Автоматическое продление Let's Encrypt и IPv6

Ну, проблема с IPv6 и Let’s Encrypt была действительно неясной.

При пересборке Discourse — всё работало отлично — был выдан новый сертификат.

Но автоматическое обновление Let’s Encrypt не работало — возникало тайм-аут, так как сайт был недоступен через IPv6 (во время работы) для проверки Let’s Encrypt папки .well-known.

Мы также проверили установку Docker-хоста: у него не было правил пересылки ip6tables во внутреннюю сеть Docker, как это было для IPv4, хотя в ip6tables всё было разрешено…

Мы также включили IPv6 в настройках Docker-хоста и перезапустили демон, но это тоже не помогло.

@jomaxro

Спасибо, Джордж. Первый вопрос: можете ли вы подтвердить, что следовали инструкции по адресу discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub?

Я только что проверил один из наших тестовых сайтов на Digital Ocean с функцией «самостоятельного хостинга», на котором включен IPv6, и могу подтвердить, что SSL-сертификат был успешно продлен без каких-либо проблем.

Да, мы действовали именно так: сначала вручную установили Docker, а затем запустили discourse-setup.

Мы сделали это довольно давно (2,5 года назад). Изначально всё работало отлично, но год спустя, когда мы добавили AAAA-запись для IPv6, автоматическое продление сертификатов перестало работать, и нам приходилось каждый раз запускать команду discourse rebuild, чтобы получить новый SSL-сертификат.

У вас есть логи на момент неудачного автоматического продления? Они были бы весьма полезны.

Также, отступали ли вы от официального руководства каким-либо образом? Дополнительный обратный прокси? Ручные изменения в app.yml? Настройка брандмауэра на хост-системе? и т.д.

Я не хочу, чтобы это звучало так, будто я сомневаюсь в вас, но учитывая тысячи самохостинговых установок, о которых мы знаем, многие из которых используют IPv6, если бы продление SSL-сертификатов для сайтов на IPv6 не работало, мы бы ожидали услышать множество жалоб.

We followed the official guide very strictly - no additions at all - no proxies what so ever. Just a bare bone VPS with Ubuntu on it and docker.

The VPS had ipv6 enabled but as I said we added the AAAA record to the DNS much later.
We didn’t enter any other specific ipv6 config on the server.

Here is the detailed logging of the failed SSL renewal:

[Tue Jun 30 00:51:02 UTC 2020] Running cmd: cron
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] ===Starting cron===
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:02 UTC 2020] ret='0'
[Tue Jun 30 00:51:02 UTC 2020] Already uptodate!
[Tue Jun 30 00:51:02 UTC 2020] Upgrade success!
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] Auto upgraded to: 2.8.7
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] _stopRenewOnError
[Tue Jun 30 00:51:02 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:02 UTC 2020] di='/shared/letsencrypt/community.wappler.io/'
[Tue Jun 30 00:51:02 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:02 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] Le_API
[Tue Jun 30 00:51:02 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:02 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:02 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:02 UTC 2020] GET
[Tue Jun 30 00:51:02 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:02 UTC 2020] timeout=
[Tue Jun 30 00:51:02 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:03 UTC 2020] ret='0'
[Tue Jun 30 00:51:03 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:03 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:03 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:03 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:03 UTC 2020] Le_NextRenewTime='1591011136'
[Tue Jun 30 00:51:03 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:03 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:03 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:03 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:03 UTC 2020] Read key length:4096
[Tue Jun 30 00:51:03 UTC 2020] _createcsr
[Tue Jun 30 00:51:03 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:03 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:03 UTC 2020] d
[Tue Jun 30 00:51:03 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:03 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:03 UTC 2020] RSA key
[Tue Jun 30 00:51:03 UTC 2020] HEAD
[Tue Jun 30 00:51:03 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:03 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:04 UTC 2020] _ret='0'
[Tue Jun 30 00:51:04 UTC 2020] code='201'
[Tue Jun 30 00:51:04 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984600516'
[Tue Jun 30 00:51:04 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] payload
[Tue Jun 30 00:51:04 UTC 2020] POST
[Tue Jun 30 00:51:04 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562603567'
[Tue Jun 30 00:51:04 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:05 UTC 2020] _ret='0'
[Tue Jun 30 00:51:05 UTC 2020] code='200'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww","token":"4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU"'
[Tue Jun 30 00:51:05 UTC 2020] token='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] dvlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] d
[Tue Jun 30 00:51:05 UTC 2020] vlist='community.wappler.io#4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:05 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:05 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:05 UTC 2020] keyauthorization='4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:05 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:05 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:05 UTC 2020] writing token:4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU to /var/www/discourse/public/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU
[Tue Jun 30 00:51:05 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:05 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] payload='{}'
[Tue Jun 30 00:51:05 UTC 2020] POST
[Tue Jun 30 00:51:05 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:05 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:06 UTC 2020] _ret='0'
[Tue Jun 30 00:51:06 UTC 2020] code='200'
[Tue Jun 30 00:51:06 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:06 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:08 UTC 2020] checking
[Tue Jun 30 00:51:08 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] payload
[Tue Jun 30 00:51:08 UTC 2020] POST
[Tue Jun 30 00:51:08 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:08 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:08 UTC 2020] _ret='0'
[Tue Jun 30 00:51:08 UTC 2020] code='200'
[Tue Jun 30 00:51:08 UTC 2020] Pending
[Tue Jun 30 00:51:08 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:10 UTC 2020] checking
[Tue Jun 30 00:51:10 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] payload
[Tue Jun 30 00:51:10 UTC 2020] POST
[Tue Jun 30 00:51:10 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:10 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:11 UTC 2020] _ret='0'
[Tue Jun 30 00:51:11 UTC 2020] code='200'
[Tue Jun 30 00:51:11 UTC 2020] Pending
[Tue Jun 30 00:51:11 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:13 UTC 2020] checking
[Tue Jun 30 00:51:13 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] payload
[Tue Jun 30 00:51:13 UTC 2020] POST
[Tue Jun 30 00:51:13 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:13 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:14 UTC 2020] _ret='0'
[Tue Jun 30 00:51:14 UTC 2020] code='200'
[Tue Jun 30 00:51:14 UTC 2020] Pending
[Tue Jun 30 00:51:14 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:16 UTC 2020] checking
[Tue Jun 30 00:51:16 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] payload
[Tue Jun 30 00:51:16 UTC 2020] POST
[Tue Jun 30 00:51:16 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:16 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:16 UTC 2020] _ret='0'
[Tue Jun 30 00:51:16 UTC 2020] code='200'
[Tue Jun 30 00:51:16 UTC 2020] Pending
[Tue Jun 30 00:51:16 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:18 UTC 2020] checking
[Tue Jun 30 00:51:18 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] payload
[Tue Jun 30 00:51:18 UTC 2020] POST
[Tue Jun 30 00:51:18 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:18 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:19 UTC 2020] _ret='0'
[Tue Jun 30 00:51:19 UTC 2020] code='200'
[Tue Jun 30 00:51:19 UTC 2020] Pending
[Tue Jun 30 00:51:19 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:21 UTC 2020] checking
[Tue Jun 30 00:51:21 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] payload
[Tue Jun 30 00:51:21 UTC 2020] POST
[Tue Jun 30 00:51:21 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:21 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:23 UTC 2020] _ret='0'
[Tue Jun 30 00:51:23 UTC 2020] code='200'
[Tue Jun 30 00:51:23 UTC 2020] Pending
[Tue Jun 30 00:51:23 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:25 UTC 2020] checking
[Tue Jun 30 00:51:25 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] payload
[Tue Jun 30 00:51:25 UTC 2020] POST
[Tue Jun 30 00:51:25 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:25 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:25 UTC 2020] _ret='0'
[Tue Jun 30 00:51:25 UTC 2020] code='200'
[Tue Jun 30 00:51:25 UTC 2020] Pending
[Tue Jun 30 00:51:25 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:27 UTC 2020] checking
[Tue Jun 30 00:51:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] payload
[Tue Jun 30 00:51:27 UTC 2020] POST
[Tue Jun 30 00:51:27 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:27 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:28 UTC 2020] _ret='0'
[Tue Jun 30 00:51:28 UTC 2020] code='200'
[Tue Jun 30 00:51:28 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/4R4zLJ4iIGITDWBtCaL0ex79Q7M1WVoEzNYrcncLLCU: Timeout during connect (likely firewall problem)
[Tue Jun 30 00:51:28 UTC 2020] pid
[Tue Jun 30 00:51:28 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:28 UTC 2020] _clearupdns
[Tue Jun 30 00:51:28 UTC 2020] dns_entries
[Tue Jun 30 00:51:28 UTC 2020] skip dns.
[Tue Jun 30 00:51:28 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:28 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] payload='{}'
[Tue Jun 30 00:51:28 UTC 2020] POST
[Tue Jun 30 00:51:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562603567/kO4gww'
[Tue Jun 30 00:51:28 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] _ret='0'
[Tue Jun 30 00:51:29 UTC 2020] code='400'
[Tue Jun 30 00:51:29 UTC 2020] Return code: 1
[Tue Jun 30 00:51:29 UTC 2020] Error renew community.wappler.io.
[Tue Jun 30 00:51:29 UTC 2020] di='/shared/letsencrypt/community.wappler.io_ecc/'
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:29 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/community.wappler.io_ecc'
[Tue Jun 30 00:51:29 UTC 2020] Renew: 'community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Le_API
[Tue Jun 30 00:51:29 UTC 2020] _main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _alt_domains='no'
[Tue Jun 30 00:51:29 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Jun 30 00:51:29 UTC 2020] GET
[Tue Jun 30 00:51:29 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:29 UTC 2020] timeout=
[Tue Jun 30 00:51:29 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:29 UTC 2020] ret='0'
[Tue Jun 30 00:51:29 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_AUTHZ
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Jun 30 00:51:29 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Jun 30 00:51:29 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jun 30 00:51:29 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:29 UTC 2020] ACME_VERSION='2'
[Tue Jun 30 00:51:29 UTC 2020] Le_NextRenewTime='1591011142'
[Tue Jun 30 00:51:29 UTC 2020] _on_before_issue
[Tue Jun 30 00:51:29 UTC 2020] _chk_main_domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _chk_alt_domains
[Tue Jun 30 00:51:29 UTC 2020] Le_LocalAddress
[Tue Jun 30 00:51:29 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] Check for domain='community.wappler.io'
[Tue Jun 30 00:51:29 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:29 UTC 2020] d
[Tue Jun 30 00:51:29 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Jun 30 00:51:29 UTC 2020] Read key length:ec-256
[Tue Jun 30 00:51:29 UTC 2020] _createcsr
[Tue Jun 30 00:51:29 UTC 2020] Single domain='community.wappler.io'
[Tue Jun 30 00:51:30 UTC 2020] Getting domain auth token for each domain
[Tue Jun 30 00:51:30 UTC 2020] d
[Tue Jun 30 00:51:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"community.wappler.io"}]}'
[Tue Jun 30 00:51:30 UTC 2020] RSA key
[Tue Jun 30 00:51:30 UTC 2020] HEAD
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Tue Jun 30 00:51:30 UTC 2020] _ret='0'
[Tue Jun 30 00:51:30 UTC 2020] POST
[Tue Jun 30 00:51:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Jun 30 00:51:30 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='201'
[Tue Jun 30 00:51:31 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/61973942/3984605699'
[Tue Jun 30 00:51:31 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] payload
[Tue Jun 30 00:51:31 UTC 2020] POST
[Tue Jun 30 00:51:31 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5562611296'
[Tue Jun 30 00:51:31 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:31 UTC 2020] _ret='0'
[Tue Jun 30 00:51:31 UTC 2020] code='200'
[Tue Jun 30 00:51:31 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] Getting webroot for domain='community.wappler.io'
[Tue Jun 30 00:51:31 UTC 2020] _w='/var/www/discourse/public'
[Tue Jun 30 00:51:31 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA","token":"1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI"'
[Tue Jun 30 00:51:32 UTC 2020] token='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] dvlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] d
[Tue Jun 30 00:51:32 UTC 2020] vlist='community.wappler.io#1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA#http-01#/var/www/discourse/public,'
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] ok, let's start to verify
[Tue Jun 30 00:51:32 UTC 2020] Verifying: community.wappler.io
[Tue Jun 30 00:51:32 UTC 2020] d='community.wappler.io'
[Tue Jun 30 00:51:32 UTC 2020] keyauthorization='1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI.oqk5F-Y-LWHoSgqmpv1QpHawY8D3qpVmWxAQ5avEEeQ'
[Tue Jun 30 00:51:32 UTC 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _currentRoot='/var/www/discourse/public'
[Tue Jun 30 00:51:32 UTC 2020] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Jun 30 00:51:32 UTC 2020] writing token:1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI to /var/www/discourse/public/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI
[Tue Jun 30 00:51:32 UTC 2020] Changing owner/group of .well-known to discourse:discourse
[Tue Jun 30 00:51:32 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] payload='{}'
[Tue Jun 30 00:51:32 UTC 2020] POST
[Tue Jun 30 00:51:32 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:32 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:32 UTC 2020] _ret='0'
[Tue Jun 30 00:51:32 UTC 2020] code='200'
[Tue Jun 30 00:51:32 UTC 2020] trigger validation code: 200
[Tue Jun 30 00:51:32 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:34 UTC 2020] checking
[Tue Jun 30 00:51:34 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] payload
[Tue Jun 30 00:51:34 UTC 2020] POST
[Tue Jun 30 00:51:34 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:34 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:35 UTC 2020] _ret='0'
[Tue Jun 30 00:51:35 UTC 2020] code='200'
[Tue Jun 30 00:51:35 UTC 2020] Pending
[Tue Jun 30 00:51:35 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:37 UTC 2020] checking
[Tue Jun 30 00:51:37 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] payload
[Tue Jun 30 00:51:37 UTC 2020] POST
[Tue Jun 30 00:51:37 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:37 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:37 UTC 2020] _ret='0'
[Tue Jun 30 00:51:38 UTC 2020] code='200'
[Tue Jun 30 00:51:38 UTC 2020] Pending
[Tue Jun 30 00:51:38 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:40 UTC 2020] checking
[Tue Jun 30 00:51:40 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] payload
[Tue Jun 30 00:51:40 UTC 2020] POST
[Tue Jun 30 00:51:40 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:40 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:40 UTC 2020] _ret='0'
[Tue Jun 30 00:51:40 UTC 2020] code='200'
[Tue Jun 30 00:51:40 UTC 2020] Pending
[Tue Jun 30 00:51:40 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:42 UTC 2020] checking
[Tue Jun 30 00:51:42 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] payload
[Tue Jun 30 00:51:42 UTC 2020] POST
[Tue Jun 30 00:51:42 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:42 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:43 UTC 2020] _ret='0'
[Tue Jun 30 00:51:43 UTC 2020] code='200'
[Tue Jun 30 00:51:43 UTC 2020] Pending
[Tue Jun 30 00:51:43 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:45 UTC 2020] checking
[Tue Jun 30 00:51:45 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] payload
[Tue Jun 30 00:51:45 UTC 2020] POST
[Tue Jun 30 00:51:45 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:45 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:45 UTC 2020] _ret='0'
[Tue Jun 30 00:51:45 UTC 2020] code='200'
[Tue Jun 30 00:51:46 UTC 2020] Pending
[Tue Jun 30 00:51:46 UTC 2020] sleep 2 secs to verify
[Tue Jun 30 00:51:48 UTC 2020] checking
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:48 UTC 2020] _ret='0'
[Tue Jun 30 00:51:48 UTC 2020] code='200'
[Tue Jun 30 00:51:48 UTC 2020] community.wappler.io:Verify error:Fetching https://community.wappler.io/.well-known/acme-challenge/1Jmi14PFJCK5CFdXT5CJDdeRcbBDfyBgKlbCH7xLLvI: Error getting validation data
[Tue Jun 30 00:51:48 UTC 2020] pid
[Tue Jun 30 00:51:48 UTC 2020] No need to restore nginx, skip.
[Tue Jun 30 00:51:48 UTC 2020] _clearupdns
[Tue Jun 30 00:51:48 UTC 2020] dns_entries
[Tue Jun 30 00:51:48 UTC 2020] skip dns.
[Tue Jun 30 00:51:48 UTC 2020] _on_issue_err
[Tue Jun 30 00:51:48 UTC 2020] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Jun 30 00:51:48 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] payload='{}'
[Tue Jun 30 00:51:48 UTC 2020] POST
[Tue Jun 30 00:51:48 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5562611296/RB9_XA'
[Tue Jun 30 00:51:48 UTC 2020] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Tue Jun 30 00:51:49 UTC 2020] _ret='0'
[Tue Jun 30 00:51:49 UTC 2020] code='400'
[Tue Jun 30 00:51:49 UTC 2020] Return code: 1
[Tue Jun 30 00:51:49 UTC 2020] Error renew community.wappler.io_ecc.
[Tue Jun 30 00:51:49 UTC 2020] di='/shared/letsencrypt/example.com/'
[Tue Jun 30 00:51:49 UTC 2020] d='example.com'
[Tue Jun 30 00:51:49 UTC 2020] Using config home:/shared/letsencrypt
[Tue Jun 30 00:51:49 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Jun 30 00:51:49 UTC 2020] DOMAIN_PATH='/shared/letsencrypt/example.com'
[Tue Jun 30 00:51:49 UTC 2020] Renew: 'example.com'
[Tue Jun 30 00:51:49 UTC 2020] Le_API
[Tue Jun 30 00:51:49 UTC 2020] Skip invalid cert for: example.com
[Tue Jun 30 00:51:49 UTC 2020] Return code: 2
[Tue Jun 30 00:51:49 UTC 2020] Skipped example.com
[Tue Jun 30 00:51:49 UTC 2020] _error_level='1'
[Tue Jun 30 00:51:49 UTC 2020] _set_level='2'
[Tue Jun 30 00:51:49 UTC 2020] The NOTIFY_HOOK is empty, just return.
[Tue Jun 30 00:51:49 UTC 2020] ===End cron===

Обычно это означает, что запись AAAA в DNS была некорректной. Как

Полагаю, что в данном случае так и было.

Поскольку мы успешно размещаем несколько сайтов на DigitalOcean с поддержкой IPv6 и Let’s Encrypt, здесь, похоже, имеет место ошибка пользователя. Пожалуйста, создайте новую тему, если сможете предоставить шаги для воспроизведения проблемы.