ACME
-
Hello Expert need help
is ACME 0.6.5 outdated ?
-
Why asking ?
Why not looking for yourself ?
It saysVER=2.8.6( /usr/local/pkg/acme/acme.sh : third line )
Here (official source) https://github.com/acmesh-official/acme.sh/blob/master/acme.sh you find .....
VER=2.8.6What is really your question ?
-
@Gertjan Thanks for reply Sir,as we using pfsnese we have put certs in auto renewal , for now renewal not working all of sudden we have multiple location in different countries but every place get an error.what is the problem we did not recognize is there any global issues.with ACME?
-
Why acme ( acme.sh ) doesn't work can have many reasons.
One of them might be what they chaned on "February 19, 2020". You should have received a mail from them btw.
They, that is LetEnscrypt, did change something on that date. A rather a logic step, but it tend to "break" the issuing or renewal more often.Go to their main support page, and discover why ^^
Here : https://letsencrypt.org/ and check out "Multi-Perspective Validation Improves Domain Validation Security".
A lot of rather technical info, but one should be able to read between the lines.
It's because multiple 'test-check' servers are used now (clouds are everywhere), and all your domain name servers can get tested. The master, probably, but also one (at least one) of the slave domain server(s). So, if the slave domain name servers didn't sync yet with the master, it's game over right away. The usual ".well-known/acme-challenge/" wasn't found (on the salve) so NXDOMAIN, so it's a no-go.
Solution : convince that you use fast syncing slave domain servers - and to be sure, add a 'DNS sleep' at a high(er) value, like 10 minutes or 600 seconds. Up to you to test and find the right delay.This could be an explanation for a known recent reason.
Many other reasons exist of course.But hey, you didn't showed the acme.sh log, neither any other detail except the word "problem" so how could I know ? ;)
-
@Gertjan Thanks again Sir, yes we got an email we did not know that what is saying.is there any way we can fix it?
-
there any way we can fix it?
For the issue I mentioned above : choose you Registrar wisely. Quality (fast sale domain name synchronisation) is more important as price.
The fast solution :
( the 120 seconds might not be enough, make it more ...)
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
This post is deleted! -
giving me an erroe while set 1800000
so i set 1800 but giving me below error while renewing
-
it would be great help if any one can reply
-
@Gertjan Sir i am waiting for your reply please
-
The resulat (green text) said already to you :
But this could be an important indication :
Let me rephrase that message : the acme.sh couldn't add the "_acme-challenge.............." to your domain.
A problem with the domain ? An API error ? The registrar that hosts the API has problems ?
Can't tell much more.
