FreeDNS ACME issue



  • Greetings, I'm totally new over here, but I've got issues with my freshly set up acme, it worked like once, or twice and suddenly stops.
    It looks, there's a problem with starting up standalone http server, I'm attaching my output

    ||NK-----K22
    Renewing certificate
    account: NK-----K22
    server: letsencrypt-staging-2

    /usr/local/pkg/acme/acme.sh --issue -d 'nk----.k22.su' --standalone --listen-v4 --httpport '6666' --home '/tmp/acme/NK-----K22/' --accountconf '/tmp/acme/NK-----K22/accountconf.conf' --force --reloadCmd '/tmp/acme/NK-----K22/reloadcmd.sh' --log-level 3 --log '/tmp/acme/NK-----K22/acme_issuecert.log'

    Array
    (
    [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [port] => 6666
    [ipv6] =>
    )
    [Fri Jul 26 09:25:59 CEST 2019] Standalone mode.
    [Fri Jul 26 09:25:59 CEST 2019] Single domain='nk----.k22.su'
    [Fri Jul 26 09:25:59 CEST 2019] Getting domain auth token for each domain
    [Fri Jul 26 09:26:01 CEST 2019] Getting webroot for domain='nk----.k22.su'
    [Fri Jul 26 09:26:01 CEST 2019] Verifying: n----.k22.su
    [Fri Jul 26 09:26:01 CEST 2019] Standalone mode server
    2019/07/26 09:26:03 socat[66497] E write(6, 0x80204d800, 126): Broken pipe
    2019/07/26 09:26:05 socat[84851] E write(6, 0x80204d800, 126): Broken pipe
    [Fri Jul 26 09:26:06 CEST 2019] nk----.k22.su:Verify error:Invalid response from http://nk----.k22.su/.well-known/acme-challenge/B-fYHCXfoUaDfP5ZmIUU4JbMH-tO_MGQkrIg0I1Y5AI [217.196.113.40]: 503
    [Fri Jul 26 09:26:06 CEST 2019] Please check log file for more details: /tmp/acme/NKVDCloud-K22/acme_issuecert.log||

    If anyone is willing to push me in any direction, I'll be glad. I'm using FreeDNS, so DNS verification isn't an option for me.


  • LAYER 8

    @phobeus said in ACME 0.5.8 Breaks Letencrypt webroot local folder setup:

    .well-known/acme-challenge

    well you forgot to completely hide it..

    503 Service Unavailable
    No server is available to handle this request.

    socat[66497] E write(6, 0x80204d800, 126): Broken pipe

    check if you have the latest version of acme maybe something as changed and acme.sh does not work anymore as standalone



  • @kiokoman Yeah, you're right =) But anyway, I wasn't able to make some reasonable solution, so I've just created tiny VM guest with alpine linux, lighttpd and nfs-client, and I'm passing my .well-known challenge through "local webroot", but I'm putting there appropiate path for my NFS share + ballast ( </path/to/share>/.well-known/acme-challenge/ ). pfSense comes already preloaded with nfs, all I needed was just enable it through /etc/rc.d.local. HAProxy does rest of the job ( frontend for path match looks like that ---v )

    HAProxy Frontend rules ( I've got it implemented with http->https redirect, except for .well-known =3 I was pretty suprised it came on my mind )

    HAProxy Frontend rules

    So that's my hotfix solution, but I'm curious for any other ideas ))


Log in to reply