Let's Encrypt not working anymore - Authorization must be pending

Yes, I should hope so. The filesystem says it's from Jan 3. There's nothing pending on custombuild.

The first warning e-mails from DirectAdmin (Error during automated certificate renewal) are from Jan 8. At first I thought it was a temporary availability issue, a temporary rate limit or an issue that would get fixed by DA so I didn't do anything, but now I have certificates that expired, which is problematic.
 
try to rename .htaccess in domains public_html and try to update cert again
 
Ok, right now it's working again for regular domains (unchanged) and broken only for the server's hostname. Where's the public_html for that? There's no .htaccess in /var/www/html .
 
That's the only way I know how to do that, but I think I got it. There's a dnssec issue on the hostname preventing remote nameservers from considering its A record valid. So, distinct issues. Thanks anyway!
 
Protected said:
My server hasn't been able to request certificates for a week, apparently.
Click to expand...
same here.

Zhenyapan said:
try via SSH: https://help.directadmin.com/item.php?id=629
Click to expand...
not worked

Protected said:
That's the only way I know how to do that, but I think I got it. There's a dnssec issue on the hostname preventing remote nameservers from considering its A record valid. So, distinct issues. Thanks anyway!
Click to expand...
not worked

---
any suggestions?
 
May you let us know the domain name affected? If not, try using letsdebug.net and see if it reports any issues.
 
smtalk said:
May you let us know the domain name affected? If not, try using letsdebug.net and see if it reports any issues.
Click to expand...
all 3 tests at letsdebug.net:
All OK!
No issues were found with "domain.com".
-

DA -> SSL Certificates -> Free & automated ... :
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/2964524310...
Processing authorization for "domain.com"...
Waiting for domain verification...
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...
-

rewrite_conf and rebuild letsencrypt done.
 
I'd suggest not to retry many times, as you could reach the rate limit. Please open a support ticket for this and we'll let you know what's wrong with that domain.

Thank you!
 
Hi,

same issue here...

- letsdebug.net - no issues
- instructions: https://help.directadmin.com/item.php?id=629
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single panek.ovh 4096

Are getting result:
Code: 
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/3468395533...
Processing authorization for panek.ovh...
Challenge is valid.
Generating 4096 bit RSA key for panek.ovh...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/admin/domains/panek.ovh.key.new"
Generating RSA private key, 4096 bit long modulus (2 primes)
..............................................................................................................++++
........++++
e is 65537 (0x010001)
Checking Certificate Private key match... Match!
Certificate for panek.ovh has been created successfully!

But running second command crashes DirectAdmin - it cannot start... I needed to change manually SSL=0 to restart it...


Any ideas?
Thanks in advance for any help!
 
For the one that wasn't working here last week or so ( so i think nu bug here at our da server for now).

I did first disable automatic LE renew in DA controlpanel. ( this in combination with new cert does a kind of "reset" for a domain and the LE )
Disabled SSL.
Then enabbled SSL , a new LE cert and then solved for this one. ( but could be with the LE bug then)
 
@smtalk could you please look at this thread on let's encrypt community.
they talkin about a bug in letsencrypt.sh:
just before the error message
Let’s Encrypt was unable to verify the challenge. …, there is the keyword "keyAuthorization" used in the generated jws. That keyword is not in use in the ACME v2 protocol, it is part only the ACME v1.
Click to expand...
 
You must log in or register to reply here.
Back
Top