Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    error renewing certificate ""urn:ietf:params:acme:error:unauthorized"

    Scheduled Pinned Locked Moved ACME
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold
      last edited by

      Getting the following error when trying to renew certificate . How can I fix?
      Using HaProxy with acme in standalone HTTP server mode.

      [Mon Apr 13 11:26:59 ADT 2020] code='200'
      [Mon Apr 13 11:26:59 ADT 2020] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
      "type": "urn:ietf:params:acme:error:unauthorized",
      "detail": "Invalid response from https://spell54.accra.ca/.well-known/acme-challenge/XXXX [143.165.XXX.XXX]: "\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"\u003e\r\n\u003chtml xmlns=\"http"",
      "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3936479432/BYmYdg",
      "token": "XXXXX",
      "validationRecord": [

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Judging by that, I'd say it either isn't reaching the HTTP server run by ACME. Did you maybe setup a port forward to send port 80 somewhere else?

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cjbujold
          last edited by

          Yes, Followed a tutorial on how to setup. In Haproxy (port 80) I have a frontend for acme certificates that looks for starts with "/.well-known/acme-challenge/" and is then routed to the backend port 4200 of the firewall which stores the certificate in 127.0.0.1 pfsense.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Then I'd check that. It doesn't look like it's doing what you think it should be doing.

            Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.