• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ACME Lets Encrypt HE.net unable to renew: Can not find account id url

Scheduled Pinned Locked Moved ACME
16 Posts 2 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bartkowski @Gertjan
    last edited by bartkowski Jan 28, 2022, 4:20 PM Jan 28, 2022, 3:53 PM

    @gertjan When I go to the above address in the browser, I get redirected to:
    redirect.png

    From console, (I could not post directly, tagged as possible spam):

    (curl_301.png

    G 1 Reply Last reply Jan 28, 2022, 4:21 PM Reply Quote 0
    • G
      Gertjan @bartkowski
      last edited by Jan 28, 2022, 4:21 PM

      @bartkowski
      Ok, that looks fine.

      The "https://curl.haxx.se/libcurl/c/libcurl-errors.html" just lists a page with numbers that explain what the possible issues might be.
      I saw issue "92" buit don't know what it means.

      The pfSense acme.sh package (latest version) work fine for me right now.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      B 1 Reply Last reply Jan 28, 2022, 4:24 PM Reply Quote 0
      • B
        bartkowski @Gertjan
        last edited by bartkowski Jan 28, 2022, 4:40 PM Jan 28, 2022, 4:24 PM

        @gertjan This is the error text from that page:
        CURLE_HTTP2_STREAM (92)

        Stream error in the HTTP/2 framing layer.

        Edit:
        I wonder if it has something to do with Cloudflare.
        DNS lookup of staging.api.letsencrypt.org:

        Result	Record type
        172.65.46.172	A
        2606:4700:60::f41b:d4fe:4325:6026	AAAA
        56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com	CNAME
        
        G 1 Reply Last reply Jan 28, 2022, 4:52 PM Reply Quote 0
        • G
          Gertjan @bartkowski
          last edited by Jan 28, 2022, 4:52 PM

          @bartkowski said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

          @gertjan This is the error text from that page:
          CURLE_HTTP2_STREAM (92)
          Stream error in the HTTP/2 framing layer.

          Yep. Saw that.
          As said : dono what that means.

          And I'm not a cloudflare man.
          I'm doing my own "domain name servers stuff" : Its a way of doing complicated things myself, but things like "acme.sh" (Letenscrypt) becomes easy as I control both sides.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          B 1 Reply Last reply Feb 1, 2022, 4:04 PM Reply Quote 0
          • B
            bartkowski @Gertjan
            last edited by Feb 1, 2022, 4:04 PM

            @gertjan I posted my log on LetsEncrypt forum and someone said there should NOT be a double slash here:

            --dump-header /tmp/acme/_registerkey//http.header

            Is that a bug with the package?

            1 Reply Last reply Reply Quote 0
            • B
              bartkowski
              last edited by bartkowski Feb 1, 2022, 5:47 PM Feb 1, 2022, 5:45 PM

              I found the issue. I had to disable Limiters (FQ_Codel; tail drop) rules on WAN (Floating) interface and the registration and cert renewal succeeded.

              G 1 Reply Last reply Feb 2, 2022, 12:01 PM Reply Quote 0
              • G
                Gertjan @bartkowski
                last edited by Feb 2, 2022, 12:01 PM

                @bartkowski said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

                I found the issue.

                "FQ_Codel" Limiters on WAN using 'tail_drop' : I'm using them right now.
                I got them from the huge thread on this forum, somewhere from here.
                Main reason I use them : "buffer bloat".

                Btw : if your "limiters" setup starts to throw away legal traffic, you have an issue .....

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                B 1 Reply Last reply Feb 2, 2022, 3:52 PM Reply Quote 0
                • B
                  bartkowski @Gertjan
                  last edited by bartkowski Feb 2, 2022, 3:58 PM Feb 2, 2022, 3:52 PM

                  @gertjan said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

                  I got them from the huge thread on this forum

                  Me too, from here. But, I had those in place for more than a year and prior renewals succeeded, so I don't know what changed. I created a thread in the traffic shaping forum, let's see if that brings new knowledge to light.

                  G 1 Reply Last reply Feb 2, 2022, 4:10 PM Reply Quote 0
                  • G
                    Gertjan @bartkowski
                    last edited by Feb 2, 2022, 4:10 PM

                    @bartkowski

                    Certificate renewal, or 'whatever acme.sh" does, looks like rocket science, but it's actually the same traffic as, fore example, collecting a mail or looking at a web server page.

                    Limiters a WAN interface (floating, or not) should not have any influence on the traffic except for delaying some packets. Not dropping them. As this would have a huge impact on all traffic.
                    A limiter doesn't know a packet came from a process (script) calling 'acme.sh'.

                    The limiter rules "on that thread" are used by a lot of people.
                    My acme.sh package renews certs for years now, every 30 days.

                    I'm pretty sure that the /tmp/acme/logfile .... will show you what the real issue was. That's why these log files exists : to show you what goes well (and we don't care) and what goes wrong.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    B 1 Reply Last reply Feb 2, 2022, 4:30 PM Reply Quote 0
                    • B
                      bartkowski @Gertjan
                      last edited by bartkowski Feb 2, 2022, 4:30 PM Feb 2, 2022, 4:30 PM

                      @gertjan Here is my thread on Let's Encrypt forum. Someone mentioned the curl POST was failing.
                      I have the full log posted there.

                      1 Reply Last reply Reply Quote 0
                      16 out of 16
                      • First post
                        16/16
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received