Having trouble with certificate renewal, again :( #4

Uusi ongelma

Suljettu

opened 2019-09-02 01:46:46 +00:00 by Ghost · 4 kommenttia

Ghost kommentoi 2019-09-02 01:46:46 +00:00

Kopioi linkki

Below are the error I am seeing this time:

web_1    | [acme-v2] DEBUG get cert 1
web_1    | [acme-v2] certificates.create
web_1    | [DEBUG] newOrder
web_1    | https://acme-v02.api.letsencrypt.org/acme/order/32429380/1006761182
--
web_1    | [acme-v2] POST newOrder has authorizations
web_1    | [DEBUG] getChallenges
web_1    | [greenlock/lib/core.js] setChallenge called for 'checkin.wednesdaynighthop.com'
--
web_1    | [gl/index.js] gl.getCertificates called for checkin.wednesdaynighthop.com with certs for [ 'checkin.wednesdaynighthop.com' ]
web_1    | [gl/index.js] gl.approveDomains called with certs for [ 'checkin.wednesdaynighthop.com' ] and options:
web_1    | [gl/index.js] { domain: 'checkin.wednesdaynighthop.com',
web_1    |   domains: [ 'checkin.wednesdaynighthop.com' ],
web_1    |   certs:
--
web_1    | [gl/index.js] gl renewing
web_1    | Mon, 02 Sep 2019 01:41:24 GMT auth:log checkAuth unprotected route /api/webhook/order
web_1    | Mon, 02 Sep 2019 01:41:24 GMT expressServer:log Received a webhook post request!! order
--
web_1    | [acme-v2.js] challenge accepted!
web_1    | { server: 'nginx',
web_1    |   'content-type': 'application/json',
--
web_1    | [acme-v2] handled(?) rejection as errback:
web_1    | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid'
web_1    |     at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27
web_1    |     at processTicksAndRejections (internal/process/next_tick.js:81:5)
web_1    | Error renewing certificate for 'checkin.wednesdaynighthop.com':
web_1    | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid'
web_1    |     at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27
web_1    |     at processTicksAndRejections (internal/process/next_tick.js:81:5)

Below are the error I am seeing this time: ``` web_1 | [acme-v2] DEBUG get cert 1 web_1 | [acme-v2] certificates.create web_1 | [DEBUG] newOrder web_1 | https://acme-v02.api.letsencrypt.org/acme/order/32429380/1006761182 -- web_1 | [acme-v2] POST newOrder has authorizations web_1 | [DEBUG] getChallenges web_1 | [greenlock/lib/core.js] setChallenge called for 'checkin.wednesdaynighthop.com' -- web_1 | [gl/index.js] gl.getCertificates called for checkin.wednesdaynighthop.com with certs for [ 'checkin.wednesdaynighthop.com' ] web_1 | [gl/index.js] gl.approveDomains called with certs for [ 'checkin.wednesdaynighthop.com' ] and options: web_1 | [gl/index.js] { domain: 'checkin.wednesdaynighthop.com', web_1 | domains: [ 'checkin.wednesdaynighthop.com' ], web_1 | certs: -- web_1 | [gl/index.js] gl renewing web_1 | Mon, 02 Sep 2019 01:41:24 GMT auth:log checkAuth unprotected route /api/webhook/order web_1 | Mon, 02 Sep 2019 01:41:24 GMT expressServer:log Received a webhook post request!! order -- web_1 | [acme-v2.js] challenge accepted! web_1 | { server: 'nginx', web_1 | 'content-type': 'application/json', -- web_1 | [acme-v2] handled(?) rejection as errback: web_1 | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid' web_1 | at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27 web_1 | at processTicksAndRejections (internal/process/next_tick.js:81:5) web_1 | Error renewing certificate for 'checkin.wednesdaynighthop.com': web_1 | Error: [acme-v2] (E_STATE_INVALID) challenge state for 'checkin.wednesdaynighthop.com': 'invalid' web_1 | at /home/app_user/checkin-app/server/node_modules/acme-v2/node.js:784:27 web_1 | at processTicksAndRejections (internal/process/next_tick.js:81:5) ```

Ghost kommentoi 2019-09-02 01:50:04 +00:00

Tekijä

Kopioi linkki

I see that the TXT record added has an extra '.checkin' at its end:

   _acme-challenge.checkin.wednesdaynighthop.com.checkin

Any idea why?

I see that the TXT record added has an extra '.checkin' at its end: ``` _acme-challenge.checkin.wednesdaynighthop.com.checkin ``` Any idea why?

Ghost kommentoi 2019-09-02 01:57:01 +00:00

Tekijä

Kopioi linkki

Is the solution to switch to using the acme-dns-01-cloudflare plugin instead of le-challenge-cloudflare?

Is the solution to switch to using the acme-dns-01-cloudflare plugin instead of le-challenge-cloudflare?

Ghost kommentoi 2019-09-02 02:37:42 +00:00

Tekijä

Kopioi linkki

I switched to acme-dns-01-cloudflare and greenlock-store-fs and now I get the following error:

Waiting for 10000 ms before attempting propagation verification retry 21 / 30.
web_1    | { Error: queryTxt ENODATA _greenlock-dryrun-8672.checkin.wednesdaynighthop.com
web_1    |     at QueryReqWrap.onresolve [as oncomplete] (dns.js:199:19)
web_1    |   errno: 'ENODATA',
web_1    |   code: 'ENODATA',
web_1    |   syscall: 'queryTxt',
web_1    |   hostname: '_greenlock-dryrun-8672.checkin.wednesdaynighthop.com' }

I see the TXT record on Cloudflare. What could explain this error?

I switched to acme-dns-01-cloudflare and greenlock-store-fs and now I get the following error: ``` Waiting for 10000 ms before attempting propagation verification retry 21 / 30. web_1 | { Error: queryTxt ENODATA _greenlock-dryrun-8672.checkin.wednesdaynighthop.com web_1 | at QueryReqWrap.onresolve [as oncomplete] (dns.js:199:19) web_1 | errno: 'ENODATA', web_1 | code: 'ENODATA', web_1 | syscall: 'queryTxt', web_1 | hostname: '_greenlock-dryrun-8672.checkin.wednesdaynighthop.com' } ``` I see the TXT record on Cloudflare. What could explain this error?

Ghost kommentoi 2019-09-02 06:31:04 +00:00

Tekijä

Kopioi linkki

Okay, my bad, I was able to solve the problem by changing the DNS nameservers on the host to point to the Cloudflare nameservers first. Otherwise the DNS record propagation was taking too long.

Okay, my bad, I was able to solve the problem by changing the DNS nameservers on the host to point to the Cloudflare nameservers first. Otherwise the DNS record propagation was taking too long.

Ghost sulki tämän ongelman 2019-09-02 06:31:04 +00:00

Sign in to join this conversation.

Haaraa/tagia ei määritelty

Branchit Tagit

master

github

next

v4

npm

v3

v2

beta

v2.0

greenlock

express

v1.x

v4.0.4

v4.0.3

v4.0.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.7.18

v2.7.17

v2.7.16

v2.7.15

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.6

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.4

v2.3.2

v1.3.1

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.2.0

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Tunnisteet

Ei kohteita

Ei tunnistetta

Merkkipaalu

Ei kohteita

Ei merkkipaalua

Käsittelijä

Tyhjennä käsittelijä

coolaj86

Ei käsittelijää

1 osallistujaa

Ilmoitukset

Tilaa

Määräpäivä

Määräpäivää ei asetettu.

Riippuvuudet

Riippuvuuksia ei asetettu.

Reference: root/greenlock-express.js#4

No description provided.