error renewing certificate ""urn:ietf:params:acme:error:unauthorized"
-
Getting the following error when trying to renew certificate . How can I fix?
Using HaProxy with acme in standalone HTTP server mode.[Mon Apr 13 11:26:59 ADT 2020] code='200'
[Mon Apr 13 11:26:59 ADT 2020] original='{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://spell54.accra.ca/.well-known/acme-challenge/XXXX [143.165.XXX.XXX]: "\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"\u003e\r\n\u003chtml xmlns=\"http"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3936479432/BYmYdg",
"token": "XXXXX",
"validationRecord": [
-
Judging by that, I'd say it either isn't reaching the HTTP server run by ACME. Did you maybe setup a port forward to send port 80 somewhere else?
-
Yes, Followed a tutorial on how to setup. In Haproxy (port 80) I have a frontend for acme certificates that looks for starts with "/.well-known/acme-challenge/" and is then routed to the backend port 4200 of the firewall which stores the certificate in 127.0.0.1 pfsense.
-
Then I'd check that. It doesn't look like it's doing what you think it should be doing.
