Pfsesne Let’s Encrypt error issuing Certificate

sshami

Hi, I am getting problem while issuing lets encrypt certificate.
Using Domain SAN list - Standalone HTTP server.
name.domainname/:Verify error:Invalid response from http://name.domainname/.well-known/acme-challenge/C27R5jTknkrfD3-7gMfiISsDIG3qtluDM_JcI8CEUHI [xxx.xx.xx.xx]: 503
Note: Above domain name is changed just for example.
If i go to/tmp/acme/acme_issuecert.log
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
If i hit : http://name.domainname/.well-known/acme-challenge/C27R5jTknkrfD3-7gMfiISsDIG3qtluDM_JcI8CEUHI
503 Service Unavailable
No server is available to handle this request.

My steup is 2 Pfsese with HA with CARP virtual IP.

Gertjan

@sshami said in Pfsesne Let’s Encrypt error issuing Certificate:

If i hit : http://name.domainname/.....
then
503 Service Unavailable

which means that, when LE contacted on port 80 TCP (a classic http request) the "name.domainname" web server, there was no answer = no web server present ?
"name.domainname" points to a web server ?

sshami

@gertjan
Thanks !
First of all i a unable to create certificate via LE giving error 503.
What would be posible cause and where i have to check. Even i can dns lookup my entry and it resolved correct IP.
Could i try to use DNS-Amazon Route53 API method instead of standalone HTTP server.

Gertjan

@sshami

@sshami said in Pfsesne Let’s Encrypt error issuing Certificate:

What would be posible cause

You have to own = rent "name.domainname".
You have a A record setup that point to an IP.
On this IP you should have a web server, that should answer, at least, '80' (http).

sshami

This post is deleted!