Re: acme-client: renewal fails
Lindner, Thomas 1. (Nokia - DE/Nuremberg)(thomas.1.lind...@nokia.com) on
2019.01.22 18:56:06 +:
> Hello,
>
> I run OpenBSD 6.4 and recently noted that renewals with acme-client fail:
> # acme-client -vv lists.dl6tom.de =
>=
>=
> =20
> acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key =
>=
>=
> =20
> acme-client: /etc/ssl/lists.dl6tom.de.crt: certificate renewable: -42 days =
> left =
>=
> =20
> acme-client: /etc/ssl/private/lists.dl6tom.de.key: loaded RSA domain key =
>=
>=
> =20
> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories =
>=
>=
> =20
> acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175=
>=
>=
> =20
> acme-client: transfer buffer: [{ "0wdNjYxn8kA": "https://community.letsencr=
> ypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "htt=
> ps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentitie=
> s": [ "letse
> ncrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA=
> -v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org; }, "new-a=
> uthz": "https://acme-v01.api.letsencrypt.org/acme/new-authz;, "new-cert": "=
> https://acme
> -v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.l=
> etsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencr=
> ypt.org/acme/revoke-cert" }] (658 bytes) =
> =20
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:=
> lists.dl6tom.de =
>=
> =20
> acme-client: acme-v01.api.letsencrypt.org: cached =
>=
>=
> =20
> acme-client: acme-v01.api.letsencrypt.org: cached =
>=
>=
> =20
> acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "l=
> ists.dl6tom.de" }, "status": "pending", "expires": "2019-01-29T18:19:20Z", =
> "challenges": [ { "type": "tls-alpn-01", "status": "pending", "uri": "https=
> ://acme-v01.
> api.letsencrypt.org/acme/challenge/IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SW=
> CE0/11749882442", "token": "v8oZc_-YhBHNLCaALLEBZ03hEl--KM63pMdqixg_9Io" },=
> { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.let=
> sencrypt.org
> /acme/challenge/IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882443", "=
> token": "yW3-6mo2IK-ZASKPB6lV6rPq1qbvfP1NdUE9AV0xRTs" }, { "type": "tls-sni=
> -01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acm=
> e/challenge/
> IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882444", "token": "yfhU9kY=
> Zg5wHaRlxLmg6m_DWgzzEdwUnztXAKBmhE6w" }, { "type": "dns-01", "status": "pen=
> ding", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/IibpqF0c=
> kn28LYY5bfA-
> _qbAlYsWq-DJcQlAw0SWCE0/11749882445", "token": "iDBP2CeNpp0r5NCWTbpKUoiBOSZ=
> z8cJN8HphHRVXULk" } ], "combinations": [ [ 2 ], [ 0 ], [ 1 ], [ 3 ] ] }] (1=
> 271 bytes) =
> =20
> acme-client: /var/www/acme/yW3-6mo2IK-ZASKPB6lV6rPq1qbvfP1NdUE9AV0xRTs: cre=
> ated =
>=
> =20
> acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/IibpqF0ckn=
> 28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882443: challenge =
>=
> =20
>
acme-client: renewal fails
Hello,
I run OpenBSD 6.4 and recently noted that renewals with acme-client fail:
# acme-client -vv lists.dl6tom.de =
=
=
=20
acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key =
=
=
=20
acme-client: /etc/ssl/lists.dl6tom.de.crt: certificate renewable: -42 days =
left =
=
=20
acme-client: /etc/ssl/private/lists.dl6tom.de.key: loaded RSA domain key =
=
=
=20
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories =
=
=
=20
acme-client: acme-v01.api.letsencrypt.org: DNS: 104.111.246.175=
=
=
=20
acme-client: transfer buffer: [{ "0wdNjYxn8kA": "https://community.letsencr=
ypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "htt=
ps://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentitie=
s": [ "letse
ncrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA=
-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org; }, "new-a=
uthz": "https://acme-v01.api.letsencrypt.org/acme/new-authz;, "new-cert": "=
https://acme
-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.l=
etsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencr=
ypt.org/acme/revoke-cert" }] (658 bytes) =
=20
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:=
lists.dl6tom.de =
=
=20
acme-client: acme-v01.api.letsencrypt.org: cached =
=
=
=20
acme-client: acme-v01.api.letsencrypt.org: cached =
=
=
=20
acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "l=
ists.dl6tom.de" }, "status": "pending", "expires": "2019-01-29T18:19:20Z", =
"challenges": [ { "type": "tls-alpn-01", "status": "pending", "uri": "https=
://acme-v01.
api.letsencrypt.org/acme/challenge/IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SW=
CE0/11749882442", "token": "v8oZc_-YhBHNLCaALLEBZ03hEl--KM63pMdqixg_9Io" },=
{ "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.let=
sencrypt.org
/acme/challenge/IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882443", "=
token": "yW3-6mo2IK-ZASKPB6lV6rPq1qbvfP1NdUE9AV0xRTs" }, { "type": "tls-sni=
-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acm=
e/challenge/
IibpqF0ckn28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882444", "token": "yfhU9kY=
Zg5wHaRlxLmg6m_DWgzzEdwUnztXAKBmhE6w" }, { "type": "dns-01", "status": "pen=
ding", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/IibpqF0c=
kn28LYY5bfA-
_qbAlYsWq-DJcQlAw0SWCE0/11749882445", "token": "iDBP2CeNpp0r5NCWTbpKUoiBOSZ=
z8cJN8HphHRVXULk" } ], "combinations": [ [ 2 ], [ 0 ], [ 1 ], [ 3 ] ] }] (1=
271 bytes) =
=20
acme-client: /var/www/acme/yW3-6mo2IK-ZASKPB6lV6rPq1qbvfP1NdUE9AV0xRTs: cre=
ated =
=
=20
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/IibpqF0ckn=
28LYY5bfA-_qbAlYsWq-DJcQlAw0SWCE0/11749882443: challenge =
=
=20
acme-client: acme-v01.api.letsencrypt.org: cached =
=
=
=20
acme-client:
