vicidial.org

by **vkad** » Thu Aug 27, 2020 2:20 pm

As it is about time my web server issued a request to renew the SSL certificate using certbot, it failed spectacularly taking down all the agents on it.

The issue is the ACME servers cant access our server due to the dynamic portal.

How can we resolve this issue?

Thanks

by **carpenox** » Thu Aug 27, 2020 4:42 pm

are you directing all traffic to port 81 or 446 for the dynportal? Is your firewall open to port 443 and 80?

by **williamconley** » Thu Aug 27, 2020 8:46 pm

First:

Code: Select all: iptables -I INPUT 1 -j ACCEPT

Second:

Run the certbot renewal

Third:

Code: Select all: iptables -D INPUT -j ACCEPT

Of course, certbot shouldn't have broken anything if it was configured correctly ... unless you canceled in the middle and it was partially done. That could be awkward, I guess.

by **Kumba** » Fri Sep 11, 2020 2:16 am

So part of the problem is that the ACME servers come from a wide range of places. You're going to need to modify the certbot bash script so that is opens up the web ports to the whole internet, renews the cert, then closes the port. I'll work on modifying the certbot script so that it does this in the future.

In the mean-time, as a workaround, you would want to either create a bash script or modify the crontab so that it opens port 80 to the internet before running certbot and closes it after. Here's what that bash script would look like:

Code: Select all: #!/bin/bash firewall-cmd --zone=public --add-service=http /usr/bin/certbot -n --webroot renew >/dev/null 2>&1 firewall-cmd --zone=public --remove-service=http

You would then run this bash script in place of the certbot entry in the crontab.

You could also just put the firewall-cmd lines above in the actual crontab. You'd just put the first one before certbot and the second after after certbot in the cron just like how they're listed.

by **bronson** » Mon Oct 24, 2022 3:32 am

Hello,

I am having the same issue. My ssl cert failed to renew.

I am getting this error below:

Code: Select all: Vicibox10:~ # /root/.acme.sh/acme.sh --renew-all [Mon Oct 24 04:13:14 EDT 2022] Renew: 'dialer.domain.tld' [Mon Oct 24 04:13:15 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Mon Oct 24 04:13:15 EDT 2022] Single domain='dialer.domain.tld' [Mon Oct 24 04:13:15 EDT 2022] Getting domain auth token for each domain [Mon Oct 24 04:13:15 EDT 2022] Getting webroot for domain='dialer.domain.tld' [Mon Oct 24 04:13:15 EDT 2022] Verifying: dialer.domain.tld [Mon Oct 24 04:13:15 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30) [Mon Oct 24 04:13:18 EDT 2022] dialer.domain.tld:Verify error:111.123.1.321: Fetching https://dialer.domain.tld//.well-known/acme-challenge/QWERTY_1245UIOP_6789_0: Error getting validation data [Mon Oct 24 04:13:18 EDT 2022] Please add '--debug' or '--log' to check more details. [Mon Oct 24 04:13:18 EDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Oct 24 04:13:18 EDT 2022] Error renew dialer.domain.tld. Vicibox10:~ #

Here is the output when I debug:

Code: Select all: Vicibox10:~ # /root/.acme.sh/acme.sh --renew-all --debug [Mon Oct 24 04:19:01 EDT 2022] Lets find script dir. [Mon Oct 24 04:19:01 EDT 2022] _SCRIPT_='/root/.acme.sh/acme.sh' [Mon Oct 24 04:19:01 EDT 2022] _script='/usr/share/vicibox-ssl/acme.sh' [Mon Oct 24 04:19:01 EDT 2022] _script_home='/usr/share/vicibox-ssl' [Mon Oct 24 04:19:01 EDT 2022] Using default home:/root/.acme.sh [Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh https://github.com/acmesh-official/acme.sh v3.0.1 [Mon Oct 24 04:19:01 EDT 2022] Running cmd: renewAll [Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh [Mon Oct 24 04:19:01 EDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/di rectory' [Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo ry' [Mon Oct 24 04:19:01 EDT 2022] _stopRenewOnError [Mon Oct 24 04:19:01 EDT 2022] _set_level='2' [Mon Oct 24 04:19:01 EDT 2022] di='/root/.acme.sh/dialer.domain.tld/' [Mon Oct 24 04:19:01 EDT 2022] d='dialer.domain.tld' [Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh [Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo ry' [Mon Oct 24 04:19:01 EDT 2022] DOMAIN_PATH='/root/.acme.sh/dialer.domain.tld' [Mon Oct 24 04:19:01 EDT 2022] Renew: 'dialer.domain.tld' [Mon Oct 24 04:19:01 EDT 2022] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh [Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo ry' [Mon Oct 24 04:19:01 EDT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/d irectory [Mon Oct 24 04:19:01 EDT 2022] Retrying GET [Mon Oct 24 04:19:01 EDT 2022] GET [Mon Oct 24 04:19:01 EDT 2022] url='https://acme-v02.api.letsencrypt.org/directory' [Mon Oct 24 04:19:01 EDT 2022] timeout= [Mon Oct 24 04:19:01 EDT 2022] displayError='1' [Mon Oct 24 04:19:01 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade r -L -g ' [Mon Oct 24 04:19:02 EDT 2022] ret='0' [Mon Oct 24 04:19:02 EDT 2022] _hcode='0' [Mon Oct 24 04:19:02 EDT 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/k ey-change' [Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_AUTHZ [Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/ne w-order' [Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/ new-acct' [Mon Oct 24 04:19:02 EDT 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/ revoke-cert' [Mon Oct 24 04:19:02 EDT 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3 -September-21-2022.pdf' [Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/ne w-nonce' [Mon Oct 24 04:19:02 EDT 2022] _main_domain='dialer.domain.tld' [Mon Oct 24 04:19:02 EDT 2022] _alt_domains='no' [Mon Oct 24 04:19:02 EDT 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/d irectory [Mon Oct 24 04:19:02 EDT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/d irectory [Mon Oct 24 04:19:02 EDT 2022] Le_NextRenewTime='1663617176' [Mon Oct 24 04:19:02 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Mon Oct 24 04:19:02 EDT 2022] _on_before_issue [Mon Oct 24 04:19:02 EDT 2022] _chk_main_domain='dialer.domain.tld' [Mon Oct 24 04:19:02 EDT 2022] _chk_alt_domains [Mon Oct 24 04:19:02 EDT 2022] Le_LocalAddress [Mon Oct 24 04:19:02 EDT 2022] d='dialer.domain.tld' [Mon Oct 24 04:19:02 EDT 2022] Check for domain='dialer.domain.tld' [Mon Oct 24 04:19:02 EDT 2022] _currentRoot='/srv/www/htdocs/' [Mon Oct 24 04:19:02 EDT 2022] d [Mon Oct 24 04:19:02 EDT 2022] _saved_account_key_hash is not changed, skip register accoun t. [Mon Oct 24 04:19:02 EDT 2022] Read key length: [Mon Oct 24 04:19:02 EDT 2022] _createcsr [Mon Oct 24 04:19:02 EDT 2022] Single domain='dialer.domain.tld' [Mon Oct 24 04:19:02 EDT 2022] Getting domain auth token for each domain [Mon Oct 24 04:19:02 EDT 2022] d [Mon Oct 24 04:19:02 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Oct 24 04:19:02 EDT 2022] payload='{"identifiers": [{"type":"dns","value":"dialer.domain.tld"}]}' [Mon Oct 24 04:19:02 EDT 2022] RSA key [Mon Oct 24 04:19:02 EDT 2022] Retrying post [Mon Oct 24 04:19:02 EDT 2022] HEAD [Mon Oct 24 04:19:02 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-non ce' [Mon Oct 24 04:19:02 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade r -L -g -I ' [Mon Oct 24 04:19:02 EDT 2022] _ret='0' [Mon Oct 24 04:19:02 EDT 2022] _hcode='0' [Mon Oct 24 04:19:02 EDT 2022] Retrying post [Mon Oct 24 04:19:02 EDT 2022] POST [Mon Oct 24 04:19:02 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-ord er' [Mon Oct 24 04:19:02 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade r -L -g ' [Mon Oct 24 04:19:03 EDT 2022] _ret='0' [Mon Oct 24 04:19:03 EDT 2022] _hcode='0' [Mon Oct 24 04:19:03 EDT 2022] code='201' [Mon Oct 24 04:19:03 EDT 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/orde r/642796956/137459868632' [Mon Oct 24 04:19:03 EDT 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/ finalize/642796956/137459868632' [Mon Oct 24 04:19:03 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1681 15650402' [Mon Oct 24 04:19:03 EDT 2022] payload [Mon Oct 24 04:19:03 EDT 2022] Retrying post [Mon Oct 24 04:19:03 EDT 2022] POST [Mon Oct 24 04:19:03 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v 3/123456789123' [Mon Oct 24 04:19:03 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade r -L -g ' [Mon Oct 24 04:19:03 EDT 2022] _ret='0' [Mon Oct 24 04:19:03 EDT 2022] _hcode='0' [Mon Oct 24 04:19:03 EDT 2022] code='200' [Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld' [Mon Oct 24 04:19:03 EDT 2022] Getting webroot for domain='dialer.domain.tld' [Mon Oct 24 04:19:03 EDT 2022] _w='/srv/www/htdocs/' [Mon Oct 24 04:19:03 EDT 2022] _currentRoot='/srv/www/htdocs/' [Mon Oct 24 04:19:03 EDT 2022] entry='"type":"http-01","status":"pending","url":"https://ac me-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg","token":"qwertyuiop123456"' [Mon Oct 24 04:19:03 EDT 2022] token='qwertyuiop123456' [Mon Oct 24 04:19:03 EDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681 15650402/rOgvsg' [Mon Oct 24 04:19:03 EDT 2022] keyauthorization='qwert125E.nanananananananana56789' [Mon Oct 24 04:19:03 EDT 2022] dvlist='dialer.domain.tld#asdf987654321lkjhg#https://acme-v02.api.letsencrypt.org/ acme/chall-v3/123456789123/q0fhhsg#http-01#/srv/www/htdocs/' [Mon Oct 24 04:19:03 EDT 2022] d [Mon Oct 24 04:19:03 EDT 2022] vlist='dialer.domain.tld#blahblahblah99999WR6q82OY2M7hQ3SBmqnFrK-6sQXHbX_6UouC4#https://acme-v02.api.letsencrypt.org/a cme/chall-v3/123456789123/rOgvsg#http-01#/srv/www/htdocs/,' [Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld' [Mon Oct 24 04:19:03 EDT 2022] ok, let's start to verify [Mon Oct 24 04:19:03 EDT 2022] Verifying: dialer.domain.tld [Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld' [Mon Oct 24 04:19:03 EDT 2022] keyauthorization='qwert125E.nanananananananana56789' [Mon Oct 24 04:19:03 EDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681 15650402/rOgvsg' [Mon Oct 24 04:19:03 EDT 2022] _currentRoot='/srv/www/htdocs/' [Mon Oct 24 04:19:03 EDT 2022] wellknown_path='/srv/www/htdocs//.well-known/acme-challenge' [Mon Oct 24 04:19:03 EDT 2022] writing token:qwertyuiop123456 to /srv/www/htdocs//.well-known/acme-challenge/qwertyuiop123456 [Mon Oct 24 04:19:03 EDT 2022] Changing owner/group of .well-known to root:root [Mon Oct 24 04:19:03 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681 15650402/rOgvsg' [Mon Oct 24 04:19:03 EDT 2022] payload='{}' [Mon Oct 24 04:19:03 EDT 2022] Retrying post [Mon Oct 24 04:19:03 EDT 2022] POST [Mon Oct 24 04:19:03 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v 3/123456789123/rOgvsg' [Mon Oct 24 04:19:03 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade r -L -g ' [Mon Oct 24 04:19:03 EDT 2022] _ret='0' [Mon Oct 24 04:19:03 EDT 2022] _hcode='0' [Mon Oct 24 04:19:03 EDT 2022] code='200' [Mon Oct 24 04:19:03 EDT 2022] trigger validation code: 200 [Mon Oct 24 04:19:03 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30) [Mon Oct 24 04:19:03 EDT 2022] sleep 2 secs to verify again [Mon Oct 24 04:19:05 EDT 2022] checking [Mon Oct 24 04:19:05 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg' [Mon Oct 24 04:19:05 EDT 2022] payload [Mon Oct 24 04:19:05 EDT 2022] Retrying post [Mon Oct 24 04:19:05 EDT 2022] POST [Mon Oct 24 04:19:05 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg' [Mon Oct 24 04:19:05 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Mon Oct 24 04:19:05 EDT 2022] _ret='0' [Mon Oct 24 04:19:05 EDT 2022] _hcode='0' [Mon Oct 24 04:19:05 EDT 2022] code='200' [Mon Oct 24 04:19:05 EDT 2022] dialer.domain.tld:Verify error:172.105.0.183: Fetching https://dialer.domain.tld//.well-known/acme-challenge/qwertyuiop123456: Error getting validation data [Mon Oct 24 04:19:05 EDT 2022] Debug: get token url. [Mon Oct 24 04:19:05 EDT 2022] Retrying GET [Mon Oct 24 04:19:05 EDT 2022] GET [Mon Oct 24 04:19:05 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:05 EDT 2022] timeout=1 [Mon Oct 24 04:19:05 EDT 2022] displayError='1' [Mon Oct 24 04:19:05 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:05 EDT 2022] ret='60' [Mon Oct 24 04:19:05 EDT 2022] _hcode='60' [Mon Oct 24 04:19:07 EDT 2022] Retrying GET [Mon Oct 24 04:19:07 EDT 2022] GET [Mon Oct 24 04:19:07 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:07 EDT 2022] timeout=1 [Mon Oct 24 04:19:07 EDT 2022] displayError='1' [Mon Oct 24 04:19:07 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:07 EDT 2022] ret='60' [Mon Oct 24 04:19:07 EDT 2022] _hcode='60' [Mon Oct 24 04:19:09 EDT 2022] Retrying GET [Mon Oct 24 04:19:09 EDT 2022] GET [Mon Oct 24 04:19:09 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:09 EDT 2022] timeout=1 [Mon Oct 24 04:19:09 EDT 2022] displayError='1' [Mon Oct 24 04:19:09 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:09 EDT 2022] ret='60' [Mon Oct 24 04:19:09 EDT 2022] _hcode='60' [Mon Oct 24 04:19:11 EDT 2022] Retrying GET [Mon Oct 24 04:19:11 EDT 2022] GET [Mon Oct 24 04:19:11 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:11 EDT 2022] timeout=1 [Mon Oct 24 04:19:11 EDT 2022] displayError='1' [Mon Oct 24 04:19:11 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:11 EDT 2022] ret='60' [Mon Oct 24 04:19:11 EDT 2022] _hcode='60' [Mon Oct 24 04:19:13 EDT 2022] Retrying GET [Mon Oct 24 04:19:13 EDT 2022] GET [Mon Oct 24 04:19:13 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:13 EDT 2022] timeout=1 [Mon Oct 24 04:19:13 EDT 2022] displayError='1' [Mon Oct 24 04:19:13 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:13 EDT 2022] ret='60' [Mon Oct 24 04:19:13 EDT 2022] _hcode='60' [Mon Oct 24 04:19:15 EDT 2022] Retrying GET [Mon Oct 24 04:19:15 EDT 2022] GET [Mon Oct 24 04:19:15 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:15 EDT 2022] timeout=1 [Mon Oct 24 04:19:16 EDT 2022] displayError='1' [Mon Oct 24 04:19:16 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:16 EDT 2022] ret='60' [Mon Oct 24 04:19:16 EDT 2022] _hcode='60' [Mon Oct 24 04:19:18 EDT 2022] Retrying GET [Mon Oct 24 04:19:18 EDT 2022] GET [Mon Oct 24 04:19:18 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:18 EDT 2022] timeout=1 [Mon Oct 24 04:19:18 EDT 2022] displayError='1' [Mon Oct 24 04:19:18 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:18 EDT 2022] ret='60' [Mon Oct 24 04:19:18 EDT 2022] _hcode='60' [Mon Oct 24 04:19:20 EDT 2022] Retrying GET [Mon Oct 24 04:19:20 EDT 2022] GET [Mon Oct 24 04:19:20 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:20 EDT 2022] timeout=1 [Mon Oct 24 04:19:20 EDT 2022] displayError='1' [Mon Oct 24 04:19:20 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:20 EDT 2022] ret='60' [Mon Oct 24 04:19:20 EDT 2022] _hcode='60' [Mon Oct 24 04:19:22 EDT 2022] Retrying GET [Mon Oct 24 04:19:22 EDT 2022] GET [Mon Oct 24 04:19:22 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456' [Mon Oct 24 04:19:22 EDT 2022] timeout=1 [Mon Oct 24 04:19:22 EDT 2022] displayError='0' [Mon Oct 24 04:19:22 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Mon Oct 24 04:19:22 EDT 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Mon Oct 24 04:19:22 EDT 2022] ret='60' [Mon Oct 24 04:19:22 EDT 2022] _hcode='60' [Mon Oct 24 04:19:24 EDT 2022] Debugging, skip removing: /srv/www/htdocs//.well-known/acme-challenge/qwertyuiop123456 [Mon Oct 24 04:19:24 EDT 2022] pid [Mon Oct 24 04:19:24 EDT 2022] No need to restore nginx, skip. [Mon Oct 24 04:19:24 EDT 2022] _clearupdns [Mon Oct 24 04:19:24 EDT 2022] dns_entries [Mon Oct 24 04:19:24 EDT 2022] skip dns. [Mon Oct 24 04:19:24 EDT 2022] _on_issue_err [Mon Oct 24 04:19:24 EDT 2022] Please add '--debug' or '--log' to check more details. [Mon Oct 24 04:19:24 EDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Oct 24 04:19:24 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg' [Mon Oct 24 04:19:24 EDT 2022] payload='{}' [Mon Oct 24 04:19:24 EDT 2022] Retrying post [Mon Oct 24 04:19:24 EDT 2022] POST [Mon Oct 24 04:19:24 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg' [Mon Oct 24 04:19:24 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Mon Oct 24 04:19:24 EDT 2022] _ret='0' [Mon Oct 24 04:19:24 EDT 2022] _hcode='0' [Mon Oct 24 04:19:24 EDT 2022] code='400' [Mon Oct 24 04:19:24 EDT 2022] Diagnosis versions: openssl:openssl OpenSSL 1.1.1d 10 Sep 2019 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.2 on Apr 3 2018 11:53:32 running on Linux version #1 SMP Fri Jun 25 12:36:56 UTC 2021 (6856d31), release 5.3.18-59.10-default, machine x86_64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #define WITH_ABSTRACT_UNIXSOCKET 1 #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #define WITH_INTERFACE 1 #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #define WITH_READLINE 1 #define WITH_TUN 1 #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /*debug*/ [Mon Oct 24 04:19:24 EDT 2022] Return code: 1 [Mon Oct 24 04:19:24 EDT 2022] Error renew dialer.domain.tld. [Mon Oct 24 04:19:24 EDT 2022] _error_level='1' [Mon Oct 24 04:19:24 EDT 2022] _set_level='2' Vicibox10:~ #

by **bronson** » Tue Oct 25, 2022 2:14 am

I was able to renew my cert by moving apache to "public", then turning off the firewall, then removing apache from public, then restarting my server.

I'd prefer not to have to do that each time my cert expires so I'll try adding that code above to my crontab and see if that helps.

vicidial.org

Certbot Renewal Fails with Dynamic Portal

Certbot Renewal Fails with Dynamic Portal

Re: Certbot Renewal Fails with Dynamic Portal

Re: Certbot Renewal Fails with Dynamic Portal

Re: Certbot Renewal Fails with Dynamic Portal

Re: Certbot Renewal Fails with Dynamic Portal

Re: Certbot Renewal Fails with Dynamic Portal

Who is online