labca icon indicating copy to clipboard operation
labca copied to clipboard
verified publisher icon hakwerk

`Error finalizing order` during initial setup; `fqdn_under_reserved_or_special_domain_in_san`

Open jwgn opened this issue 1 month ago • 1 comments

LabCA crashes during initial setup process.

OOPS

Some unexpected error occurred!

Diagnostics

These log files might help you determine what the problem is:

/home/labca/nginx_data/ssl/certbot.log

Sun Nov 23 19:52:39 UTC 2025
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for labca.home.arpa
An unexpected error occurred:
Error finalizing order
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Sun Nov 23 19:55:01 UTC 2025
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for labca.home.arpa
An unexpected error occurred:
Error finalizing order
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

(control)/logs/commander.log

 Container labca-bconsul-1  Restarting
 Container labca-bredis-1  Restarting
 Container labca-bmysql-1  Restarting
 Container labca-gui-1  Restarting
 Container labca-bpkimetal-1  Restarting
 Container labca-boulder-1  Restarting
 Container labca-nginx-1  Restarting
 Container labca-bconsul-1  Started
 Container labca-gui-1  Started
 Container labca-bredis-1  Started
 Container labca-nginx-1  Started
 Container labca-bmysql-1  Started
 Container labca-bpkimetal-1  Started
 Container labca-boulder-1  Started

docker compose logs control

control-1  |  * Starting periodic command scheduler cron
control-1  |    ...done.
control-1  | Start serving commander script...
ok

docker compose logs boulder

boulder-1  | 2025-11-23T19:51:50.547391+00:00Z boulder-ra[354]: 6 boulder-ra s7nwkAs Debug server listening on :8102
boulder-1  | 2025-11-23T19:51:50.547410+00:00Z boulder-ra[354]: 6 boulder-ra 6b7tjA0 Versions: boulder-ra=(v0.20250908.0 +3250145c Tue Sep  9 16:32:28 UTC 2025) Golang=(go1.25.0) BuildHost=(labca-v25.09)
boulder-1  | 2025-11-23T19:51:50.547438+00:00Z boulder-ra[354]: 6 boulder-ra 2svwkAE loading identifier policy, sha256: a0d9701a40da7354983a85825b2cb3d1fc3c1dbb95713c66244218f50f359bea
boulder-1  | 2025-11-23T19:51:50.553305+00:00Z boulder-ra[354]: 6 boulder-ra 3aT09Qk grpc listening on :9494
boulder-1  | health checking ra.boulder (localhost:9494)
boulder-1  | 2025-11-23T19:51:51.565130+00:00Z boulder-ra[367]: 6 boulder-ra hO35ngs Debug server listening on :8002
boulder-1  | 2025-11-23T19:51:51.565151+00:00Z boulder-ra[367]: 6 boulder-ra 6b7tjA0 Versions: boulder-ra=(v0.20250908.0 +3250145c Tue Sep  9 16:32:28 UTC 2025) Golang=(go1.25.0) BuildHost=(labca-v25.09)
boulder-1  | 2025-11-23T19:51:51.565181+00:00Z boulder-ra[367]: 6 boulder-ra 2svwkAE loading identifier policy, sha256: a0d9701a40da7354983a85825b2cb3d1fc3c1dbb95713c66244218f50f359bea
boulder-1  | 2025-11-23T19:51:51.569849+00:00Z boulder-ra[367]: 6 boulder-ra 2InI3wk grpc listening on :9394
boulder-1  | health checking ra.boulder (localhost:9394)
boulder-1  | 2025-11-23T19:51:52.586043+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 0-6J7g0 Debug server listening on :8013
boulder-1  | 2025-11-23T19:51:52.586277+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 q-fw5gY Versions: boulder-wfe2=(v0.20250908.0 +3250145c Tue Sep  9 16:32:28 UTC 2025) Golang=(go1.25.0) BuildHost=(labca-v25.09)
boulder-1  | 2025-11-23T19:51:52.588766+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 2svwkAE loading identifier policy, sha256: a0d9701a40da7354983a85825b2cb3d1fc3c1dbb95713c66244218f50f359bea
boulder-1  | 2025-11-23T19:51:52.589167+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 hL-QzQU WFE using key policy: goodkey.KeyPolicy{allowedKeys:goodkey.AllowedKeys{RSA2048:true, RSA3072:true, RSA4096:true, ECDSAP256:true, ECDSAP384:true, ECDSAP521:false}, fermatRounds:110, blockedCheck:(goodkey.BlockedKeyCheckFunc)(0x1094380)}
boulder-1  | 2025-11-23T19:51:52.589207+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 7_3Vyww Server running, listening on :4001....
boulder-1  | 2025-11-23T19:51:52.590246+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 hICr6wQ TLS server listening on :4431
boulder-1  | 2025-11-23T19:51:52.785423+00:00Z sfe[394]: 6 sfe 5qSHpQM Debug server listening on :8015
boulder-1  | 2025-11-23T19:51:52.785434+00:00Z sfe[394]: 6 sfe jLHzxA4 Versions: sfe=(v0.20250908.0 +3250145c Tue Sep  9 16:32:28 UTC 2025) Golang=(go1.25.0) BuildHost=(labca-v25.09)
boulder-1  | 2025-11-23T19:51:52.787643+00:00Z sfe[394]: 6 sfe mpqZ2Ao Server running, listening on 0.0.0.0:4003....
boulder-1  | 2025-11-23T19:52:39.890592+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 uZDUpwQ POST /acme/new-acct 1 201 38 0.0.0.0 JSON={"ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18"}
boulder-1  | 2025-11-23T19:52:39.909281+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 ybbW2Qo POST /acme/new-order 1 201 10 0.0.0.0 JSON={"ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Created":"1","Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:52:39.922790+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 1uKlMwA POST /acme/authz/ 1 200 10 0.0.0.0 JSON={"Slug":"1/1","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Status":"pending","Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:52:39.929305+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 tdKb9Qc POST /acme/chall/ 1 200 2 0.0.0.0 JSON={"Slug":"1/1/5_WCZA","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Status":"pending","Identifiers":[{"type":"dns","value":"labca.home.arpa"}],"ChallengeType":"http-01"}
boulder-1  | 2025-11-23T19:52:39.939271+00:00Z boulder-va[313]: 6 boulder-va 06mcvgk [AUDIT] Attempting to validate HTTP-01 for "labca.home.arpa" with GET to "http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI"
boulder-1  | 2025-11-23T19:52:39.953730+00:00Z remoteva[218]: 6 remoteva 06mcvgk [AUDIT] Attempting to validate HTTP-01 for "labca.home.arpa" with GET to "http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI"
boulder-1  | 2025-11-23T19:52:39.955311+00:00Z remoteva[218]: 6 remoteva 843F9w0 [AUDIT] Validation result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":"http-01","status":"valid","token":"mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","validationRecord":[{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"fda6::be24:11ff:fe86:2aba","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]},{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"192.168.100.111","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]}]},"Latency":0.003}
boulder-1  | 2025-11-23T19:52:39.957017+00:00Z remoteva[116]: 6 remoteva 06mcvgk [AUDIT] Attempting to validate HTTP-01 for "labca.home.arpa" with GET to "http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI"
boulder-1  | 2025-11-23T19:52:39.957585+00:00Z remoteva[231]: 6 remoteva 06mcvgk [AUDIT] Attempting to validate HTTP-01 for "labca.home.arpa" with GET to "http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI"
boulder-1  | 2025-11-23T19:52:39.957768+00:00Z remoteva[116]: 6 remoteva su-pvww [AUDIT] Validation result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":"http-01","status":"valid","token":"mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","validationRecord":[{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"fda6::be24:11ff:fe86:2aba","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]},{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"192.168.100.111","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]}]},"Latency":0.002}
boulder-1  | 2025-11-23T19:52:39.958588+00:00Z remoteva[231]: 6 remoteva 843F9w0 [AUDIT] Validation result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":"http-01","status":"valid","token":"mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","validationRecord":[{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"fda6::be24:11ff:fe86:2aba","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]},{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"192.168.100.111","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]}]},"Latency":0.003}
boulder-1  | 2025-11-23T19:52:39.958955+00:00Z boulder-va[313]: 6 boulder-va qqaV1gM [AUDIT] Validation result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":"http-01","status":"valid","token":"mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","validationRecord":[{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"fda6::be24:11ff:fe86:2aba","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]},{"url":"http://labca.home.arpa/.well-known/acme-challenge/mYGiQYe4GFjOayd_fSF8xWal0NvXzW-w7WKnyqKO0yI","hostname":"labca.home.arpa","port":"80","addressesResolved":["192.168.100.111","fda6::be24:11ff:fe86:2aba"],"addressUsed":"192.168.100.111","resolverAddrs":["A:192.168.100.1:53","AAAA:192.168.100.1:53"]}]},"Latency":0.022,"Summary":{"passedPerspectives":["cubist","dadaist","surrealist"],"failedPerspectives":[],"passedRIRs":["ARIN","RIPE"],"quorumResult":"3/3"}}
boulder-1  | 2025-11-23T19:52:39.986272+00:00Z boulder-va[313]: 6 boulder-va sNGhMAA [AUDIT] Checked CAA records for labca.home.arpa, [Present: false, Account ID: 1, Challenge: http-01, Valid for issuance: true, Found at: ""] Response=""
boulder-1  | 2025-11-23T19:52:39.990236+00:00Z remoteva[116]: 6 remoteva sNGhMAA [AUDIT] Checked CAA records for labca.home.arpa, [Present: false, Account ID: 1, Challenge: http-01, Valid for issuance: true, Found at: ""] Response=""
boulder-1  | 2025-11-23T19:52:39.990276+00:00Z remoteva[116]: 6 remoteva lazyqgs [AUDIT] CAA check result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":""},"Latency":0.003}
boulder-1  | 2025-11-23T19:52:39.992159+00:00Z remoteva[231]: 6 remoteva sNGhMAA [AUDIT] Checked CAA records for labca.home.arpa, [Present: false, Account ID: 1, Challenge: http-01, Valid for issuance: true, Found at: ""] Response=""
boulder-1  | 2025-11-23T19:52:39.992188+00:00Z remoteva[231]: 6 remoteva k-OYmA4 [AUDIT] CAA check result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":""},"Latency":0.005}
boulder-1  | 2025-11-23T19:52:39.992805+00:00Z remoteva[218]: 6 remoteva sNGhMAA [AUDIT] Checked CAA records for labca.home.arpa, [Present: false, Account ID: 1, Challenge: http-01, Valid for issuance: true, Found at: ""] Response=""
boulder-1  | 2025-11-23T19:52:39.992874+00:00Z remoteva[218]: 6 remoteva 0MStwQw [AUDIT] CAA check result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":""},"Latency":0.006}
boulder-1  | 2025-11-23T19:52:39.993073+00:00Z boulder-va[313]: 6 boulder-va s_PssQk [AUDIT] CAA check result JSON={"AuthzID":"1","Requester":1,"Identifier":{"type":"dns","value":"labca.home.arpa"},"Challenge":{"type":""},"Latency":0.034,"Summary":{"passedPerspectives":["cubist","dadaist","surrealist"],"failedPerspectives":[],"passedRIRs":["ARIN","RIPE"],"quorumResult":"3/3"}}
boulder-1  | 2025-11-23T19:52:40.936535+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 tKyl2AM POST /acme/authz/ 1 200 1 0.0.0.0 JSON={"Slug":"1/1","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Status":"valid","Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:52:40.944915+00:00Z boulder-ra[367]: 6 boulder-ra 9cigmgc FinalizationCaaCheck JSON={"Requester":1,"Reused":1}
boulder-1  | 2025-11-23T19:52:41.135288+00:00Z boulder-ca[340]: 3 boulder-ca qO_j5ww [AUDIT] Preparing precert failed: serial=[6ea4a3207f51e91e78c19b06a4f8ff955df6] err=[tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)]
boulder-1  | 2025-11-23T19:52:41.139359+00:00Z boulder-ra[367]: 6 boulder-ra gryAqAo [AUDIT] Certificate request - error JSON={"ID":"s2R80G4RbE4rt7LZL5l0RLcGEHyzgLrkEle-gCjYmZc","Requester":1,"OrderID":1,"VerifiedFields":["subject.commonName","subjectAltName"],"NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","RequestTime":"2025-11-23T19:52:40.942732686Z","ResponseTime":"2025-11-23T19:52:41.139282784Z","Error":"failed to prepare precertificate signing: tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)","Authorizations":{"labca.home.arpa":{"ID":"1","ChallengeType":"http-01"}},"PreviousCertificateIssued":"0001-01-01T00:00:00Z","UserAgent":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18"}
boulder-1  | 2025-11-23T19:52:41.139662+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 q9bvwgk POST /acme/finalize/ 1 500 199 0.0.0.0 JSON={"Slug":"1/1","InternalErrors":["failed to prepare precertificate signing: tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)"],"Error":"500 :: serverInternal :: Error finalizing order","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Extra":{"KeyType":"ECDSA P-256"},"Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:55:01.668278+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 04P50Ak POST /acme/new-order 1 201 11 0.0.0.0 JSON={"ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Created":"2","Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:55:01.672115+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 tKyl2AM POST /acme/authz/ 1 200 1 0.0.0.0 JSON={"Slug":"1/1","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Status":"valid","Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
boulder-1  | 2025-11-23T19:55:01.679640+00:00Z boulder-ra[354]: 6 boulder-ra 9cigmgc FinalizationCaaCheck JSON={"Requester":1,"Reused":1}
boulder-1  | 2025-11-23T19:55:01.716266+00:00Z boulder-ca[327]: 3 boulder-ca nZn4rgQ [AUDIT] Preparing precert failed: serial=[6e8af98556bb04e9f030d3aa7057c641e171] err=[tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)]
boulder-1  | 2025-11-23T19:55:01.719274+00:00Z boulder-ra[354]: 6 boulder-ra 6-7ETwA [AUDIT] Certificate request - error JSON={"ID":"OoVTXp3FMK8FzWHF3M6Y_NHeTaHmnfYBQMFHLKd4JsM","Requester":1,"OrderID":2,"VerifiedFields":["subject.commonName","subjectAltName"],"NotBefore":"0001-01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","RequestTime":"2025-11-23T19:55:01.676872296Z","ResponseTime":"2025-11-23T19:55:01.719181951Z","Error":"failed to prepare precertificate signing: tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)","Authorizations":{"labca.home.arpa":{"ID":"1","ChallengeType":"http-01"}},"PreviousCertificateIssued":"0001-01-01T00:00:00Z","UserAgent":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18"}
boulder-1  | 2025-11-23T19:55:01.719543+00:00Z boulder-wfe2[380]: 6 boulder-wfe2 7KSdzwc POST /acme/finalize/ 1 500 44 0.0.0.0 JSON={"Slug":"1/2","InternalErrors":["failed to prepare precertificate signing: tbsCertificate linting failed: failed lint(s): e_pkimetal_lint_cabf_serverauth_cert (got 1 lint findings from pkimetal API: error from certlint:fqdn_under_reserved_or_special_domain_in_san: FQDN under reserved or special domain in SAN)"],"Error":"500 :: serverInternal :: Error finalizing order","ua":"CertbotACMEClient/5.0.0 (certbot; Ubuntu 24.04.3 LTS) Authenticator/webroot Installer/None (certonly; flags: n) Py/3.10.18","Extra":{"KeyType":"ECDSA P-256"},"Identifiers":[{"type":"dns","value":"labca.home.arpa"}]}
ok

docker compose logs labca

gui-1  | 	/usr/local/go/src/net/http/server.go:2109 +0x665
gui-1  | created by net/http.(*Server).Serve in goroutine 1
gui-1  | 	/usr/local/go/src/net/http/server.go:3493 +0x485
gui-1  | 2025/11/23 19:54:19 GET /
gui-1  | 2025/11/23 19:54:20 GET /setup
gui-1  | 2025/11/23 19:54:51 GET /final
gui-1  | 2025/11/23 19:54:56 GET /final
gui-1  | 2025/11/23 19:55:01 GET /final
gui-1  | 2025/11/23 19:55:01 ERROR: Message from server: 'ERROR! On line 62 in commander script
gui-1  | '
gui-1  | 2025/11/23 19:55:01 errorHandler: err=ERROR! On line 62 in commander script
gui-1  | 
gui-1  | main._hostCommand({0x15fb578, 0xc0009620f0}, 0xc000d228c0, {0x1083171, 0xc}, {0x0, 0x0, 0xc000ccde20?})
gui-1  | 	/go/src/labca/main.go:2122 +0x5e8
gui-1  | main.finalHandler({0x15fb578, 0xc0009620f0}, 0xc000d228c0)
gui-1  | 	/go/src/labca/main.go:2669 +0x4b8
gui-1  | net/http.HandlerFunc.ServeHTTP(0xf34b00?, {0x15fb578?, 0xc0009620f0?}, 0xc0009620f0?)
gui-1  | 	/usr/local/go/src/net/http/server.go:2322 +0x29
gui-1  | main.authorized.func1({0x15fb578, 0xc0009620f0}, 0xc000d228c0)
gui-1  | 	/go/src/labca/main.go:3141 +0x32e
gui-1  | net/http.HandlerFunc.ServeHTTP(0xc000d22780?, {0x15fb578?, 0xc0009620f0?}, 0x33820d7749?)
gui-1  | 	/usr/local/go/src/net/http/server.go:2322 +0x29
gui-1  | github.com/gorilla/mux.(*Router).ServeHTTP(0xc0000da480, {0x15fb578, 0xc0009620f0}, 0xc000d22640)
gui-1  | 	/root/go/pkg/mod/github.com/gorilla/[email protected]/mux.go:212 +0x1e2
gui-1  | net/http.serverHandler.ServeHTTP({0xc000c2a040?}, {0x15fb578?, 0xc0009620f0?}, 0x6?)
gui-1  | 	/usr/local/go/src/net/http/server.go:3340 +0x8e
gui-1  | net/http.(*conn).serve(0xc000d1a900, {0x15fd840, 0xc000d18b40})
gui-1  | 	/usr/local/go/src/net/http/server.go:2109 +0x665
gui-1  | created by net/http.(*Server).Serve in goroutine 1
gui-1  | 	/usr/local/go/src/net/http/server.go:3493 +0x485
gui-1  | 2025/11/23 19:55:01 http: superfluous response.WriteHeader call from main.finalHandler (main.go:2672)
gui-1  | 2025/11/23 19:55:06 GET /final
gui-1  | 2025/11/23 19:55:06 GET /error
gui-1  | 2025/11/23 19:55:06 errorHandler: err=<nil>
gui-1  | main.showErrorHandler({0x15fb578?, 0xc000170870?}, 0x5?)
gui-1  | 	/go/src/labca/main.go:2698 +0x27
gui-1  | net/http.HandlerFunc.ServeHTTP(0xf34b00?, {0x15fb578?, 0xc000170870?}, 0xc000170870?)
gui-1  | 	/usr/local/go/src/net/http/server.go:2322 +0x29
gui-1  | main.authorized.func1({0x15fb578, 0xc000170870}, 0xc0004bef00)
gui-1  | 	/go/src/labca/main.go:3141 +0x32e
gui-1  | net/http.HandlerFunc.ServeHTTP(0xc0004bec80?, {0x15fb578?, 0xc000170870?}, 0x70b102a50490?)
gui-1  | 	/usr/local/go/src/net/http/server.go:2322 +0x29
gui-1  | github.com/gorilla/mux.(*Router).ServeHTTP(0xc0000da480, {0x15fb578, 0xc000170870}, 0xc0004be640)
gui-1  | 	/root/go/pkg/mod/github.com/gorilla/[email protected]/mux.go:212 +0x1e2
gui-1  | net/http.serverHandler.ServeHTTP({0xc000d7e800?}, {0x15fb578?, 0xc000170870?}, 0x6?)
gui-1  | 	/usr/local/go/src/net/http/server.go:3340 +0x8e
gui-1  | net/http.(*conn).serve(0xc0009fc510, {0x15fd840, 0xc000d18b40})
gui-1  | 	/usr/local/go/src/net/http/server.go:2109 +0x665
gui-1  | created by net/http.(*Server).Serve in goroutine 1
gui-1  | 	/usr/local/go/src/net/http/server.go:3493 +0x485
ok

Running on Proxmox in a fresh container with no other software running.

jwgn avatar Nov 23 '25 19:11 jwgn