Let's Encrypt Invalid challenge and time out

Dannik

Verified User
Joined
Jan 7, 2009
Messages
77
Location
Netherlands
Let's Encrypt Invalid challenge and time out [SOLVED]

Hi,
I have been using Let's Encrypt for a while on several VPS's. Since a few days however I'm receiving errors the certifcates cannot be renewed. Both domain certificates as the server certficate. When I try to renew manual using DA, the script tells me something is wrong:

Getting challenge for mydomain.tld from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Fetching http://mydomain.tld/.well-known/acme-challenge/gHmNnfVco0p4mYKzmygvCaN4t2xEIsZqdGiVPDvw8H4: Timeout. Exiting...

The strange thing is that when I check the Apache logs, it seems another URL is being called:
{my_own_ip} - - [27/Jun/2017:20:12:16 +0200] "GET /.well-known/acme-challenge/letsencrypt_1498587134 HTTP/1.1" 200 206 "-" "curl/7.50.1"
But it says status 200 and 206 (so that's ok). No further checks for the can be found in the logs.

I deleted all banned entries in BruteBlock, so it cannot be Let's Encrypt servers are being blocked. I also checked out and succesfully tested the help for manually debugging https://help.directadmin.com/item.php?id=646, and this seems to be configured properly too:

[root@myserver]# /usr/local/bin/curl -I -L -k -X GET http://mydomain.tld/.well-known/acme-challenge/test.txt
HTTP/1.1 200 OK
Date: Tue, 27 Jun 2017 18:28:56 GMT
Server: Apache/2
Last-Modified: Tue, 27 Jun 2017 18:28:44 GMT
ETag: "5-552f53cccd45b"
Accept-Ranges: bytes
Content-Length: 5
Vary: User-Agent
Content-Type: text/plain

I was running DA-version 1.51.3, until this morning, but then I updated to version 1.51.4, hoping this could solve the problem. Unfortunately it did not... :(

I'm running letsencrypt=1, /var/www/html/.well-known/acme-challenge/ exists and is set as an alias in /etc/httpd/conf/extra/httpd-alias.conf. And as the testresult already showed eveything else seems to be configured well (should be, it worked well for more than a year!). No recent maintenance was done.

Who can help me out? Thanx!
Danny
 
Last edited:
Ok... I'm confused.. I've tried to renew the certificates several times today, without any luck. Finally I decided to try it on yet another domain (which had no certificate at all) and that worked. After that, the other domains were able to renew as well :confused:
I don't know what could have caused it, and I will wait for the automatic renewals coming up, but for now this somehow seems to have solved itself...
 
Back
Top