SSL Let's Encrypt

jdn1976

Verified User
Joined
Mar 30, 2020
Messages
107
That's odd the SSL was working fine and some sites stopped worked and when I go to DA > SSL Certificates > Let's encrypt in order to try to update it shows:

Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4652594580...
Processing authorization for domain.com... (i remame here to not show user domain)
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4652594586...
Processing authorization for mail.domain.com... (i remame here to not show user domain)
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4652594609...
Processing authorization for www.domain.com... (i remame here to not show user domain)
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/5016874956...
Processing authorization for ftp.domain.com... (i remame here to not show user domain)
Waiting for domain verification...
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...


What I am missing?
 
Can you check if maybe there is a difference between "normal" ssl certificates and wildcard certificates?
If it's the same domain, it's not running into the request limits, is it?
 
I'm running into the same issue now. Trying to set up wildcard ssl. I'm not at the limits, as I requested last ssl weeks ago
 
@k1l0b1t Normally you might want to create a seperate topic for that as your issue could be different from this one, in spite of the fact that you have the same problem.
Are you running your own nameservers or external nameservers?
 
Oh, oops :/

I'm running my own nameserver as NS1 running on the DA box, and my Domain-providers's nameserver as NS2 with AXFR between NS1->NS2 (to have redundancy). It's quite wired because It used to work, for one domain about 2 weeks ago, but now it won't work for another domain.
 
Hmmz... odd. If NS1 is running as own nameserver and is registered at the registrar as ns1 on that ip, it should be the place where ssl should look first too for a check.
Do you have the exact same error notice:
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...
If yes, I don't know, it might be a temp issue with Letsencrypt, might also be something else, but them somebody else needs to have a look at it.
 
Yes, same error.

Here is the full output (domain changed to domain.be) :

Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4557420346...
Processing authorization for domain.be...
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/5080797295...
Processing authorization for domain.be...
DNS challenge test fail for _acme-challenge.domain.be IN TXT "zyLUP_mG5j1ZYjqRie7wu1R7ZVdmJmWF69dQsWU4d80", retrying...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Waiting for domain verification...
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...

It's looks like an issue in the DNS, but I checked the dns, and it does show the record, on both NS1 and NS2. It could indeed be somting temporary with LE.
 
I just retried and it seemed to work , probably was somthing with LE.

Thanks for the tip anyways, could come in handy in the future ;)
 
Back
Top