Thomas L.([email protected]) on 2019.01.30 02:01:02 +0100:
> I got another domain which still fails:
> # acme-client -vv feuf.eu
> acme-client: /etc/ssl/private/feuf.eu.key: loaded RSA domain key
> acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key
> acme-client: /etc/ssl/feuf.eu.crt: certificate renewable: -61 days left
> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
> acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175
> acme-client: transfer buffer: [{ "cKjgVwg29eQ": "https://community.letsen=
crypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "h=
ttps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentit=
ies": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/d=
ocuments/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.=
org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",=
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "new-reg=
": "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert": "htt=
ps://acme-v01.api.letsencrypt.org/acme/revoke-cert" }] (658 bytes)
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-aut=
h: feuf.eu
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": =
"feuf.eu" }, "status": "pending", "expires": "2019-02-06T00:54:09Z", "chall=
enges": [ { "type": "tls-alpn-01", "status": "pending", "uri": "https://acm=
e-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVW=
gRbQxHYtU/12029926875", "token": "ujO-WvILulTRRp73I4PIUm9YUmDjwrH3jXCNiY_nA=
Yg" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v0=
1.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVWgRbQ=
xHYtU/12029926878", "token": "LVLUcXyld9xWtMaMgStGvuKT4vm61O_eghW5FXjT4DQ" =
}, { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.l=
etsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/1=
2029926881", "token": "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0" }, { "t=
ype": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencry=
pt.org/acme/challenge/jMife2TySNAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/120299268=
83", "token": "vs1QZYl6SpiCICn6WAVS0UIVzQ5bW0nCn4ngrJyBm2c" } ], "combinati=
ons": [ [ 3 ], [ 0 ], [ 2 ], [ 1 ] ] }] (1263 bytes)
> acme-client: /var/www/acme/PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0: c=
reated
> acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2Ty=
SNAitSrBm3PLb2LRL5w3F5mQVWgRbQxHYtU/12029926881: challenge
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: transfer buffer: [{ "type": "http-01", "status": "pending",
> "uri":
> "https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PL=
b2LRL5w3F5mQVWgRbQxHYtU/12029926881",
> "token": "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0",
> "keyAuthorization":
> "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0.YJLLEKdoM4e4WocQ9C9xvXqa6dAO=
4zUn6hdCgEgIfBs"
> }] (337 bytes)
> acme-client:
> https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb=
2LRL5w3F5mQVWgRbQxHYtU/12029926881:
> status
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client:
> https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PLb=
2LRL5w3F5mQVWgRbQxHYtU/12029926881:
> bad response
> acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid",
> "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid
> response from
> http://feuf.eu/.well-known/acme-challenge/PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4=
pDIP8jXFiLU0:
> \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML
> 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e4=
04
> Not
> Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u0=
03eNot
> Found\u003c/h1\u003e\\n\u003cp\"", "status": 403 }, "uri":
> "https://acme-v01.api.letsencrypt.org/acme/challenge/jMife2TySNAitSrBm3PL=
b2LRL5w3F5mQVWgRbQxHYtU/12029926881",
> "token": "PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR4pDIP8jXFiLU0",
http://feuf.eu/.well-known/acme-challenge/
reports a 404 not found. I would expect a 403 Permission Denied there if you
have DirectoryIndex turned off.
Also feuf.eu claims it is "Apache/2.4.10 (Debian) Server at feuf.eu Port
80". How does your setup look like? What does the log of that Apache Server
show?
Is acme-client really writing the challenge into the correct dir?
Is a NFS share involved?
/Benno
> "validationRecord": [ { "url":
> "http://feuf.eu/.well-known/acme-challenge/PH1MEqFF8jV3f5IyXzg9RBgI2rYnrR=
4pDIP8jXFiLU0",
> "hostname": "feuf.eu", "port": "80", "addressesResolved": [
> "46.38.243.234" ], "addressUsed": "46.38.243.234" } ] }] (964 bytes)
> acme-client: bad exit: netproc(32321): 1
>=20
> Recreating the account key doesn't change things:
> # mv /etc/acme/letsencrypt-privkey.pem /etc/acme/letsencrypt-privkey.pem.=
OLD
> # acme-client -AD -vv feuf.eu
> acme-client: /etc/ssl/private/feuf.eu.key: domain key exists (not creatin=
g)
> acme-client: /etc/ssl/private/feuf.eu.key: loaded RSA domain key
> acme-client: /etc/ssl/feuf.eu.crt: certificate renewable: -61 days left
> acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key
> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
> acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175
> acme-client: transfer buffer: [{ "JYURKwteJeI": "https://community.letsen=
crypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "h=
ttps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentit=
ies": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/d=
ocuments/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.=
org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",=
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "new-reg=
": "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert": "htt=
ps://acme-v01.api.letsencrypt.org/acme/revoke-cert" }] (658 bytes)
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: transfer buffer: [{ "id": 50500955, "key": { "kty": "RSA", "=
n": "uyWXZuxRSEqq_2R-FuwzpvoYysG0fh3lVo8PYV5Gj531YDMoLW1_EaPOzZleVoTb4LTypv=
B7WDf90UE17L2N74GPK3ZX6YsZPaaQXDJv5EHiSjhdEMxrm_2SHKN_pZ1QIoz05gXcAc25T3vR8=
yEDypkHq5gAuzf3abJ54JCr3FzWXK37X1cx7GaE7y6RngIBvfFbJ_khlTnmZdwhtXxEPXrmxBld=
CArhBlw34CNrCk8Yfp-Vo_kk-ojqt5kXH_Pi3d3BMjzMzjVq2mTodCc2syjanHkdCNIJ9rGnlcr=
cFqz2TkVrydiq1FcIIk7_jsCPUfxX7cpc07GXQl7oix7rQ_4wViKXh329lbJ2UMBerWYFxI5e_P=
I2Fpnxyj4JdcnCeLIqWm4KxZay4B4QYUiOS_ponLrSjWUkLcR9wLbvz-MJroHeoBqq-HtxJuEJE=
64cRIUuEAFrd0kCweVlD-JmXt4vnqybXfBlpV_OxuJ2PLuM1lw3d9pyn8OkhnoAo4EuCicIex4q=
cI2O095DbfAeCgkHT0MfF2P3ldvpe-M4_-ZSymO0xlthGyNLhHuK2jGUdpC-tuVabVkEMoUyXNl=
fh1wxe7ynregjYhpBLpV3e8xaVm_9RjROuwV9iDkpwpAJxq7AbT1I__VPORADptvKiIjk5OYt6O=
gVewMGFsqSlyc", "e": "AQAB" }, "contact": [], "agreement": "https://letsenc=
rypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "initialIp": "88.99.19=
0.88", "createdAt": "2019-01-30T00:58:02.526514078Z", "status": "valid" }] =
(968 bytes)
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-aut=
h: feuf.eu
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": =
"feuf.eu" }, "status": "pending", "expires": "2019-02-06T00:58:03Z", "chall=
enges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v0=
1.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18jV=
k_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTsc" =
}, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.le=
tsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12=
030062502", "token": "a24XS9u5APodx1kfL5Yts-3Dkz_3r-B-UTg4YB1eNHk" }, { "ty=
pe": "tls-alpn-01", "status": "pending", "uri": "https://acme-v01.api.letse=
ncrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030=
062504", "token": "Z_wl2z_2-EafhpqYqbVqbAA5CyBUw2NlOHTbaxXa0MU" } ], "combi=
nations": [ [ 0 ], [ 1 ], [ 2 ] ] }] (989 bytes)
> acme-client: /var/www/acme/lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTsc: c=
reated
> acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inE=
gYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: challenge
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", =
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKG=
dPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYSJ=
VNa29as6KZSD9ocP-OTsc", "keyAuthorization": "lwiD0yHQ2HoPgsV3saYYSJVNa29as6=
KZSD9ocP-OTsc.ZehNmt8wF7sgV5nWkYKV1ps63XN6_9JoaYok3vCf-VY" }] (337 bytes)
> acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inE=
gYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: status
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/pxJj6inE=
gYECYKGdPgqs7Y0tnCgVhadPbn18jVk_2ws/12030062500: bad response
> acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", =
"error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid respon=
se from http://feuf.eu/.well-known/acme-challenge/lwiD0yHQ2HoPgsV3saYYSJVNa=
29as6KZSD9ocP-OTsc: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0/=
/EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 Not=
Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u00=
3eNot Found\u003c/h1\u003e\\n\u003cp\"", "status": 403 }, "uri": "https://a=
cme-v01.api.letsencrypt.org/acme/challenge/pxJj6inEgYECYKGdPgqs7Y0tnCgVhadP=
bn18jVk_2ws/12030062500", "token": "lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-=
OTsc", "validationRecord": [ { "url": "http://feuf.eu/.well-known/acme-chal=
lenge/lwiD0yHQ2HoPgsV3saYYSJVNa29as6KZSD9ocP-OTsc", "hostname": "feuf.eu", =
"port": "80", "addressesResolved": [ "46.38.243.234" ], "addressUsed": "46.=
38.243.234" } ] }] (964 bytes)
> acme-client: bad exit: netproc(81069): 1
>=20
