Jens_Deprez's avatar
Jens_Deprez
Icon for Nimbostratus rankNimbostratus
Feb 14, 2019

Hi,

I have the following issue at the moment. I managed to configure all the scripts, but I keep receiving the same error over and over again:

 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for xxx
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for xxx authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from http://xxx/.well-known/acme-challenge/kesLdLYVVVQGsd7Rk2n81uSydmi_2_1j7O62gIf8ZIg [0.0.0.0]: 404",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/dEatI1F43o_YbrmzOedlPNjKW3EjQazpOAAwPEcFzSY/12616604520",
  "token": "kesLdLYVVVQGsd7Rk2n81uSydmi_2_1j7O62gIf8ZIg",
  "validationRecord": [
    {
      "url": "http://xxx/.well-known/acme-challenge/kesLdLYVVVQGsd7Rk2n81uSydmi_2_1j7O62gIf8ZIg",
      "hostname": "xxx",
      "port": "80",
      "addressesResolved": [
        "0.0.0.0"
      ],
      "addressUsed": "0.0.0.0"
    }
  ]

We are using a specific partition in our configuration, but this has been edited in all the scripts. So the correct datagroup is referenced in hook.sh. Anything I might be missing?

I have read that this can be due to the ACME version, but changing the default URL doesn't change anything. Both https://acme-v02.api.letsencrypt.org/directory and https://acme-v01.api.letsencrypt.org/directory give the same error.

I'm sure the datagroup is being check, this can be seen in the logs: 

Rule /Default/Lets_Encrypt_ACME_iRule : Responding with 404 to ACME challenge YjMsNqw2uf5xbyqlB6uWF5jJcZqJ3azbPfksfUlxkzI

Thanks!