zoraxy icon indicating copy to clipboard operation
zoraxy copied to clipboard
verified publisher icon tobychui

[HELP] Error 400 during renew Let's encrypt certificates

Open miachl opened this issue 10 months ago • 6 comments

What happened? I created several hosts with Let's encrypt certificates and everything worked fine.

Describe what have you tried I tried to renew the expiring certificates, but everytime I got an error. There was no difference between renew a certificate or try to get a new certificate for an old or an existing host. The error is always the same. acme error 400 Fetching https://..tld/.well-known/acme-challenge/: Error getting validation data

Describe the networking setup you are using My setup is a docker compose build of Zoraxy in version 3.1.7 I use no cloudflare. My domains are with a CNAME routed to my ddns-address at home.

The test in ACME tool -> wizard are all passed, but when I try to request the certificate I got the error.

Can anybody help me with my problem? What am I doing wrong?

Thanks a lot for any help! miachl

miachl avatar Feb 13 '25 12:02 miachl

having the same issue and i am investigating already for some hours.... i am able to get certs for my main domain (once) but not for subdomains (any, got wildcard).

running in docker

services:
  zoraxy:
    image: zoraxydocker/zoraxy:latest
    container_name: zoraxy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - 8005:8000
    volumes:
      - /home/docker/zoraxy/config4/:/opt/zoraxy/config/
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime
    environment:
      FASTGEOIP: "true"



    

[2025-02-13 18:59:22.757989] [ACME] [system:info] Obtaining certificate for: sub.example.de
[2025-02-13 18:59:22.758099] [ACME] [system:info] Using Custom ACME https://acme-staging-v02.api.letsesubrypt.org/directory for CA Directory URL
2025/02/13 18:59:23 [INFO] acme: Registering account for [email protected]
2025/02/13 18:59:23 [INFO] [sub.example.de] acme: Obtaining bundled SAN certificate
2025/02/13 18:59:24 [INFO] [sub.example.de] AuthURL: https://acme-staging-v02.api.letsesubrypt.org/acme/authz/184824344/xxx
2025/02/13 18:59:24 [INFO] [sub.example.de] acme: Could not find solver for: tls-alpn-01
2025/02/13 18:59:24 [INFO] [sub.example.de] acme: use http-01 solver
2025/02/13 18:59:24 [INFO] [sub.example.de] acme: Trying to solve HTTP-01
2025/02/13 18:59:24 http: TLS handshake error from ip:57126: local error: tls: bad record MAC
2025/02/13 18:59:31 [INFO] Deactivating auth: https://acme-staging-v02.api.letsesubrypt.org/acme/authz/184824344/xxx
[2025-02-13 18:59:31.422345] [ACME] [system:error] Obtain certificate failed: error: one or more domains had a problem:
[sub.example.de] acme: error: 400 :: urn:ietf:params:acme:error:connection :: ip: Fetching https://sub.example.de/.well-known/acme-challenge/J-8kehyXLD8WwcE4Y6jjTXrT5RUZtzwQp: Error getting validation data
[2025-02-13 19:00:53.470943] [ACME] [system:info] Obtaining certificate for: example.de
[2025-02-13 19:00:53.471396] [ACME] [system:info] Using Custom ACME https://acme-staging-v02.api.letsesubrypt.org/directory for CA Directory URL
2025/02/13 19:00:53 [INFO] acme: Registering account for [email protected]
2025/02/13 19:00:54 [INFO] [example.de] acme: Obtaining bundled SAN certificate
2025/02/13 19:00:54 [INFO] [example.de] AuthURL: https://acme-staging-v02.api.letsesubrypt.org/acme/authz/184824494/xxx
2025/02/13 19:00:54 [INFO] [example.de] acme: Could not find solver for: tls-alpn-01
2025/02/13 19:00:54 [INFO] [example.de] acme: use http-01 solver
2025/02/13 19:00:54 [INFO] [example.de] acme: Trying to solve HTTP-01
2025/02/13 19:00:56 [INFO] [example.de] Served key authentication
2025/02/13 19:00:56 [INFO] [example.de] Served key authentication
2025/02/13 19:00:57 [INFO] [example.de] Served key authentication
2025/02/13 19:00:57 [INFO] [example.de] Served key authentication
2025/02/13 19:00:57 [INFO] [example.de] Served key authentication
2025/02/13 19:00:59 [INFO] [example.de] The server validated our request
2025/02/13 19:00:59 [INFO] [example.de] acme: Validations succeeded; requesting certificates`

secco04 avatar Feb 13 '25 18:02 secco04

Btw zerossl worked for now & npm had no problem with le before

secco04 avatar Feb 14 '25 06:02 secco04

Got same problem with LXC and docker - latest 3.1.7 of zoraxy, DNS chellenge does not work with cloudflare

cpuks avatar Feb 14 '25 11:02 cpuks

@yeungalan Can you take a quick look at this?

tobychui avatar Feb 14 '25 13:02 tobychui

I have the very same issue. I tried to switch from npm to zoraxy but can't get my certificate to work. I always receive

[my-domain.de] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 2001:9e8:1fd4:3681:9a9b:cbff:febb:59fe: Fetching https://my-domain.de/.well-known/acme-challenge/ qmXsIJQqVZ7MIUoj5CdnpSSEW3wULoi-ifr9IqiDCWI: Error getting validation data

Were you able to fix this? I am running Zoraxy in my proxmox installed via helper script

Anubarak avatar Jul 25 '25 11:07 Anubarak

Yes i had an cname on my myfritz dyndns and switched it to an a record So that the ipv6 isnt present anymore...

secco04 avatar Jul 25 '25 11:07 secco04