Renovação automática do Let's Encrypt e IPv6

Bem, o problema do IPv6 e do Let’s Encrypt foi realmente vago.

Ao reconstruir o Discourse, tudo funcionou perfeitamente — um novo certificado foi emitido.

Mas a renovação automática do Let’s Encrypt não funcionou: ocorreu um timeout, pois o site não era acessível via IPv6 (durante a execução) para que o Let’s Encrypt verificasse a pasta .well-known.

Também verificamos a instalação do host Docker e descobrimos que não havia encaminhadores ip6tables para a rede interna do Docker, como havia para o IPv4 — mas nas ip6tables tudo estava permitido…

Ativamos o IPv6 nas configurações do host Docker e reiniciamos o daemon, mas isso também não ajudou.

@jomaxro

Obrigado, George. Primeira pergunta: você pode confirmar que seguiu discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub?

Acabei de verificar um dos nossos sites de teste “auto-hospedados” no Digital Ocean com IPv6 habilitado e posso confirmar que o certificado SSL foi renovado sem problemas.

Sim, é isso que fizemos: instalamos o Docker manualmente antes de executar o discourse-setup.

Faz um tempo que fizemos isso (2,5 anos). Inicialmente, tudo funcionou bem, mas um ano depois, quando adicionamos o registro AAAA para o IPv6, as renovações automáticas pararam de funcionar e tivemos que executar o discourse rebuild toda vez apenas para obter um novo certificado SSL.

Você tem algum log do momento da falha na renovação automática? Eles seriam bastante úteis.

Além disso, você desviou do guia oficial de alguma forma? Proxy reverso adicional? Modificações manuais no app.yml? Configuração de firewall no sistema host? etc.

Não quero soar como se estivesse duvidando de você, mas, considerando os milhares de instalações auto-hospedadas que sabemos existir, muitas com IPv6, se as renovações de certificados SSL estivessem falhando para sites com IPv6, esperaríamos ouvir muito mais reclamações.

We followed the official guide very strictly - no additions at all - no proxies what so ever. Just a bare bone VPS with Ubuntu on it and docker.

The VPS had ipv6 enabled but as I said we added the AAAA record to the DNS much later.
We didn’t enter any other specific ipv6 config on the server.

Here is the detailed logging of the failed SSL renewal:

[Tue Jun 30 00:51:02 UTC 2020] Running cmd: cron
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] ===Starting cron===
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:02 UTC 2020] ret='0'
[Tue Jun 30 00:51:02 UTC 2020] Already uptodate!
[Tue Jun 30 00:51:02 UTC 2020] Upgrade success!
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] Auto upgraded to: 2.8.7
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] _stopRenewOnError
[Tue Jun 30 00:51:02 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:02 UTC 2020] di='/shared/letsencrypt/community.wappler.io/'
[Tue Jun 30 00:51:02 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Le_API
[Tue Jun 30 00:51:02 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:02 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:03 UTC 2020] ret='0'
[Tue Jun 30 00:51:03 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:03 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:03 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:03 UTC 2020] Le_NextRenewTime='1591011136'
[Tue Jun 30 00:51:03 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:03 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:03 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:03 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:03 UTC 2020] Read key length:4096
[Tue Jun 30 00:51:03 UTC 2020] _createcsr
[Tue Jun 30 00:51:03 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:03 UTC 2020] RSA key
[Tue Jun 30 00:51:03 UTC 2020] HEAD
[Tue Jun 30 00:51:03 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] code='201'
[Tue Jun 30 00:51:04 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] payload
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:05 UTC 2020] _ret='0'
[Tue Jun 30 00:51:05 UTC 2020] code='200'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww","token":"4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU"'
[Tue Jun 30 00:51:05 UTC 2020] token='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] dvlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] d
[Tue Jun 30 00:51:05 UTC 2020] vlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:05 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:05 UTC 2020] writing token:4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU to /var/www/discourse/public/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU
[Tue Jun 30 00:51:05 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:05 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] payload='{}'
[Tue Jun 30 00:51:05 UTC 2020] POST
[Tue Jun 30 00:51:05 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:06 UTC 2020] _ret='0'
[Tue Jun 30 00:51:06 UTC 2020] code='200'
[Tue Jun 30 00:51:06 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:06 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:08 UTC 2020] checking
[Tue Jun 30 00:51:08 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] payload
[Tue Jun 30 00:51:08 UTC 2020] POST
[Tue Jun 30 00:51:08 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:08 UTC 2020] _ret='0'
[Tue Jun 30 00:51:08 UTC 2020] code='200'
[Tue Jun 30 00:51:08 UTC 2020] Pending
[Tue Jun 30 00:51:08 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:10 UTC 2020] checking
[Tue Jun 30 00:51:10 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] payload
[Tue Jun 30 00:51:10 UTC 2020] POST
[Tue Jun 30 00:51:10 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:11 UTC 2020] _ret='0'
[Tue Jun 30 00:51:11 UTC 2020] code='200'
[Tue Jun 30 00:51:11 UTC 2020] Pending
[Tue Jun 30 00:51:11 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:13 UTC 2020] checking
[Tue Jun 30 00:51:13 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] payload
[Tue Jun 30 00:51:13 UTC 2020] POST
[Tue Jun 30 00:51:13 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:14 UTC 2020] _ret='0'
[Tue Jun 30 00:51:14 UTC 2020] code='200'
[Tue Jun 30 00:51:14 UTC 2020] Pending
[Tue Jun 30 00:51:14 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:16 UTC 2020] checking
[Tue Jun 30 00:51:16 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] payload
[Tue Jun 30 00:51:16 UTC 2020] POST
[Tue Jun 30 00:51:16 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:16 UTC 2020] _ret='0'
[Tue Jun 30 00:51:16 UTC 2020] code='200'
[Tue Jun 30 00:51:16 UTC 2020] Pending
[Tue Jun 30 00:51:16 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:18 UTC 2020] checking
[Tue Jun 30 00:51:18 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] payload
[Tue Jun 30 00:51:18 UTC 2020] POST
[Tue Jun 30 00:51:18 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:19 UTC 2020] _ret='0'
[Tue Jun 30 00:51:19 UTC 2020] code='200'
[Tue Jun 30 00:51:19 UTC 2020] Pending
[Tue Jun 30 00:51:19 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:21 UTC 2020] checking
[Tue Jun 30 00:51:21 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] payload
[Tue Jun 30 00:51:21 UTC 2020] POST
[Tue Jun 30 00:51:21 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:23 UTC 2020] _ret='0'
[Tue Jun 30 00:51:23 UTC 2020] code='200'
[Tue Jun 30 00:51:23 UTC 2020] Pending
[Tue Jun 30 00:51:23 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:25 UTC 2020] checking
[Tue Jun 30 00:51:25 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] payload
[Tue Jun 30 00:51:25 UTC 2020] POST
[Tue Jun 30 00:51:25 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:25 UTC 2020] _ret='0'
[Tue Jun 30 00:51:25 UTC 2020] code='200'
[Tue Jun 30 00:51:25 UTC 2020] Pending
[Tue Jun 30 00:51:25 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:27 UTC 2020] checking
[Tue Jun 30 00:51:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] payload
[Tue Jun 30 00:51:27 UTC 2020] POST
[Tue Jun 30 00:51:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:28 UTC 2020] _ret='0'
[Tue Jun 30 00:51:28 UTC 2020] code='200'
[Tue Jun 30 00:51:28 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU: Timeout during connect (likely firewall problem)
[Tue Jun 30 00:51:28 UTC 2020] pid
[Tue Jun 30 00:51:28 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:28 UTC 2020] _clearupdns
[Tue Jun 30 00:51:28 UTC 2020] dns_entries
[Tue Jun 30 00:51:28 UTC 2020] skip dns.
[Tue Jun 30 00:51:28 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:28 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] payload='{}'
[Tue Jun 30 00:51:28 UTC 2020] POST
[Tue Jun 30 00:51:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] _ret='0'
[Tue Jun 30 00:51:29 UTC 2020] code='400'
[Tue Jun 30 00:51:29 UTC 2020] Return code: 1
[Tue Jun 30 00:51:29 UTC 2020] Error renew community.wappler.io.
[Tue Jun 30 00:51:29 UTC 2020] di='/shared/letsencrypt/community.wappler.io_ecc/'
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:29 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Le_API
[Tue Jun 30 00:51:29 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:29 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] GET
[Tue Jun 30 00:51:29 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] timeout=
[Tue Jun 30 00:51:29 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] ret='0'
[Tue Jun 30 00:51:29 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:29 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:29 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:29 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:29 UTC 2020] Le_NextRenewTime='1591011142'
[Tue Jun 30 00:51:29 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:29 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:29 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:29 UTC 2020] d
[Tue Jun 30 00:51:29 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:29 UTC 2020] Read key length:ec-256
[Tue Jun 30 00:51:29 UTC 2020] _createcsr
[Tue Jun 30 00:51:29 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:30 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:30 UTC 2020] d
[Tue Jun 30 00:51:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:30 UTC 2020] RSA key
[Tue Jun 30 00:51:30 UTC 2020] HEAD
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:30 UTC 2020] _ret='0'
[Tue Jun 30 00:51:30 UTC 2020] POST
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='201'
[Tue Jun 30 00:51:31 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] payload
[Tue Jun 30 00:51:31 UTC 2020] POST
[Tue Jun 30 00:51:31 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='200'
[Tue Jun 30 00:51:31 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:31 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA","token":"1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI"'
[Tue Jun 30 00:51:32 UTC 2020] token='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] dvlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] d
[Tue Jun 30 00:51:32 UTC 2020] vlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:32 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:32 UTC 2020] writing token:1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI to /var/www/discourse/public/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI
[Tue Jun 30 00:51:32 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:32 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] payload='{}'
[Tue Jun 30 00:51:32 UTC 2020] POST
[Tue Jun 30 00:51:32 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:32 UTC 2020] _ret='0'
[Tue Jun 30 00:51:32 UTC 2020] code='200'
[Tue Jun 30 00:51:32 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:32 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:34 UTC 2020] checking
[Tue Jun 30 00:51:34 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] payload
[Tue Jun 30 00:51:34 UTC 2020] POST
[Tue Jun 30 00:51:34 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:35 UTC 2020] _ret='0'
[Tue Jun 30 00:51:35 UTC 2020] code='200'
[Tue Jun 30 00:51:35 UTC 2020] Pending
[Tue Jun 30 00:51:35 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:37 UTC 2020] checking
[Tue Jun 30 00:51:37 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] payload
[Tue Jun 30 00:51:37 UTC 2020] POST
[Tue Jun 30 00:51:37 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:37 UTC 2020] _ret='0'
[Tue Jun 30 00:51:38 UTC 2020] code='200'
[Tue Jun 30 00:51:38 UTC 2020] Pending
[Tue Jun 30 00:51:38 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:40 UTC 2020] checking
[Tue Jun 30 00:51:40 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] payload
[Tue Jun 30 00:51:40 UTC 2020] POST
[Tue Jun 30 00:51:40 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:40 UTC 2020] _ret='0'
[Tue Jun 30 00:51:40 UTC 2020] code='200'
[Tue Jun 30 00:51:40 UTC 2020] Pending
[Tue Jun 30 00:51:40 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:42 UTC 2020] checking
[Tue Jun 30 00:51:42 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] payload
[Tue Jun 30 00:51:42 UTC 2020] POST
[Tue Jun 30 00:51:42 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:43 UTC 2020] _ret='0'
[Tue Jun 30 00:51:43 UTC 2020] code='200'
[Tue Jun 30 00:51:43 UTC 2020] Pending
[Tue Jun 30 00:51:43 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:45 UTC 2020] checking
[Tue Jun 30 00:51:45 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] payload
[Tue Jun 30 00:51:45 UTC 2020] POST
[Tue Jun 30 00:51:45 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:45 UTC 2020] _ret='0'
[Tue Jun 30 00:51:45 UTC 2020] code='200'
[Tue Jun 30 00:51:46 UTC 2020] Pending
[Tue Jun 30 00:51:46 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:48 UTC 2020] checking
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:48 UTC 2020] _ret='0'
[Tue Jun 30 00:51:48 UTC 2020] code='200'
[Tue Jun 30 00:51:48 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI: Error getting validation data
[Tue Jun 30 00:51:48 UTC 2020] pid
[Tue Jun 30 00:51:48 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:48 UTC 2020] _clearupdns
[Tue Jun 30 00:51:48 UTC 2020] dns_entries
[Tue Jun 30 00:51:48 UTC 2020] skip dns.
[Tue Jun 30 00:51:48 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:48 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload='{}'
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:49 UTC 2020] _ret='0'
[Tue Jun 30 00:51:49 UTC 2020] code='400'
[Tue Jun 30 00:51:49 UTC 2020] Return code: 1
[Tue Jun 30 00:51:49 UTC 2020] Error renew community.wappler.io_ecc.
[Tue Jun 30 00:51:49 UTC 2020] di='/shared/letsencrypt/example.com/'
[Tue Jun 30 00:51:49 UTC 2020] d='example.com'
[Tue Jun 30 00:51:49 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:49 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:49 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/example.com'
[Tue Jun 30 00:51:49 UTC 2020] Renew: 'example.com'
[Tue Jun 30 00:51:49 UTC 2020] Le_API
[Tue Jun 30 00:51:49 UTC 2020] Skip invalid cert for: example.com
[Tue Jun 30 00:51:49 UTC 2020] Return code: 2
[Tue Jun 30 00:51:49 UTC 2020] Skipped example.com
[Tue Jun 30 00:51:49 UTC 2020] _error_level='1'
[Tue Jun 30 00:51:49 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:49 UTC 2020] The NOTIFY_HOOK is empty, just return.
[Tue Jun 30 00:51:49 UTC 2020] ===End cron===

Isso geralmente significa que a entrada DNS AAAA estava com problemas. Como

Suponho que esse tenha sido de fato o caso.

Como hospedamos vários sites na DO sem problemas com IPv6 + Let’s Encrypt, isso parece ser um erro do usuário. Por favor, abra um novo tópico se conseguir fornecer passos para reproduzir o problema.