Since I updated to version 10.5.5 of axigen I cannot renew the Let’s Encrypt certificates and in the logs I get the following error:
HTTP-Client: Error performing request in connection to https://acme-v02.api.letsencrypt.org:443/directory:Couldn't resolve host name
I tried to access from the Debian console to the address http://acme-v02.api.letsencrypt.org using CURL and I accessed correctly. After different tests, the system seems to resolve DNS well.
I updated from version 10.4.18 to version 10.5.5 and already had this problem. Two days ago I updated from version 10.5.5 to version 10.5.6 to see if the problem was resolved, but the problem persists.
I have changed the loglevel value to 31 in the jobLogging section on axigen.cfg file and in the registry (edited) this appears:
JOBLOG:7000000F: HTTP-Client: Error performing request in connection to https://acme-v02.api.letsencrypt.org:443/directory:Couldn’t resolve host name
JOBLOG:7000000F: LetsE: connection error on GET when populating acme link directory
JOBLOG:7000000F: LetsE: Job step action => Connection-related error, re-attempting after 240 seconds
JOBLOG:70000010: LetsE: Acme job executing
JOBLOG:70000010: LetsE: AcmeInitState for domain.net executing
First of all I like to let you know that we are not aware of any changes between 10.4.18 and 10.5.5+ that could explain the reported behavior. This is why, my first suggestion is to review any local (on the system Axigen is running) changes that may explain the “Couldn’t resolve host name” error reported into the logs.
The strange part is that you do not have the same error when running the curl command from that system so we like to ask you to share the following outputs from the commands executed from that system:
All looks fine as well - so we should continue our debugging session.
Let’s capture the traffic on both UDP and TCP port 53 when the renewal is executed so please start the following command:
$ tcpdump -i any -nn -s0 -w /var/tmp/dns.pcap port 53
and request a renewal for the LE certificate via WebAdmin (Security & Filtering > SSL Certificates > Renew button for the LE certificate).
After the failure is noticed into the Axigen log please stop the tcpdump session (with CTRL+C) and share with us:
i/ the Axigen log line saying “Couldn’t resolve host name …” (with the log timestamp)
ii/ the file generated by tcpdump (which is /var/tmp/dns.pcap)
Well, from the tcpdump capture we see that your system is receiving DNS requests from Internet as there was captured only one record:
source: 157.245.252.18, port 50901 | belonging to Digital Ocean | AS14061
destination: 185.47.131.90, port 53 | this seems to be your system
DNS query: A www.google.com
As we do not see the expected DNS traffic to the configured DNS servers from /etc/resolv.conf (8.8.8.8 and 8.8.4.4) I could only suspect that you are using a more complicated setup.
As suggested, please double check what was changed on your system from the end of June (when the cert seems to be issued by LE) and today.
I made some tests (tcpdump -i all) and i have seen that webadmin don’t make any dns query.
Within webadmin i cannot serch for new updates, renew and add letsencrypt certificates and nothing related with system DNS queryes.
But DNR service works perfectly and i can receive amb send mails without problems. Only the admin (WebAdmin) section fails, even when I go to the main webadmin page it takes a long time to fully load.
Linux OS: Debian 11
Axigen ver.: 10.5.6
System only dedicated to Axigen server, nothing else is installed.