Let's Encrypt issue

marius · April 6, 2019, 10:18pm

Hello,

I am trying to configure this cert but failing.Below some redacted output:

axigen log:
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Acme job executing
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: AcmeInitState for mail.mydomain.ro executing
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Response code 409
2019-04-06 23:01:19 +0200 04 mydomain JOBLOG:70000001: LetsE: Account(key) already registered
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Account location is http.s://acme-v01.api.letsencrypt.org/acme/reg/xxxxxxxx, TOS URI is http.s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019-04-06 23:01:19 +0200 02 mydomain JOBLOG:70000001: LetsE: Acme init state completed, moving to reg state
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Job step action => Proceeding to next state
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: AcmeRegState for mail.mydomain.ro executing
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Response code 201
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: we have to satisfy challenge 0, token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, uri http.s://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxx
2019-04-06 23:01:19 +0200 02 mydomain JOBLOG:70000001: LetsE: Acme reg state completed, moving to challenge state
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: Job step action => Proceeding to next state
2019-04-06 23:01:19 +0200 08 mydomain JOBLOG:70000001: LetsE: AcmeChallengeState for mail.mydomain.ro executing
2019-04-06 23:01:20 +0200 08 mydomain JOBLOG:70000001: LetsE: Response code 202
2019-04-06 23:01:20 +0200 08 mydomain JOBLOG:70000001: LetsE: Response code 202
2019-04-06 23:01:20 +0200 08 mydomain JOBLOG:70000001: LetsE: Job step action => Waiting is needed, going to sleep
2019-04-06 23:01:35 +0200 08 mydomain JOBLOG:70000002: LetsE: Acme job executing
2019-04-06 23:01:35 +0200 08 mydomain JOBLOG:70000002: LetsE: AcmeChallengeState for mail.mydomain.ro executing
2019-04-06 23:01:35 +0200 08 mydomain JOBLOG:70000002: LetsE: Response code 202
2019-04-06 23:01:35 +0200 02 mydomain JOBLOG:70000002: LetsE: Acme challenge state failed, perhaps mail.mydomain.ro cannot be accessed by the letsencrypt servers?
2019-04-06 23:01:35 +0200 02 mydomain JOBLOG:70000002: LetsE: Issuance Job for mail.mydomain.ro abandoned!
2019-04-06 23:01:35 +0200 02 mydomain JOBLOG:70000002: LetsE: last protocol errType All OK!
2019-04-06 23:01:35 +0200 02 mydomain JOBLOG:70000002: LetsE: last protocol errDetail All OK!
2019-04-06 23:01:35 +0200 02 mydomain JOBLOG:70000002: LetsE: Job step action => Cannot complete current work item, abandoning

challenge response:
type “http-01”
status “invalid”
error
type “urn:acme:error:unauthorized”
detail “Invalid response from htt.p://mail.mydomain.ro/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [xxxx:xxxx:xxx:xxxx::xxx]: “\n\n404 Not Found\n\n

Not Found

\n<p””
status 403
uri “http.s://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxx”
token “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
validationRecord
0
url “htt.p://mail.mydomain.ro/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
hostname “mail.mydomain.ro”
port “80”
addressesResolved
0 “xx.xxx.xx.xx”
1 “xxxx:xxxx:xxx:xxxx::xxx”
addressUsed “xxxx:xxxx:xxx:xxxx::xxx”

Mentioning that i already use certbot-auto for some other sites hosted on same machine. From the challenge it seems it’s going on port 80, but i have other sites there. My webmail is on 8000 and wedadmin on 9000. Any idea how to get this working?

Thx,
Marius.

marius · April 7, 2019, 5:20pm

Hi,

So i managed to get this working. I had to use apache ProxyPass to map the domain name to forward requests from port 80 to the webmail port(proxypass http to https).
What i can’t get working is revoking a cert.
I get this:
2019-04-07 03:13:23 +0300 08 mydomain JOBLOG:70000010: LetsE: Acme job executing
2019-04-07 03:13:23 +0300 08 mydomain JOBLOG:70000010: LetsE: AcmeRevokeState for mail.mydomain.ro executing
2019-04-07 03:13:23 +0300 02 mydomain JOBLOG:70000010: HTTP-Client: Error performing request in connection to http.s://acme-v01.api.letsencrypt.org:443-SA-v1.2-November-15-2017.pdf:URL using bad/illegal format or missing URL
2019-04-07 03:13:23 +0300 02 mydomain JOBLOG:70000010: LetsE: POST auth request failed to http.s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019-04-07 03:13:23 +0300 02 mydomain JOBLOG:70000010: LetsE: Err 1 revoking certificate
2019-04-07 03:13:23 +0300 02 mydomain JOBLOG:70000010: LetsE: Job step action => Connection-related error, re-attempting after 15 seconds
2019-04-07 03:13:38 +0300 08 mydomain JOBLOG:70000011: LetsE: Acme job executing
2019-04-07 03:13:38 +0300 08 mydomain JOBLOG:70000011: LetsE: AcmeRevokeState for mail.mydomain.ro executing
2019-04-07 03:13:39 +0300 02 mydomain JOBLOG:70000011: HTTP-Client: Error performing request in connection to http.s://acme-v01.api.letsencrypt.org:443-SA-v1.2-November-15-2017.pdf:URL using bad/illegal format or missing URL
2019-04-07 03:13:39 +0300 02 mydomain JOBLOG:70000011: LetsE: POST auth request failed to http.s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019-04-07 03:13:39 +0300 02 mydomain JOBLOG:70000011: LetsE: Err 1 revoking certificate
2019-04-07 03:13:39 +0300 02 mydomain JOBLOG:70000011: LetsE: Job step action => Connection-related error, re-attempting after 30 seconds
2019-04-07 03:14:09 +0300 08 mydomain JOBLOG:70000012: LetsE: Acme job executing
2019-04-07 03:14:09 +0300 08 mydomain JOBLOG:70000012: LetsE: AcmeRevokeState for mail.mydomain.ro executing
2019-04-07 03:14:09 +0300 02 mydomain JOBLOG:70000012: HTTP-Client: Error performing request in connection to http.s://acme-v01.api.letsencrypt.org:443-SA-v1.2-November-15-2017.pdf:URL using bad/illegal format or missing URL
2019-04-07 03:14:09 +0300 02 mydomain JOBLOG:70000012: LetsE: POST auth request failed to http.s://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2019-04-07 03:14:09 +0300 02 mydomain JOBLOG:70000012: LetsE: Err 1 revoking certificate
2019-04-07 03:14:09 +0300 02 mydomain JOBLOG:70000012: LetsE: Job step action => Connection-related error, re-attempting after 60 seconds

So for whoever does this creating a cert will use port 80 of the domain, so you have to open a listener on port 80 or map it so it forwards requests to whatever port you use.

Thx and hope someone can figure out the revoking part.

florin.burada · April 10, 2019, 7:49am

Hello Marius,

Thank you for reporting this issue, it will be fixed in a future version of Axigen.

Regards,
Florin

florin.burada · April 22, 2019, 8:35am

Hello Marius,

The fix for the certificate revoke procedure was included in Axigen 10.2.2.65 that is available through Webadmin -> Updates & Upgrades module

Regards,
Florin

marius · April 22, 2019, 8:33pm

Hello Florin,

Thx for the update. I’ll try to see when i get some time to test it