Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange things happening in ACME standalone server validation

    Scheduled Pinned Locked Moved ACME
    3 Posts 2 Posters 558 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VincentEmmanuel
      last edited by

      HI everyone,

      I have a couple of domains going through the ACME standalone server validation.

      There is 1 subdomain that failed despite having the exact same dns config as others

      eg in my dns record

      www.example.com => my wan ip
      beta.example.com => my wan ip

      The www passed while the beta failed.

      ACME-HUPER-STAGE
      Renewing certificate 
      account: ACME-HUPER-TEST 
      server: letsencrypt-staging 
      
      
      /usr/local/pkg/acme/acme.sh --issue -d 'www.example.market' --standalone --listen-v4 --httpport '4002' -d 'www.example.asia' --standalone --listen-v4 --httpport '4002' -d 'beta.example.asia' --standalone --listen-v4 --httpport '4002' --home '/tmp/acme/ACME-HUPER-STAGE/' --accountconf '/tmp/acme/ACME-HUPER-STAGE/accountconf.conf' --force --reloadCmd '/tmp/acme/ACME-HUPER-STAGE/reloadcmd.sh' --log-level 3 --log '/tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log'
      
      Array
      (
      [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [port] => 4002
      [ipv6] => 
      )
      [Sat Feb 2 10:59:09 +08 2019] Standalone mode.
      [Sat Feb 2 10:59:13 +08 2019] Standalone mode.
      [Sat Feb 2 10:59:14 +08 2019] Standalone mode.
      [Sat Feb 2 10:59:14 +08 2019] Multi domain='DNS:www.example.market,DNS:www.example.asia,DNS:beta.example.asia'
      [Sat Feb 2 10:59:14 +08 2019] Getting domain auth token for each domain
      [Sat Feb 2 10:59:14 +08 2019] Getting webroot for domain='www.example.market'
      [Sat Feb 2 10:59:14 +08 2019] Getting new-authz for domain='www.example.market'
      [Sat Feb 2 10:59:16 +08 2019] The new-authz request is ok.
      [Sat Feb 2 10:59:16 +08 2019] Getting webroot for domain='www.example.asia'
      [Sat Feb 2 10:59:16 +08 2019] Getting new-authz for domain='www.example.asia'
      [Sat Feb 2 10:59:17 +08 2019] The new-authz request is ok.
      [Sat Feb 2 10:59:17 +08 2019] Getting webroot for domain='beta.example.asia'
      [Sat Feb 2 10:59:17 +08 2019] Getting new-authz for domain='beta.example.asia'
      [Sat Feb 2 10:59:18 +08 2019] The new-authz request is ok.
      [Sat Feb 2 10:59:18 +08 2019] Verifying: www.example.market
      [Sat Feb 2 10:59:18 +08 2019] Standalone mode server
      [Sat Feb 2 10:59:23 +08 2019] Success
      [Sat Feb 2 10:59:23 +08 2019] Verifying: www.example.asia
      [Sat Feb 2 10:59:23 +08 2019] Standalone mode server
      [Sat Feb 2 10:59:27 +08 2019] Pending
      [Sat Feb 2 10:59:30 +08 2019] Success
      [Sat Feb 2 10:59:30 +08 2019] Verifying: beta.example.asia
      [Sat Feb 2 10:59:30 +08 2019] Standalone mode server
      [Sat Feb 2 10:59:34 +08 2019] beta.example.asia:Verify error:Invalid response from http://beta.example.asia/.well-known/acme-challenge/hb_b-sHS5zrd66Xj9GQ3AG27ryABPkkYbIwX9lVzfuo: 
      [Sat Feb 2 10:59:34 +08 2019] Please check log file for more details: /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log
      

      Any help or insight appreciated!!!

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Hi @vincentemmanuel,

        What does /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log show?

        Thank you,

        -James

        1 Reply Last reply Reply Quote 0
        • V
          VincentEmmanuel
          last edited by

          @netgate-james said in Strange things happening in ACME standalone server validation:

          /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

          [Sat Feb  2 23:26:34 +08 2019] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to update challenge :: authorization must be pending","status": 400}'
          [Sat Feb  2 23:26:34 +08 2019] code='400'
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.