sts098's picture

I am running TurnkeyLinux v17.1 Prestashop.  I installed in a virtual machine 4-6 months ago.  Recently, my certificate renewal stopped functioning.  I am not aware of any changes to my system that would cause this.

 

Below is the error:

/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper --register --forceERROR: Challenge is invalid! (returned: invalid) (result: ["type"]    "http-01"
["status"]    "invalid"
["error","type"]    "urn:ietf:params:acme:error:connection"
["error","detail"]    "72.78.188.136: Fetching http://vmw.dispersetech.com/.well-known/acme-challenge/K_...: Connection refused"
["error","status"]    400
["error"]    {"type":"urn:ietf:params:acme:error:connection","detail":"72.78.188.136: Fetching http://vmw.dispersetech.com/.well-known/acme-challenge/K_...: Connection refused","status":400}
["url"]    "https://acme-v02.api.letsencrypt.org/acme/chall-v3/180904599157/RQelFw"
["token"]    "K_..."
["validationRecord",0,"url"]    "http://vmw.dispersetech.com/.well-known/acme-challenge/K_..."
["validationRecord",0,"hostname"]    "vmw.dispersetech.com"
["validationRecord",0,"port"]    "80"
["validationRecord",0,"addressesResolved",0]    "72.78.188.136"
["validationRecord",0,"addressesResolved"]    ["72.78.188.136"]
["validationRecord",0,"addressUsed"]    "72.78.188.136"
["validationRecord",0]    {"url":"http://vmw.dispersetech.com/.well-known/acme-challenge/K_...","hostname"...}
["validationRecord"]    [{"url":"http://vmw.dispersetech.com/.well-known/acme-challenge/K_...","hostname"...}]
["validated"]    "2022-11-27T00:19:59Z")
[2022-11-27 00:19:25] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2022-11-27 00:19:25] dehydrated-wrapper: WARNING: Python is still listening on port 80
[2022-11-27 00:19:25] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert, key and combined files.

(I replaced the challenge with ...) not sure if it is ok to post.  Simply running the http url results in a page not found.  

Can you provide guidance on how to troubleshoot this?    

Forum: 
Jeremy Davis's picture

In case you didn't get it from the error message, basically your server is giving a 400 when it's trying to validate the challenge.

The log suggests that the python miniserver (which serves the challenges) is working as it should.

Having said that, I just tried to connect to your server via domain name I also get a 400? So I'm wondering Is the DNS right? Is 72.78.188.136 your server's public IP? Or perhaps is there some firewall, NAT or other network traffic blocking/modification going on?

Perhaps share a bit more about your set up and how it's meant to be working?

sts098's picture

Thanks for your efforts.  By the time you had gotten to it, I had shutdown and was in the process of restoring a backup.  (Server was likely down when you attempted to access it.) The backup functioned well and was able to update the certificate.  Not sure what the problem was, but I am running.  Thanks!

Add new comment