Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Lets Encrypt HE.net unable to renew: Can not find account id url

    Scheduled Pinned Locked Moved ACME
    16 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bartkowski @Gertjan
      last edited by bartkowski

      @gertjan When I go to the above address in the browser, I get redirected to:
      redirect.png

      From console, (I could not post directly, tagged as possible spam):

      (curl_301.png

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @bartkowski
        last edited by

        @bartkowski
        Ok, that looks fine.

        The "https://curl.haxx.se/libcurl/c/libcurl-errors.html" just lists a page with numbers that explain what the possible issues might be.
        I saw issue "92" buit don't know what it means.

        The pfSense acme.sh package (latest version) work fine for me right now.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        B 1 Reply Last reply Reply Quote 0
        • B
          bartkowski @Gertjan
          last edited by bartkowski

          @gertjan This is the error text from that page:
          CURLE_HTTP2_STREAM (92)

          Stream error in the HTTP/2 framing layer.

          Edit:
          I wonder if it has something to do with Cloudflare.
          DNS lookup of staging.api.letsencrypt.org:

          Result	Record type
          172.65.46.172	A
          2606:4700:60::f41b:d4fe:4325:6026	AAAA
          56a5f4b0bc8146689ec3e272c43525f9.pacloudflare.com	CNAME
          
          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @bartkowski
            last edited by

            @bartkowski said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

            @gertjan This is the error text from that page:
            CURLE_HTTP2_STREAM (92)
            Stream error in the HTTP/2 framing layer.

            Yep. Saw that.
            As said : dono what that means.

            And I'm not a cloudflare man.
            I'm doing my own "domain name servers stuff" : Its a way of doing complicated things myself, but things like "acme.sh" (Letenscrypt) becomes easy as I control both sides.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            B 1 Reply Last reply Reply Quote 0
            • B
              bartkowski @Gertjan
              last edited by

              @gertjan I posted my log on LetsEncrypt forum and someone said there should NOT be a double slash here:

              --dump-header /tmp/acme/_registerkey//http.header

              Is that a bug with the package?

              1 Reply Last reply Reply Quote 0
              • B
                bartkowski
                last edited by bartkowski

                I found the issue. I had to disable Limiters (FQ_Codel; tail drop) rules on WAN (Floating) interface and the registration and cert renewal succeeded.

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @bartkowski
                  last edited by

                  @bartkowski said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

                  I found the issue.

                  "FQ_Codel" Limiters on WAN using 'tail_drop' : I'm using them right now.
                  I got them from the huge thread on this forum, somewhere from here.
                  Main reason I use them : "buffer bloat".

                  Btw : if your "limiters" setup starts to throw away legal traffic, you have an issue .....

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    bartkowski @Gertjan
                    last edited by bartkowski

                    @gertjan said in ACME Lets Encrypt HE.net unable to renew: Can not find account id url:

                    I got them from the huge thread on this forum

                    Me too, from here. But, I had those in place for more than a year and prior renewals succeeded, so I don't know what changed. I created a thread in the traffic shaping forum, let's see if that brings new knowledge to light.

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @bartkowski
                      last edited by

                      @bartkowski

                      Certificate renewal, or 'whatever acme.sh" does, looks like rocket science, but it's actually the same traffic as, fore example, collecting a mail or looking at a web server page.

                      Limiters a WAN interface (floating, or not) should not have any influence on the traffic except for delaying some packets. Not dropping them. As this would have a huge impact on all traffic.
                      A limiter doesn't know a packet came from a process (script) calling 'acme.sh'.

                      The limiter rules "on that thread" are used by a lot of people.
                      My acme.sh package renews certs for years now, every 30 days.

                      I'm pretty sure that the /tmp/acme/logfile .... will show you what the real issue was. That's why these log files exists : to show you what goes well (and we don't care) and what goes wrong.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        bartkowski @Gertjan
                        last edited by bartkowski

                        @gertjan Here is my thread on Let's Encrypt forum. Someone mentioned the curl POST was failing.
                        I have the full log posted there.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.