root
/
greenlock-express.js
mirror of https://github.com/therootcompany/greenlock-express.js.git
2
1
Fork 0
Code Issues 43 Releases Wiki Activity

Having trouble with certificate renewal, again :( #4

New Issue
Closed
opened 2019-09-02 01:46:46 +00:00 by Ghost · 4 comments
Ghost commented 2019-09-02 01:46:46 +00:00
Copy Link

Below are the error I am seeing this time:

web_1    | [acme-v2] DEBUG get cert 1
web_1    | [acme-v2] certificates.create
web_1    | [DEBUG] newOrder
web_1    | https://acme-v02.api.letsencrypt.org/acme/order/32429380/1006761182
--
web_1    | [acme-v2] POST newOrder has authorizations
web_1    | [DEBUG] getChallenges
web_1    | [greenlock/lib/core.js] setChallenge called for 'checkin.wednesdaynighthop.com'
--
web_1    | [gl/index.js] gl.getCertificates called for checkin.wednesdaynighthop.com with certs for [ 'checkin.wednesdaynighthop.com' ]
web_1    | [gl/index.js] gl.approveDomains called with certs for [ 'checkin.wednesdaynighthop.com' ] and options:
web_1    | [gl/index.js] { domain: 'checkin.wednesdaynighthop.com',
web_1    |   domains: [ 'checkin.wednesdaynighthop.com' ],
web_1    |   certs:
--
web_1    | [gl/index.js] gl renewing
web_1    | Mon, 02 Sep 2019 01:41:24 GMT auth:log checkAuth unprotected route /api/webhook/order
web_1    | Mon, 02 Sep 2019 01:41:24 GMT expressServer:log Received a webhook post request!! order
--
web_1    | [acme-v2.js] challenge accepted!
web_1    | { server: 'nginx',
web_1    |   'content-type': 'application/json',
--
web_1    | [acme-v2] handled(?) rejection as errback:
web_1    | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid'
web_1    |     at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27
web_1    |     at processTicksAndRejections (internal/process/next_tick.js:81:5)
web_1    | Error renewing certificate for 'checkin.wednesdaynighthop.com':
web_1    | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid'
web_1    |     at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27
web_1    |     at processTicksAndRejections (internal/process/next_tick.js:81:5)
Below are the error I am seeing this time: ``` web_1 | [acme-v2] DEBUG get cert 1 web_1 | [acme-v2] certificates.create web_1 | [DEBUG] newOrder web_1 | https://acme-v02.api.letsencrypt.org/acme/order/32429380/1006761182 -- web_1 | [acme-v2] POST newOrder has authorizations web_1 | [DEBUG] getChallenges web_1 | [greenlock/lib/core.js] setChallenge called for 'checkin.wednesdaynighthop.com' -- web_1 | [gl/index.js] gl.getCertificates called for checkin.wednesdaynighthop.com with certs for [ 'checkin.wednesdaynighthop.com' ] web_1 | [gl/index.js] gl.approveDomains called with certs for [ 'checkin.wednesdaynighthop.com' ] and options: web_1 | [gl/index.js] { domain: 'checkin.wednesdaynighthop.com', web_1 | domains: [ 'checkin.wednesdaynighthop.com' ], web_1 | certs: -- web_1 | [gl/index.js] gl renewing web_1 | Mon, 02 Sep 2019 01:41:24 GMT auth:log checkAuth unprotected route /api/webhook/order web_1 | Mon, 02 Sep 2019 01:41:24 GMT expressServer:log Received a webhook post request!! order -- web_1 | [acme-v2.js] challenge accepted! web_1 | { server: 'nginx', web_1 | 'content-type': 'application/json', -- web_1 | [acme-v2] handled(?) rejection as errback: web_1 | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid' web_1 | at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27 web_1 | at processTicksAndRejections (internal/process/next_tick.js:81:5) web_1 | Error renewing certificate for 'checkin.wednesdaynighthop.com': web_1 | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid' web_1 | at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27 web_1 | at processTicksAndRejections (internal/process/next_tick.js:81:5) ```
Ghost commented 2019-09-02 01:50:04 +00:00
Author
Copy Link

I see that the TXT record added has an extra '.checkin' at its end:

   _acme-challenge.checkin.wednesdaynighthop.com.checkin

Any idea why?

I see that the TXT record added has an extra '.checkin' at its end: ``` _acme-challenge.checkin.wednesdaynighthop.com.checkin ``` Any idea why?
Ghost commented 2019-09-02 01:57:01 +00:00
Author
Copy Link

Is the solution to switch to using the acme-dns-01-cloudflare plugin instead of le-challenge-cloudflare?

Is the solution to switch to using the acme-dns-01-cloudflare plugin instead of le-challenge-cloudflare?
Ghost commented 2019-09-02 02:37:42 +00:00
Author
Copy Link

I switched to acme-dns-01-cloudflare and greenlock-store-fs and now I get the following error:

Waiting for 10000 ms before attempting propagation verification retry 21 / 30.
web_1    | { Error: queryTxt ENODATA _greenlock-dryrun-8672.checkin.wednesdaynighthop.com
web_1    |     at QueryReqWrap.onresolve [as oncomplete] (dns.js:199:19)
web_1    |   errno: 'ENODATA',
web_1    |   code: 'ENODATA',
web_1    |   syscall: 'queryTxt',
web_1    |   hostname: '_greenlock-dryrun-8672.checkin.wednesdaynighthop.com' }

I see the TXT record on Cloudflare. What could explain this error?

I switched to acme-dns-01-cloudflare and greenlock-store-fs and now I get the following error: ``` Waiting for 10000 ms before attempting propagation verification retry 21 / 30. web_1 | { Error: queryTxt ENODATA _greenlock-dryrun-8672.checkin.wednesdaynighthop.com web_1 | at QueryReqWrap.onresolve [as oncomplete] (dns.js:199:19) web_1 | errno: 'ENODATA', web_1 | code: 'ENODATA', web_1 | syscall: 'queryTxt', web_1 | hostname: '_greenlock-dryrun-8672.checkin.wednesdaynighthop.com' } ``` I see the TXT record on Cloudflare. What could explain this error?
Ghost commented 2019-09-02 06:31:04 +00:00
Author
Copy Link

Okay, my bad, I was able to solve the problem by changing the DNS nameservers on the host to point to the Cloudflare nameservers first. Otherwise the DNS record propagation was taking too long.

Okay, my bad, I was able to solve the problem by changing the DNS nameservers on the host to point to the Cloudflare nameservers first. Otherwise the DNS record propagation was taking too long.
Ghost closed this issue 2019-09-02 06:31:04 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
github
next
v4
npm
v3
v2
beta
v2.0
greenlock
express
v1.x
v4.0.4
v4.0.3
v4.0.1
v3.1.0
v3.0.12
v3.0.11
v3.0.10
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.7.18
v2.7.17
v2.7.16
v2.7.15
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.6
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.9
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.4
v2.3.2
v1.3.1
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.2.0
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock-express.js#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?