Let's Encrypt not working anymore - Authorization must be pending

Protected

Verified User
Joined
Oct 29, 2006
Messages
57
Yes, I should hope so. The filesystem says it's from Jan 3. There's nothing pending on custombuild.

The first warning e-mails from DirectAdmin (Error during automated certificate renewal) are from Jan 8. At first I thought it was a temporary availability issue, a temporary rate limit or an issue that would get fixed by DA so I didn't do anything, but now I have certificates that expired, which is problematic.
 

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
183
Location
UA
try to rename .htaccess in domains public_html and try to update cert again
 

Protected

Verified User
Joined
Oct 29, 2006
Messages
57
Ok, right now it's working again for regular domains (unchanged) and broken only for the server's hostname. Where's the public_html for that? There's no .htaccess in /var/www/html .
 

Protected

Verified User
Joined
Oct 29, 2006
Messages
57
That's the only way I know how to do that, but I think I got it. There's a dnssec issue on the hostname preventing remote nameservers from considering its A record valid. So, distinct issues. Thanks anyway!
 

Tpark

Verified User
Joined
Nov 2, 2018
Messages
22
My server hasn't been able to request certificates for a week, apparently.
same here.

not worked

That's the only way I know how to do that, but I think I got it. There's a dnssec issue on the hostname preventing remote nameservers from considering its A record valid. So, distinct issues. Thanks anyway!
not worked

---
any suggestions?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,935
Location
LT, EU
May you let us know the domain name affected? If not, try using letsdebug.net and see if it reports any issues.
 

Tpark

Verified User
Joined
Nov 2, 2018
Messages
22
May you let us know the domain name affected? If not, try using letsdebug.net and see if it reports any issues.
all 3 tests at letsdebug.net:
All OK!
No issues were found with "domain.com".
-

DA -> SSL Certificates -> Free & automated ... :
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/2964524310...
Processing authorization for "domain.com"...
Waiting for domain verification...
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...
-

rewrite_conf and rebuild letsencrypt done.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,935
Location
LT, EU
I'd suggest not to retry many times, as you could reach the rate limit. Please open a support ticket for this and we'll let you know what's wrong with that domain.

Thank you!
 

mateusz

New member
Joined
Mar 19, 2020
Messages
5
Hi,

same issue here...

- letsdebug.net - no issues
- instructions: https://help.directadmin.com/item.php?id=629
Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single panek.ovh 4096
Are getting result:
Code:
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/3468395533...
Processing authorization for panek.ovh...
Challenge is valid.
Generating 4096 bit RSA key for panek.ovh...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/admin/domains/panek.ovh.key.new"
Generating RSA private key, 4096 bit long modulus (2 primes)
..............................................................................................................++++
........++++
e is 65537 (0x010001)
Checking Certificate Private key match... Match!
Certificate for panek.ovh has been created successfully!
But running second command crashes DirectAdmin - it cannot start... I needed to change manually SSL=0 to restart it...


Any ideas?
Thanks in advance for any help!
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
714
Location
Netherlands Germany
For the one that wasn't working here last week or so ( so i think nu bug here at our da server for now).

I did first disable automatic LE renew in DA controlpanel. ( this in combination with new cert does a kind of "reset" for a domain and the LE )
Disabled SSL.
Then enabbled SSL , a new LE cert and then solved for this one. ( but could be with the LE bug then)
 
Top