Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FreeDNS ACME issue

    ACME
    2
    3
    162
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phobeus last edited by phobeus

      Greetings, I'm totally new over here, but I've got issues with my freshly set up acme, it worked like once, or twice and suddenly stops.
      It looks, there's a problem with starting up standalone http server, I'm attaching my output

      ||NK-----K22
      Renewing certificate
      account: NK-----K22
      server: letsencrypt-staging-2

      /usr/local/pkg/acme/acme.sh --issue -d 'nk----.k22.su' --standalone --listen-v4 --httpport '6666' --home '/tmp/acme/NK-----K22/' --accountconf '/tmp/acme/NK-----K22/accountconf.conf' --force --reloadCmd '/tmp/acme/NK-----K22/reloadcmd.sh' --log-level 3 --log '/tmp/acme/NK-----K22/acme_issuecert.log'

      Array
      (
      [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [port] => 6666
      [ipv6] =>
      )
      [Fri Jul 26 09:25:59 CEST 2019] Standalone mode.
      [Fri Jul 26 09:25:59 CEST 2019] Single domain='nk----.k22.su'
      [Fri Jul 26 09:25:59 CEST 2019] Getting domain auth token for each domain
      [Fri Jul 26 09:26:01 CEST 2019] Getting webroot for domain='nk----.k22.su'
      [Fri Jul 26 09:26:01 CEST 2019] Verifying: n----.k22.su
      [Fri Jul 26 09:26:01 CEST 2019] Standalone mode server
      2019/07/26 09:26:03 socat[66497] E write(6, 0x80204d800, 126): Broken pipe
      2019/07/26 09:26:05 socat[84851] E write(6, 0x80204d800, 126): Broken pipe
      [Fri Jul 26 09:26:06 CEST 2019] nk----.k22.su:Verify error:Invalid response from http://nk----.k22.su/.well-known/acme-challenge/B-fYHCXfoUaDfP5ZmIUU4JbMH-tO_MGQkrIg0I1Y5AI [217.196.113.40]: 503
      [Fri Jul 26 09:26:06 CEST 2019] Please check log file for more details: /tmp/acme/NKVDCloud-K22/acme_issuecert.log||

      If anyone is willing to push me in any direction, I'll be glad. I'm using FreeDNS, so DNS verification isn't an option for me.

      1 Reply Last reply Reply Quote 0
      • kiokoman
        kiokoman LAYER 8 last edited by kiokoman

        @phobeus said in ACME 0.5.8 Breaks Letencrypt webroot local folder setup:

        .well-known/acme-challenge

        well you forgot to completely hide it..

        503 Service Unavailable
        No server is available to handle this request.

        socat[66497] E write(6, 0x80204d800, 126): Broken pipe

        check if you have the latest version of acme maybe something as changed and acme.sh does not work anymore as standalone

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        P 1 Reply Last reply Reply Quote 0
        • P
          phobeus @kiokoman last edited by phobeus

          @kiokoman Yeah, you're right =) But anyway, I wasn't able to make some reasonable solution, so I've just created tiny VM guest with alpine linux, lighttpd and nfs-client, and I'm passing my .well-known challenge through "local webroot", but I'm putting there appropiate path for my NFS share + ballast ( </path/to/share>/.well-known/acme-challenge/ ). pfSense comes already preloaded with nfs, all I needed was just enable it through /etc/rc.d.local. HAProxy does rest of the job ( frontend for path match looks like that ---v )

          HAProxy Frontend rules ( I've got it implemented with http->https redirect, except for .well-known =3 I was pretty suprised it came on my mind )

          HAProxy Frontend rules

          So that's my hotfix solution, but I'm curious for any other ideas ))

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy