error renewing certificate ""urn:ietf:params:acme:error:unauthorized"

cjbujold

Getting the following error when trying to renew certificate . How can I fix?
Using HaProxy with acme in standalone HTTP server mode.

[Mon Apr 13 11:26:59 ADT 2020] code='200'
[Mon Apr 13 11:26:59 ADT 2020] original='{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://spell54.accra.ca/.well-known/acme-challenge/XXXX [143.165.XXX.XXX]: "\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"\u003e\r\n\u003chtml xmlns=\"http"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3936479432/BYmYdg",
"token": "XXXXX",
"validationRecord": [

jimp

Judging by that, I'd say it either isn't reaching the HTTP server run by ACME. Did you maybe setup a port forward to send port 80 somewhere else?

cjbujold

Yes, Followed a tutorial on how to setup. In Haproxy (port 80) I have a frontend for acme certificates that looks for starts with "/.well-known/acme-challenge/" and is then routed to the backend port 4200 of the firewall which stores the certificate in 127.0.0.1 pfsense.

jimp

Then I'd check that. It doesn't look like it's doing what you think it should be doing.