020] code='400'
[Tue Jun 30 00:51:29 UTC 2020] Return code: 1
[Tue Jun 30 00:51:29 UTC 2020] Error renew community.wappler.io.
[Tue Jun 30 00:51:29 UTC 2020] di='/shared/letsencrypt/community.wappler.io_ecc/'
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:29 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Le_API
[Tue Jun 30 00:51:29 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:29 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] GET
[Tue Jun 30 00:51:29 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] timeout=
[Tue Jun 30 00:51:29 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] ret='0'
[Tue Jun 30 00:51:29 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:29 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:29 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:29 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:29 UTC 2020] Le_NextRenewTime='1591011142'
[Tue Jun 30 00:51:29 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:29 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:29 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:29 UTC 2020] d
[Tue Jun 30 00:51:29 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:29 UTC 2020] Read key length:ec-256
[Tue Jun 30 00:51:29 UTC 2020] _createcsr
[Tue Jun 30 00:51:29 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:30 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:30 UTC 2020] d
[Tue Jun 30 00:51:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:30 UTC 2020] RSA key
[Tue Jun 30 00:51:30 UTC 2020] HEAD
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:30 UTC 2020] _ret='0'
[Tue Jun 30 00:51:30 UTC 2020] POST
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='201'
[Tue Jun 30 00:51:31 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] payload
[Tue Jun 30 00:51:31 UTC 2020] POST
[Tue Jun 30 00:51:31 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='200'
[Tue Jun 30 00:51:31 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:31 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA","token":"1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI"'
[Tue Jun 30 00:51:32 UTC 2020] token='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] dvlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] d
[Tue Jun 30 00:51:32 UTC 2020] vlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:32 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:32 UTC 2020] writing token:1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI to /var/www/discourse/public/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI
[Tue Jun 30 00:51:32 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:32 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] payload='{}'
[Tue Jun 30 00:51:32 UTC 2020] POST
[Tue Jun 30 00:51:32 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:32 UTC 2020] _ret='0'
[Tue Jun 30 00:51:32 UTC 2020] code='200'
[Tue Jun 30 00:51:32 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:32 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:34 UTC 2020] checking
[Tue Jun 30 00:51:34 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] payload
[Tue Jun 30 00:51:34 UTC 2020] POST
[Tue Jun 30 00:51:34 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:35 UTC 2020] _ret='0'
[Tue Jun 30 00:51:35 UTC 2020] code='200'
[Tue Jun 30 00:51:35 UTC 2020] Pending
[Tue Jun 30 00:51:35 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:37 UTC 2020] checking
[Tue Jun 30 00:51:37 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] payload
[Tue Jun 30 00:51:37 UTC 2020] POST
[Tue Jun 30 00:51:37 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:37 UTC 2020] _ret='0'
[Tue Jun 30 00:51:38 UTC 2020] code='200'
[Tue Jun 30 00:51:38 UTC 2020] Pending
[Tue Jun 30 00:51:38 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:40 UTC 2020] checking
[Tue Jun 30 00:51:40 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] payload
[Tue Jun 30 00:51:40 UTC 2020] POST
[Tue Jun 30 00:51:40 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:40 UTC 2020] _ret='0'
[Tue Jun 30 00:51:40 UTC 2020] code='200'
[Tue Jun 30 00:51:40 UTC 2020] Pending
[Tue Jun 30 00:51:40 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:42 UTC 2020] checking
[Tue Jun 30 00:51:42 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] payload
[Tue Jun 30 00:51:42 UTC 2020] POST
[Tue Jun 30 00:51:42 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:43 UTC 2020] _ret='0'
[Tue Jun 30 00:51:43 UTC 2020] code='200'
[Tue Jun 30 00:51:43 UTC 2020] Pending
[Tue Jun 30 00:51:43 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:45 UTC 2020] checking
[Tue Jun 30 00:51:45 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] payload
[Tue Jun 30 00:51:45 UTC 2020] POST
[Tue Jun 30 00:51:45 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:45 UTC 2020] _ret='0'
[Tue Jun 30 00:51:45 UTC 2020] code='200'
[Tue Jun 30 00:51:46 UTC 2020] Pending
[Tue Jun 30 00:51:46 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:48 UTC 2020] checking
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:48 UTC 2020] _ret='0'
[Tue Jun 30 00:51:48 UTC 2020] code='200'
[Tue Jun 30 00:51:48 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI: Error getting validation data
[Tue Jun 30 00:51:48 UTC 2020] pid
[Tue Jun 30 00:51:48 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:48 UTC 2020] _clearupdns
[Tue Jun 30 00:51:48 UTC 2020] dns_entries
[Tue Jun 30 00:51:48 UTC 2020] skip dns.
[Tue Jun 30 00:51:48 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:48 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload='{}'
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:49 UTC 2020] _ret='0'
[Tue Jun 30 00:51:49 UTC 2020] code='400'
[Tue Jun 30 00:51:49 UTC 2020] Return code: 1
[Tue Jun 30 00:51:49 UTC 2020] Error renew community.wappler.io_ecc.
[Tue Jun 30 00:51:49 UTC 2020] di='/shared/letsencrypt/example.com/'
[Tue Jun 30 00:51:49 UTC 2020] d='example.com'
[Tue Jun 30 00:51:49 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:49 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:49 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/example.com'
[Tue Jun 30 00:51:49 UTC 2020] Renew: 'example.com'
[Tue Jun 30 00:51:49 UTC 2020] Le_API
[Tue Jun 30 00:51:49 UTC 2020] Skip invalid cert for: example.com
[Tue Jun 30 00:51:49 UTC 2020] Return code: 2
[Tue Jun 30 00:51:49 UTC 2020] Skipped example.com
[Tue Jun 30 00:51:49 UTC 2020] _error_level='1'
[Tue Jun 30 00:51:49 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:49 UTC 2020] The NOTIFY_HOOK is empty, just return.
[Tue Jun 30 00:51:49 UTC 2020] ===End cron===

Cela signifie généralement que l’entrée DNS AAAA était incorrecte. Comme mentionné dans :

Je suppose que c’était bien le cas.

Puisque nous hébergeons plusieurs sites sur DO sans problème avec IPv6 et Let’s Encrypt, cela semble être une erreur de l’utilisateur. Veuillez ouvrir un nouveau sujet si vous pouvez fournir des étapes de reproduction.