[BlueOnyx:26206] Re: LE stopped renewing
Colin Jack
colin at mainline.co.uk
Fri May 12 16:27:28 -05 2023
Hi Michael,
> > I opened up the hardware firewall to any and tried to renew. No good but and I could access the site remotely.
> Check the URLs you received in /var/log/letsencrypt/letsencrypt.log
> during the latest failed attempt and see if it maybe now reported a
> different issue.
[Fri May 12 18:56:07 BST 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 12 18:56:07 BST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 12 18:56:07 BST 2023] DOMAIN_PATH='/usr/sausalito/acme/certs/intranet.broadwater.co.uk'
[Fri May 12 18:56:07 BST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri May 12 18:56:07 BST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
> They're using a distributed network of server for the verification, so
> it's not always the same IP. I've also in the past have seen some issues
> there and after several attempts it finally came from another host that
> was able to get through.
I am using the following FQDN in the firewall rules:
Letsencrypt_1 acme-v01.api.letsencrypt.org
Letsencrypt_2 acme-v02.api.letsencrypt.org
Letsencrypt_3 acme-staging.api.letsencrypt.org
Letsencrypt_4 acme-staging-v02.api.letsencrypt.org
But even when I allow 'any source' in the firewall rules still fails.
Thanks
Colin
More information about the Blueonyx
mailing list