We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Letsencrypt Authorization no longer working
Letsencrypt Authorization no longer working
I'm not sure if this is related to the recent upgrade (my server just upgraded to 0.9.8-19), but v-check-letsencrypt-domain is throwing errors.
In my /home/admin/conf/web I have all the *letsencrypt files for each domain eg.
And a corresponding snginx file symlinked to it.
When I run the command "v-check-letsencrypt-domain 'admin' 'domain.com'" I get
Error: The key authorization file from the server did not match this challenge [F9fH3McNPg2HaYDCFGhRQ_26X6d_Y4XWm2JcRT67fn0.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ] != [F9fH3McNPg2HaYDCFGhRQ_26X6d_Y4XWm2JcRT67fn0.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY]
Unfortunately I've been trying a few things to debug this, and have now hit the Letsencrypt authorisation limit. "LetsEncrypt challenge request 429". So I have to wait before re-trying.
Two domains on this server are now showing the same error. I'm expecting that more will appear as they hit the expiry limit.
Has Letsencrypt changed something on their side?
In my /home/admin/conf/web I have all the *letsencrypt files for each domain eg.
Code: Select all
> cat nginx.domain.com.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ";
}
When I run the command "v-check-letsencrypt-domain 'admin' 'domain.com'" I get
Error: The key authorization file from the server did not match this challenge [F9fH3McNPg2HaYDCFGhRQ_26X6d_Y4XWm2JcRT67fn0.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ] != [F9fH3McNPg2HaYDCFGhRQ_26X6d_Y4XWm2JcRT67fn0.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY]
Unfortunately I've been trying a few things to debug this, and have now hit the Letsencrypt authorisation limit. "LetsEncrypt challenge request 429". So I have to wait before re-trying.
Two domains on this server are now showing the same error. I'm expecting that more will appear as they hit the expiry limit.
Has Letsencrypt changed something on their side?
Re: Letsencrypt Authorization no longer working
OK, now I'm allowed to authorise again, I tried a bit of tampering. As noted above, if I do a letsencrypt add, I get an error.
So I edited nginx.domain.com.conf_letsencrypt to change this:
To this:
I restarted nginx. Then when I try again I get the same error.
So from that we can deduce that the first auth string OLuV3c9FDyRnwUcAoKCGOfFMGsopuHiD-2IfjOWArZc.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ is coming from Letsencrypt auth servers, but the second part should be generated by the nginx config I edited ... but isn't!
So where is it getting this string from Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY
Code: Select all
v-add-letsencrypt- 'admin' 'domain.com' 'www.domain.com'
Error: The key authorization file from the server did not match this challenge [-RKY5D-NFCLkuUyXR-a4v8psNqJVCyuhvhjazO3aHZg.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ] != [-RKY5D-NFCLkuUyXR-a4v8psNqJVCyuhvhjazO3aHZg.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY]
Code: Select all
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ";
}
Code: Select all
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY";
}
Code: Select all
v-add-letsencrypt- 'admin' 'domain.com' 'www.domain.com'
Error: The key authorization file from the server did not match this challenge [OLuV3c9FDyRnwUcAoKCGOfFMGsopuHiD-2IfjOWArZc.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ] != [OLuV3c9FDyRnwUcAoKCGOfFMGsopuHiD-2IfjOWArZc.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY]
So where is it getting this string from Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jY
Re: Letsencrypt Authorization no longer working
So the thing that's really confusing is that 8 domains on this server, under the admin account all updated fine over the last couple of weeks and have the exact same nginx config file. There are only two which are failing. No discernable difference between the ones that fail and the ones that succeed.
Re: Letsencrypt Authorization no longer working
What comes to my mind is that your domain might have gotten blocked from Letsencrypt.plutocrat wrote:So the thing that's really confusing is that 8 domains on this server, under the admin account all updated fine over the last couple of weeks and have the exact same nginx config file. There are only two which are failing. No discernable difference between the ones that fail and the ones that succeed.
I kept testing the Letsencrypt function on a single domain over and over again and I can't get a new certificate for a specific amount of time now.
Re: Letsencrypt Authorization no longer working
Yes I did get blocked once and got the "LetsEncrypt challenge request Error 429" (which is when you exceed the number of allowed requests).
But most of the time I'm getting the key mismatch error. Still have 80 days to figure it out before the key expires. :-)
But most of the time I'm getting the key mismatch error. Still have 80 days to figure it out before the key expires. :-)
Re: Letsencrypt Authorization no longer working
Further investigation ... checking nginx config by running these two commands.
curl http://domainNotWorking.com/.well-known ... ge/123test
curl http://domainWorking.com/.well-known/ac ... ge/123test
The Working domain responds with the correct answer: 123test.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ
The NotWorking domain responds with a different one! : 123test.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7j
Both have IDENTICAL conf_letsencrypt files. WTF? How is this possible? Where is my server getting Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jYY from? Freaky. More news when I have it ...
curl http://domainNotWorking.com/.well-known ... ge/123test
curl http://domainWorking.com/.well-known/ac ... ge/123test
The Working domain responds with the correct answer: 123test.7S7fqQLuC750VgVgynDuEhxfyE5yGH5o_lf43LUBWvQ
The NotWorking domain responds with a different one! : 123test.Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7j
Both have IDENTICAL conf_letsencrypt files. WTF? How is this possible? Where is my server getting Iee1t8LEgpgulk8DICcovfY3TZRuBetz-Q3GlnBA7jYY from? Freaky. More news when I have it ...
Re: Letsencrypt Authorization no longer working
NOOOOOOOO.
Someone changed the DNS on me. DomainNotWorking.com is on an entirely different Vesta CP server, and just needs to be removed from the one throwing the errors.
Case closed. Desk-shaped mark on forehead will heal in time. DNS changing colleague will be hunted down.
Someone changed the DNS on me. DomainNotWorking.com is on an entirely different Vesta CP server, and just needs to be removed from the one throwing the errors.
Case closed. Desk-shaped mark on forehead will heal in time. DNS changing colleague will be hunted down.