Let's Encrypt Not Renewing

azuredoom · June 23, 2023, 6:31pm

I have tried

Replacing the CACERT.pem
Verified port 80
Can get to the Let’s Encrypt URL from the server
Have a 2nd mail server with identical setup that works
When I click renew it tells me that it is successful in the Gui

2023-06-23 14:28:55 -0400 08 mail WEBADMIN:00000013: Let’s Encrypt: Issuance Job added successfully
2023-06-23 14:28:55 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=generate HTTP/1.1 u=admin code=200 time=19
2023-06-23 14:28:55 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=12
2023-06-23 14:28:55 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:55 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:28:56 -0400 08 mail JOBLOG:90000000: previous line is repeated 1 time.
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Acme job executing
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Found current request
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: AcmeInitState for mail.ryft.net executing
2023-06-23 14:28:56 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:56 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Response code 200
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Account location is https://acme-v02.api.letsencrypt.org/acme/acct/159504390, TOS URI is https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
2023-06-23 14:28:56 -0400 02 mail JOBLOG:70000008: LetsE: Acme init state completed, moving to reg state
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Job step action => Proceeding to next state
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: AcmeRegState for mail.ryft.net executing
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Response code 201
2023-06-23 14:28:56 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:56 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:28:56 -0400 02 mail JOBLOG:70000008: LetsE: Acme reg state completed, moving to challenge state
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Job step action => Proceeding to next state
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: AcmeChallengeState for mail.ryft.net executing
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Response code 200
2023-06-23 14:28:56 -0400 08 mail JOBLOG:70000008: LetsE: Job step action => Waiting is needed, going to sleep
2023-06-23 14:28:57 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:57 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:28:57 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:57 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:28:58 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:58 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:28:58 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:58 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:28:59 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:28:59 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=9
2023-06-23 14:29:00 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:00 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=9
2023-06-23 14:29:00 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:00 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:29:01 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:01 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=12
2023-06-23 14:29:01 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:01 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:02 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:02 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:02 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:02 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=12
2023-06-23 14:29:03 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:03 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:03 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:03 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:04 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:04 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=16
2023-06-23 14:29:04 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:04 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=12
2023-06-23 14:29:05 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:05 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=11
2023-06-23 14:29:05 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:05 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:06 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:06 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=17
2023-06-23 14:29:07 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:07 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=10
2023-06-23 14:29:07 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:07 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=12
2023-06-23 14:29:08 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:08 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=0
2023-06-23 14:29:08 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:08 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=15
2023-06-23 14:29:09 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:09 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=15
2023-06-23 14:29:09 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:09 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=15
2023-06-23 14:29:10 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:10 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=15
2023-06-23 14:29:10 -0400 08 mail WEBADMIN:00000013: LetsE: Found current request
2023-06-23 14:29:10 -0400 08 mail WEBADMIN:00000013: <2f54d60171de1393a3fb30eb48ad21c4> POST /api/index.hsp?_h=7d92fa26ef1ac845e89f1bf3597dd1e0&model=ssl_certificates&op=lets_encrypt&object=get_status HTTP/1.1 u=admin code=200 time=15
2023-06-23 14:29:11 -0400 08 mail JOBLOG:70000009: LetsE: Acme job executing
2023-06-23 14:29:11 -0400 08 mail JOBLOG:70000009: LetsE: AcmeChallengeState for mail.ryft.net executing
2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: Acme challenge state failed, perhaps mail.ryft.net cannot be accessed by the letsencrypt servers?
2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: Issuance Job for mail.ryft.net abandoned!
2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: last protocol errType All OK!
2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: last protocol errDetail All OK!
2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: Job step action => Cannot complete current work item, abandoning

azuredoom · June 23, 2023, 7:33pm

I also get this which says it is succeding

clusterpath · June 26, 2023, 11:48am

Hello,

Can get to the Let’s Encrypt URL from the server

2023-06-23 14:29:11 -0400 02 mail JOBLOG:70000009: LetsE: Acme challenge state failed, perhaps mail.ryft.net cannot be accessed by the letsencrypt servers?

Are you sure LetsEncrypt can reach you?

Make sure your have an OPEN port, not filtered.

azuredoom · June 26, 2023, 2:27pm

Thanks for the reply, I am positive that I am not blocking… I have a 2 other servers running with the identical setup and they are both still working fine.

This has also been working for a long time with the current setup with no changes.

azuredoom · June 27, 2023, 3:56am

To add to this… I built a windows VM quickly shut the Axigen server down and gave the internal IP to the new VM. Installed win-acme and an IIS site and was able to get a cert from Let’s encrypt.

So the issue seems to be with the Axigen Let’s Encrypt process.

indreias · June 27, 2023, 6:06am

Hello,

Could you please share axigen.cfg file so we could check for any abnormal settings inside of it?

HTH,
Ioan

azuredoom · June 27, 2023, 6:37am

axigen.zip (5.4 KB)

indreias · June 27, 2023, 7:08am

Hello,

So, from sent file we see that WebMail listener on 0.0.0.0:80 is disabled.

    webmail = {
        ...
        listeners = (
            {
                address = 0.0.0.0:80
                enable = no

This means that any attempt to connect on that port will not be processed by Axigen - hence LE will not work (as it need a working HTTP connection in order to validate the token “negotiated” when the cert is requested).

Please enable that listener and let us know if the problem is still present or not (in which case please share the latest version of your config file).

HTH,
Ioan

azuredoom · June 27, 2023, 5:23pm

That was it… Thank you for the help.

Trekkie · June 27, 2023, 11:42pm

It’s a weird thing with Let’s Encrypt - it wants to check if you own the site by checking the non-HTTPS site rather than the HTTPS. I can understand that the first time, but once a site has a certificate from Let’s Encrypt, I’d think that it should just accept that. I’m not sure of the logic.

indreias · June 28, 2023, 9:01am

Hello,

There is nothing weird as this is how HTTP-01 challenge is supposed to work.

Some more info here: LE: Best practice - keep port 80 open

HTH,
Ioan