4. Strange things happening in ACME standalone server validation

Strange things happening in ACME standalone server validation

  • V

    HI everyone,

    I have a couple of domains going through the ACME standalone server validation.

    There is 1 subdomain that failed despite having the exact same dns config as others

    eg in my dns record

    www.example.com => my wan ip
    beta.example.com => my wan ip

    The www passed while the beta failed.

    ACME-HUPER-STAGE
Renewing certificate 
account: ACME-HUPER-TEST 
server: letsencrypt-staging 


/usr/local/pkg/acme/acme.sh --issue -d 'www.example.market' --standalone --listen-v4 --httpport '4002' -d 'www.example.asia' --standalone --listen-v4 --httpport '4002' -d 'beta.example.asia' --standalone --listen-v4 --httpport '4002' --home '/tmp/acme/ACME-HUPER-STAGE/' --accountconf '/tmp/acme/ACME-HUPER-STAGE/accountconf.conf' --force --reloadCmd '/tmp/acme/ACME-HUPER-STAGE/reloadcmd.sh' --log-level 3 --log '/tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log'

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[port] => 4002
[ipv6] => 
)
[Sat Feb 2 10:59:09 +08 2019] Standalone mode.
[Sat Feb 2 10:59:13 +08 2019] Standalone mode.
[Sat Feb 2 10:59:14 +08 2019] Standalone mode.
[Sat Feb 2 10:59:14 +08 2019] Multi domain='DNS:www.example.market,DNS:www.example.asia,DNS:beta.example.asia'
[Sat Feb 2 10:59:14 +08 2019] Getting domain auth token for each domain
[Sat Feb 2 10:59:14 +08 2019] Getting webroot for domain='www.example.market'
[Sat Feb 2 10:59:14 +08 2019] Getting new-authz for domain='www.example.market'
[Sat Feb 2 10:59:16 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:16 +08 2019] Getting webroot for domain='www.example.asia'
[Sat Feb 2 10:59:16 +08 2019] Getting new-authz for domain='www.example.asia'
[Sat Feb 2 10:59:17 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:17 +08 2019] Getting webroot for domain='beta.example.asia'
[Sat Feb 2 10:59:17 +08 2019] Getting new-authz for domain='beta.example.asia'
[Sat Feb 2 10:59:18 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:18 +08 2019] Verifying: www.example.market
[Sat Feb 2 10:59:18 +08 2019] Standalone mode server
[Sat Feb 2 10:59:23 +08 2019] Success
[Sat Feb 2 10:59:23 +08 2019] Verifying: www.example.asia
[Sat Feb 2 10:59:23 +08 2019] Standalone mode server
[Sat Feb 2 10:59:27 +08 2019] Pending
[Sat Feb 2 10:59:30 +08 2019] Success
[Sat Feb 2 10:59:30 +08 2019] Verifying: beta.example.asia
[Sat Feb 2 10:59:30 +08 2019] Standalone mode server
[Sat Feb 2 10:59:34 +08 2019] beta.example.asia:Verify error:Invalid response from http://beta.example.asia/.well-known/acme-challenge/hb_b-sHS5zrd66Xj9GQ3AG27ryABPkkYbIwX9lVzfuo: 
[Sat Feb 2 10:59:34 +08 2019] Please check log file for more details: /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

    Any help or insight appreciated!!!

    0
  • Galactic Empire Netgate

    Hi @vincentemmanuel,

    What does /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log show?

    Thank you,

    -James

    0
  • V

    @netgate-james said in Strange things happening in ACME standalone server validation:

    /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

    [Sat Feb  2 23:26:34 +08 2019] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to update challenge :: authorization must be pending","status": 400}'
[Sat Feb  2 23:26:34 +08 2019] code='400'
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy