Get the most out of your Centmin Mod LEMP stack
Become a Member

Feedback LetsEncrypt Error

Discussion in 'AlmaLinux 8 & Rocky Linux 8 Beta Testing' started by cloud9, Mar 5, 2023.

  1. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:47 AM
    1.25.3
    10.6.x
    The following test environment information is needed relevant to your EL8 server installation. Please provide the info in BBCODE CODE/CODEB tags for better formatting.

    1. Hetzner CX21 40GB

    2. 1st:
    123.09beta01.b809 #Mon Apr 25 11:00:11 UTC 2022
    ..
    last 10:
    130.00beta01.b271 #Thu Feb 9 20:08:43 UTC 2023
    130.00beta01.b275 #Wed Feb 15 14:03:10 UTC 2023
    130.00beta01.b277 #Wed Feb 22 21:05:37 UTC 2023
    130.00beta01.b277 #Wed Feb 22 21:07:08 UTC 2023
    130.00beta01.b277 #Thu Feb 23 19:21:10 UTC 2023
    130.00beta01.b277 #Fri Mar 3 18:44:29 UTC 2023
    130.00beta01.b277 #Fri Mar 3 18:45:45 UTC 2023
    130.00beta01.b277 #Sat Mar 4 19:14:36 UTC 2023
    130.00beta01.b277 #Sun Mar 5 07:50:25 UTC 2023
    130.00beta01.b277 #Sun Mar 5 12:08:31 UTC 2023


    3.


    Architecture: x86_64
    CPU op-mode(s): 32-bit, 64-bit
    Byte Order: Little Endian
    CPU(s): 2
    On-line CPU(s) list: 0,1
    Thread(s) per core: 1
    Core(s) per socket: 2
    Socket(s): 1
    NUMA node(s): 1
    Vendor ID: GenuineIntel
    CPU family: 6
    Model: 85
    Model name: Intel Xeon Processor (Skylake, IBRS)
    Stepping: 4
    CPU MHz: 2099.998
    BogoMIPS: 4199.99
    Hypervisor vendor: KVM
    Virtualization type: full
    L1d cache: 32K
    L1i cache: 32K
    L2 cache: 4096K
    L3 cache: 16384K
    NUMA node0 CPU(s): 0,1
    Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single ssbd rsb_ctxsw ibrs ibpb fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku ospke md_clear spec_ctrl

    total used free shared buff/cache available
    Mem: 3693 841 795 188 2056 2389
    Low: 3693 2897 795
    High: 0 0 0
    Swap: 1023 5 1018
    Total: 4717 847 1813

    Filesystem Type Size Used Avail Use% Mounted on
    devtmpfs devtmpfs 1.8G 0 1.8G 0% /dev
    tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm
    tmpfs tmpfs 1.9G 193M 1.7G 11% /run
    tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
    /dev/sda1 ext4 38G 15G 22G 40% /
    /dev/loop0 ext4 5.8G 25M 5.5G 1% /tmp
    tmpfs tmpfs 370M 0 370M 0% /run/user/0

    Got an error on letsencyypt

    Code:
    [Sun Mar  5 12:10:50 UTC 2023] Verifying: MYDOMAIN.co.uk
    [Sun Mar  5 12:10:51 UTC 2023] Pending, The CA is processing your order, please just wait. (1/30)
    [Sun Mar  5 12:10:54 UTC 2023] a3air.co.uk:Verify error:XXX.XX.XXX.XXX: Invalid response from http://MYDOMAIN/.well-known/acme-challenge/5jEGW08zFzksDuEwEwYxkVL5Jsn_dSwdbCu2BaC5ExQ: 404
    [Sun Mar  5 12:10:54 UTC 2023] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-050323-121038.log
    LECHECK = 1
    
    Option 22 and then I picked option 4 for https:// only for the lets encrypt cert - not self signed

    Cant see in the logs what the error is, mainly full of the above invalid response. Only other thing is this....

    Code:
    [Sun Mar  5 12:10:55 UTC 2023] code='400'
    [Sun Mar  5 12:10:55 UTC 2023] original='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Sun Mar  5 12:10:55 UTC 2023] response='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    
    All help appreciated and posted in here as its on Alma8 Beta, so please move to Other area for public view if thats where it should be
     
  2. cloud9

    cloud9 Premium Member Premium Member

    424
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    11:47 AM
    1.25.3
    10.6.x
    Ok forget above, hadn't spotted - wrong IP address added at DNS level - I copied and pasted and didnt change the servers IP address for the A records at Namecheap.......

    Letsencrypt fixed and SSL Issued

    However now another issue - will start a new thread......