Strange things happening in ACME standalone server validation



  • HI everyone,

    I have a couple of domains going through the ACME standalone server validation.

    There is 1 subdomain that failed despite having the exact same dns config as others

    eg in my dns record

    www.example.com => my wan ip
    beta.example.com => my wan ip

    The www passed while the beta failed.

    ACME-HUPER-STAGE
    Renewing certificate 
    account: ACME-HUPER-TEST 
    server: letsencrypt-staging 
    
    
    /usr/local/pkg/acme/acme.sh --issue -d 'www.example.market' --standalone --listen-v4 --httpport '4002' -d 'www.example.asia' --standalone --listen-v4 --httpport '4002' -d 'beta.example.asia' --standalone --listen-v4 --httpport '4002' --home '/tmp/acme/ACME-HUPER-STAGE/' --accountconf '/tmp/acme/ACME-HUPER-STAGE/accountconf.conf' --force --reloadCmd '/tmp/acme/ACME-HUPER-STAGE/reloadcmd.sh' --log-level 3 --log '/tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log'
    
    Array
    (
    [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [port] => 4002
    [ipv6] => 
    )
    [Sat Feb 2 10:59:09 +08 2019] Standalone mode.
    [Sat Feb 2 10:59:13 +08 2019] Standalone mode.
    [Sat Feb 2 10:59:14 +08 2019] Standalone mode.
    [Sat Feb 2 10:59:14 +08 2019] Multi domain='DNS:www.example.market,DNS:www.example.asia,DNS:beta.example.asia'
    [Sat Feb 2 10:59:14 +08 2019] Getting domain auth token for each domain
    [Sat Feb 2 10:59:14 +08 2019] Getting webroot for domain='www.example.market'
    [Sat Feb 2 10:59:14 +08 2019] Getting new-authz for domain='www.example.market'
    [Sat Feb 2 10:59:16 +08 2019] The new-authz request is ok.
    [Sat Feb 2 10:59:16 +08 2019] Getting webroot for domain='www.example.asia'
    [Sat Feb 2 10:59:16 +08 2019] Getting new-authz for domain='www.example.asia'
    [Sat Feb 2 10:59:17 +08 2019] The new-authz request is ok.
    [Sat Feb 2 10:59:17 +08 2019] Getting webroot for domain='beta.example.asia'
    [Sat Feb 2 10:59:17 +08 2019] Getting new-authz for domain='beta.example.asia'
    [Sat Feb 2 10:59:18 +08 2019] The new-authz request is ok.
    [Sat Feb 2 10:59:18 +08 2019] Verifying: www.example.market
    [Sat Feb 2 10:59:18 +08 2019] Standalone mode server
    [Sat Feb 2 10:59:23 +08 2019] Success
    [Sat Feb 2 10:59:23 +08 2019] Verifying: www.example.asia
    [Sat Feb 2 10:59:23 +08 2019] Standalone mode server
    [Sat Feb 2 10:59:27 +08 2019] Pending
    [Sat Feb 2 10:59:30 +08 2019] Success
    [Sat Feb 2 10:59:30 +08 2019] Verifying: beta.example.asia
    [Sat Feb 2 10:59:30 +08 2019] Standalone mode server
    [Sat Feb 2 10:59:34 +08 2019] beta.example.asia:Verify error:Invalid response from http://beta.example.asia/.well-known/acme-challenge/hb_b-sHS5zrd66Xj9GQ3AG27ryABPkkYbIwX9lVzfuo: 
    [Sat Feb 2 10:59:34 +08 2019] Please check log file for more details: /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log
    

    Any help or insight appreciated!!!


  • Galactic Empire Netgate

    Hi @vincentemmanuel,

    What does /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log show?

    Thank you,

    -James



  • @netgate-james said in Strange things happening in ACME standalone server validation:

    /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

    [Sat Feb  2 23:26:34 +08 2019] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to update challenge :: authorization must be pending","status": 400}'
    [Sat Feb  2 23:26:34 +08 2019] code='400'
    

Log in to reply