DNS-Hurricane Electric: Operation timed out - resolved
-
Currently on ACME 0.6.8 (noticed an issue while on prior version).
I'm using DNS-Hurricane Electric method.
I think the referrer should be my external IP.
When I query my FQDN of my pfsense box, it returns 192.168.2.1, so is it a DNS issue?2020/04/29 13:27:18 [error] 44990#100120: *3720 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.2.25, server: , request: "POST /acme/acme_certificates.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.2.1", referrer: "https://192.168.2.1/acme/acme_certificates.php"
-
What is that log from?
The referring URL is whatever the client sent -- that's not up to anything but the client/browser.
A timeout while trying to POST could be anything, but it maybe sounds like the renewal process is taking longer than PHP was willing to wait. It may yet succeed in the background, given enough time.
-
acme_issuecert.log.txt
@jimp I took that above log excerpt from System Logs, process: nginx. Attached is the partial log from file: acme_issuecert.log, it includes only data after the line "The txt record is added: Success." and I edit the domain name. Last time this worked was in January 2020. -
It looks like it isn't actually updating the DNS record, despite saying it was successful.
It's trying to do a lookup for your DNS record via DoH:
[Wed Apr 29 19:38:22 CDT 2020] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.pfsense.home.mywebsite.com&type=TXT'
But it does not receive back the answer it expects:
[Wed Apr 29 19:38:22 CDT 2020] response='{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"_acme-challenge.pfsense.home.mywebsite.com","type":16}],"Answer":[{"name":"_acme-challenge.pfsense.home.mywebsite.com","type":16,"TTL":0,"data":"3iQX1xq8aOZ2c7PcyZQyVcWbTDDGLddStKZYKzg9dPU"}]}' [Wed Apr 29 19:38:22 CDT 2020] _answers='"Answer":[ "name":"_acme-challenge.pfsense.home.mywebsite.com","type":16,"TTL":0,"data":"3iQX1xq8aOZ2c7PcyZQyVcWbTDDGLddStKZYKzg9dPU" ]' [Wed Apr 29 19:38:22 CDT 2020] Not valid yet, let's wait 10 seconds and check next one
Seems like the timeout is from it looping over and over waiting on the DNS record to be updated.
So the real problem would either be in HE (your account settings, DNS/zone contents, etc) or higher up in the ACME log.
-
@jimp said in DNS-Hurricane Electric: Operation timed out:
pfsense.home.mywebsite.com
mywebsite.com is actually fake name I used. I'll keep digging into it. I thought it was the package, since it worked in the past, last time January 30th.
edit: I just tried again and I see txt='DDAkEHbk5eNJMz1I-uXlirZPPPk65R0qsgh8jEMlUSE' was added on my HE account.
edit2: if I dig @9.9.9.9 _acme-challenge.pfsense.home.mywebsite.com, it returns nameservers of HE.
If I dig @1.1.1.1 _acme-challenge.pfsense.home.mywebsite.com, it returns nameservers of ZoneEdit.com - my registrar (I set HE's nameservers in ZoneEdit). -
The issue was definitely with ZoneEdit. I re-edited the nameservers in ZoneEdit, saved, and after a while Quad9 and Cloudflare DNS servers were serving up HE's nameservers.