lua-resty-auto-ssl icon indicating copy to clipboard operation
lua-resty-auto-ssl copied to clipboard

Published 20 hours ago verified publisher icon auto-ssl

"Invalid challenge" but on second load it works

Open jordanade opened this issue 6 years ago • 0 comments

So I have a two-server-and-redis (using AWS ElastiCache with 1 node) setup. The first time I try to load a new domain (in this case "davg.tech") I get this error in my log (and a certificate error in my browser):

2019/01/27 11:50:13 [error] 21#21: *153978 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=xxxxx HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain davg.tech --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
Processing davg.tech
 + Signing domains...
 + Creating new directory /etc/resty-auto-ssl/letsencrypt/certs/davg.tech ...
 + Generating private key...
 + Generating signing request...
 + Requesting authorization for davg.tech...
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for davg.tech authorization...
Invalid challenge: DOMAIN=davg.tech RESPONSE={
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from http://davg.tech/.well-known/acme-challenge/aAPWPR0W-Umh92f51evAFF5FxbiEgpUKf2kJbMkMy34: \"\u003c!DOCTYPE html\u003e\\n\u003chtml lang=\\\"en\\\"\u003e\\n    \u003chead\u003e\\n        \u003cmeta charset=\\\"utf-8\\\"\u003e\\n        \u003cmeta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"I\"",
    "status": 403
  },
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/13qCGRdLVImX_jcY6TAFhQkUMfxHd7BN7Sctb-A1Ark/11919052826",
  "token": "aAPWPR0W-Umh92f51evAFF5FxbiEgpUKf2kJbMkMy34",
  "validationRecord": [
    {
      "url": "http://davg.tech/.well-known/acme-challenge/aAPWPR0W-Umh92f51evAFF5FxbiEgpUKf2kJbMkMy34",
      "hostname": "davg.tech",
      "port": "80",
      "addressesResolved": [
        "54.83.136.253",
        "174.129.183.105"
      ],
      "addressUsed": "54.83.136.253"
    }
  ]
}
 err: nil, context: ssl_certificate_by_lua*, client: xx.xx.xx.xx, server: 0.0.0.0:443
2019/01/27 11:50:13 [error] 21#21: *153978 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: xx.xx.xx.xx, server: 0.0.0.0:443
2019/01/27 11:50:13 [error] 21#21: *153978 [lua] ssl_certificate.lua:286: auto-ssl: could not get certificate for davg.tech - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: xx.xx.xx.xx, server: 0.0.0.0:443

...but on refreshing my browser everything seems to be working. Any idea what's going on here?

jordanade avatar Jan 27 '19 12:01 jordanade