Solution |
Enable 'Let’s Encrypt' debug command.
Use the following diagnose commands to identify Let’s Encrypt issue.
These commands enable debugging of Let’s Encrypt with the highest debug level of 7.
# diagnose debug application acmed 7 # diagnose debug enable
The CLI may not display any debug output messages.
Triggering the 'Let’s Encrypt Issue' shall initiate the diagnose debug.
# (acme_msg_process : 143)recv msg, msg type: 0
(acme_cert_valid_and_issue : 1558)acme: renewal period 30
(acme_cert_valid_and_issue : 1559)acme: domain name testing02.ft-dev.site
(acme_cert_valid_and_issue : 1560)acme: domain size 0
(acme_cert_valid_and_issue : 1561)acme: name testing02.ft-dev.site
(key_load : 963)loading key from /etc/acme/private/testing02.ft-dev.site/key.pem.tmp
(key_load : 983)/etc/acme/private/testing02.ft-dev.site/key.pem.tmp not found
(key_gen : 870)generating new 2048-bit RSA key
(key_gen : 934)key saved to /etc/acme/private/testing02.ft-dev.site/key.pem.tmp
(acme_cert_valid_and_issue : 1640)checking existence and expiration of /etc/acme/testing02.ft-dev.site/cert.pem
(cert_load : 1282)/etc/acme/testing02.ft-dev.site/cert.pem does not exist
(cert_issue : 1300)creating new order for testing02.ft-dev.site at https://acme-v02.api.letsencrypt.org/acme/new-order
To disable the debug.
# diagnose debug application acmed 7 # diagnose debug enable
Common debug outputs containing 'Let's Encrypt' validation response.
Hostname DNS unresolve.
(acme_post : 737)acme_post: HTTP body:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for testing02.ft-dev.site - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for testing02.ft-dev.site - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/166188661986/XGIUPQ",
"token": "RzsSDrDFjf0nKNgfuGAmSuIohYdc1I-rKgh9i4tMUCk",
"validated": "2022-10-19T03:44:25Z"
}
(acme_log_err_event_process_inner_json : 583)acme_log_err_event_process_inner_json: type = urn:ietf:params:acme:error:dns, detail = DNS problem: NXDOMAIN looking up A for testing02.ft-dev.site - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for testing02.ft-dev.site - check that a DNS record exists for this domain
(acme_post : 742)acme_post: return code 200, json=
(authorize : 1025)challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/166188661986/XGIUPQ failed with status invalid
The hostname has possibly the wrong DNS pointing.
(acme_post : 737)acme_post: HTTP body:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "1.2.3.4: Fetching http://testing02.ft-dev.site/.well-known/acme-challenge/ef3bjXjlG8qCowQQQ8DSpqBLKskyCI4WvWf-TSRmQDM: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/166190614196/VPLZMQ",
"token": "ef3bjXjlG8qCowQQQ8DSpqBLKskyCI4WvWf-TSRmQDM",
"validationRecord": [
{
"url": "http://testing02.ft-dev.site/.well-known/acme-challenge/ef3bjXjlG8qCowQQQ8DSpqBLKskyCI4WvWf-TSRmQDM",
"hostname": "testing02.ft-dev.site",
"port": "80",
"addressesResolved": [
"1.2.3.4"
],
"addressUsed": "1.2.3.4"
}
],
"validated": "2022-10-19T03:52:21Z"
}
(acme_log_err_event_process_inner_json : 583)acme_log_err_event_process_inner_json: type = urn:ietf:params:acme:error:connection, detail = 1.2.3.4: Fetching http://testing02.ft-dev.site/.well-known/acme-challenge/ef3bjXjlG8qCowQQQ8DSpqBLKskyCI4WvWf-TSRmQDM: Timeout during connect (likely firewall problem)
(acme_post : 742)acme_post: return code 200, json=
(authorize : 1025)challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/166190614196/VPLZMQ failed with status invalid
Policy possibly enabled HTTP-to-HTTPS redirection.
(acme_post : 737)acme_post: HTTP body:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "123.123.123.123: Invalid response from https://testing02.ft-dev.site:443/.well-known/acme-challenge/OiG3iBgsv8aZ5FX3Nxnc0uLbI2Q8BqWIPzuKex_AdiY: 503",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/166192102376/x1UyUw",
"token": "OiG3iBgsv8aZ5FX3Nxnc0uLbI2Q8BqWIPzuKex_AdiY",
"validationRecord": [
{
"url": "http://testing02.ft-dev.site/.well-known/acme-challenge/OiG3iBgsv8aZ5FX3Nxnc0uLbI2Q8BqWIPzuKex_AdiY",
"hostname": "testing02.ft-dev.site",
"port": "80",
"addressesResolved": [
"123.123.123.123"
],
"addressUsed": "123.123.123.123"
},
{
"url": "https://testing02.ft-dev.site:443/.well-known/acme-challenge/OiG3iBgsv8aZ5FX3Nxnc0uLbI2Q8BqWIPzuKex_AdiY",
"hostname": "testing02.ft-dev.site",
"port": "443",
"addressesResolved": [
"123.123.123.123"
],
"addressUsed": "123.123.123.123"
}
],
"validated": "2022-10-19T03:57:51Z"
}
(acme_log_err_event_process_inner_json : 583)acme_log_err_event_process_inner_json: type = urn:ietf:params:acme:error:unauthorized, detail = 123.123.123.123: Invalid response from https://testing02.ft-dev.site:443/.well-known/acme-challenge/OiG3iBgsv8aZ5FX3Nxnc0uLbI2Q8BqWIPzuKex_AdiY: 503
(acme_post : 742)acme_post: return code 200, json=
(authorize : 1025)challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/166192102376/x1UyUw failed with status invalid
'Let’s Encrypt' successfully validated and cert issuing.
(acme_post : 737)acme_post: HTTP body:
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/166192382666/rGdUAw",
"token": "DojvfvBnrETFRZiMEpuMHw6mSHcHzJKP1ZzVYnp1UDw",
"validationRecord": [
{
"url": "http://testing02.ft-dev.site/.well-known/acme-challenge/DojvfvBnrETFRZiMEpuMHw6mSHcHzJKP1ZzVYnp1UDw",
"hostname": "testing02.ft-dev.site",
"port": "80",
"addressesResolved": [
"123.123.123.123"
],
"addressUsed": "123.123.123.123"
}
],
"validated": "2022-10-19T03:59:03Z"
}
(acme_post : 742)acme_post: return code 200, json=
(authorize : 1039)running /etc/acme/acme.sh done http-01 testing02.ft-dev.site DojvfvBnrETFRZiMEpuMHw6mSHcHzJKP1ZzVYnp1UDw DojvfvBnrETFRZiMEpuMHw6mSHcHzJKP1ZzVYnp1UDw.YuDQoq9bUCyLuTf6l62dWbeU0GhGiw56oIv417dFplE
(cert_issue : 1333)polling order status at https://acme-v02.api.letsencrypt.org/acme/order/691661577/135897030346
|