Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS-Hurricane Electric: Operation timed out - resolved

    Scheduled Pinned Locked Moved ACME
    6 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bartkowski
      last edited by bartkowski

      Currently on ACME 0.6.8 (noticed an issue while on prior version).

      I'm using DNS-Hurricane Electric method.
      I think the referrer should be my external IP.
      When I query my FQDN of my pfsense box, it returns 192.168.2.1, so is it a DNS issue?

      2020/04/29 13:27:18 [error] 44990#100120: *3720 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.2.25, server: , request: "POST /acme/acme_certificates.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.2.1", referrer: "https://192.168.2.1/acme/acme_certificates.php"

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What is that log from?

        The referring URL is whatever the client sent -- that's not up to anything but the client/browser.

        A timeout while trying to POST could be anything, but it maybe sounds like the renewal process is taking longer than PHP was willing to wait. It may yet succeed in the background, given enough time.

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        B 1 Reply Last reply Reply Quote 0
        • B
          bartkowski @jimp
          last edited by

          acme_issuecert.log.txt
          @jimp I took that above log excerpt from System Logs, process: nginx. Attached is the partial log from file: acme_issuecert.log, it includes only data after the line "The txt record is added: Success." and I edit the domain name. Last time this worked was in January 2020.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It looks like it isn't actually updating the DNS record, despite saying it was successful.

            It's trying to do a lookup for your DNS record via DoH:

            [Wed Apr 29 19:38:22 CDT 2020] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.pfsense.home.mywebsite.com&type=TXT'

            But it does not receive back the answer it expects:

            [Wed Apr 29 19:38:22 CDT 2020] response='{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"_acme-challenge.pfsense.home.mywebsite.com","type":16}],"Answer":[{"name":"_acme-challenge.pfsense.home.mywebsite.com","type":16,"TTL":0,"data":"3iQX1xq8aOZ2c7PcyZQyVcWbTDDGLddStKZYKzg9dPU"}]}'
[Wed Apr 29 19:38:22 CDT 2020] _answers='"Answer":[
"name":"_acme-challenge.pfsense.home.mywebsite.com","type":16,"TTL":0,"data":"3iQX1xq8aOZ2c7PcyZQyVcWbTDDGLddStKZYKzg9dPU"
]'
[Wed Apr 29 19:38:22 CDT 2020] Not valid yet, let's wait 10 seconds and check next one

            Seems like the timeout is from it looping over and over waiting on the DNS record to be updated.

            So the real problem would either be in HE (your account settings, DNS/zone contents, etc) or higher up in the ACME log.

            Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            B 1 Reply Last reply Reply Quote 0
            • B
              bartkowski @jimp
              last edited by bartkowski

              @jimp said in DNS-Hurricane Electric: Operation timed out:

              pfsense.home.mywebsite.com

              mywebsite.com is actually fake name I used. I'll keep digging into it. I thought it was the package, since it worked in the past, last time January 30th.

              edit: I just tried again and I see txt='DDAkEHbk5eNJMz1I-uXlirZPPPk65R0qsgh8jEMlUSE' was added on my HE account.

              edit2: if I dig @9.9.9.9 _acme-challenge.pfsense.home.mywebsite.com, it returns nameservers of HE.
              If I dig @1.1.1.1 _acme-challenge.pfsense.home.mywebsite.com, it returns nameservers of ZoneEdit.com - my registrar (I set HE's nameservers in ZoneEdit).

              1 Reply Last reply Reply Quote 0
              • B
                bartkowski
                last edited by

                The issue was definitely with ZoneEdit. I re-edited the nameservers in ZoneEdit, saved, and after a while Quad9 and Cloudflare DNS servers were serving up HE's nameservers.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.