Strange things happening in ACME standalone server validation

VincentEmmanuel

HI everyone,

I have a couple of domains going through the ACME standalone server validation.

There is 1 subdomain that failed despite having the exact same dns config as others

eg in my dns record

www.example.com => my wan ip
beta.example.com => my wan ip

The www passed while the beta failed.

ACME-HUPER-STAGE
Renewing certificate 
account: ACME-HUPER-TEST 
server: letsencrypt-staging 


/usr/local/pkg/acme/acme.sh --issue -d 'www.example.market' --standalone --listen-v4 --httpport '4002' -d 'www.example.asia' --standalone --listen-v4 --httpport '4002' -d 'beta.example.asia' --standalone --listen-v4 --httpport '4002' --home '/tmp/acme/ACME-HUPER-STAGE/' --accountconf '/tmp/acme/ACME-HUPER-STAGE/accountconf.conf' --force --reloadCmd '/tmp/acme/ACME-HUPER-STAGE/reloadcmd.sh' --log-level 3 --log '/tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log'

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[port] => 4002
[ipv6] => 
)
[Sat Feb 2 10:59:09 +08 2019] Standalone mode.
[Sat Feb 2 10:59:13 +08 2019] Standalone mode.
[Sat Feb 2 10:59:14 +08 2019] Standalone mode.
[Sat Feb 2 10:59:14 +08 2019] Multi domain='DNS:www.example.market,DNS:www.example.asia,DNS:beta.example.asia'
[Sat Feb 2 10:59:14 +08 2019] Getting domain auth token for each domain
[Sat Feb 2 10:59:14 +08 2019] Getting webroot for domain='www.example.market'
[Sat Feb 2 10:59:14 +08 2019] Getting new-authz for domain='www.example.market'
[Sat Feb 2 10:59:16 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:16 +08 2019] Getting webroot for domain='www.example.asia'
[Sat Feb 2 10:59:16 +08 2019] Getting new-authz for domain='www.example.asia'
[Sat Feb 2 10:59:17 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:17 +08 2019] Getting webroot for domain='beta.example.asia'
[Sat Feb 2 10:59:17 +08 2019] Getting new-authz for domain='beta.example.asia'
[Sat Feb 2 10:59:18 +08 2019] The new-authz request is ok.
[Sat Feb 2 10:59:18 +08 2019] Verifying: www.example.market
[Sat Feb 2 10:59:18 +08 2019] Standalone mode server
[Sat Feb 2 10:59:23 +08 2019] Success
[Sat Feb 2 10:59:23 +08 2019] Verifying: www.example.asia
[Sat Feb 2 10:59:23 +08 2019] Standalone mode server
[Sat Feb 2 10:59:27 +08 2019] Pending
[Sat Feb 2 10:59:30 +08 2019] Success
[Sat Feb 2 10:59:30 +08 2019] Verifying: beta.example.asia
[Sat Feb 2 10:59:30 +08 2019] Standalone mode server
[Sat Feb 2 10:59:34 +08 2019] beta.example.asia:Verify error:Invalid response from http://beta.example.asia/.well-known/acme-challenge/hb_b-sHS5zrd66Xj9GQ3AG27ryABPkkYbIwX9lVzfuo: 
[Sat Feb 2 10:59:34 +08 2019] Please check log file for more details: /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

Any help or insight appreciated!!!

A Former User

Hi @vincentemmanuel,

What does /tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log show?

Thank you,

-James

VincentEmmanuel

@netgate-james said in Strange things happening in ACME standalone server validation:

/tmp/acme/ACME-HUPER-STAGE/acme_issuecert.log

[Sat Feb  2 23:26:34 +08 2019] response='{"type":"urn:ietf:params:acme:error:malformed","detail":"Unable to update challenge :: authorization must be pending","status": 400}'
[Sat Feb  2 23:26:34 +08 2019] code='400'