Certificate renew fails

May 7, 2016
12
1
43
39
I sucessfully set up acme certificate on our proxmox node but certificate renew fails.

Output of pvenode acme cert renew:

Code:
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/1446374306/265127774607


Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/344547255077'
The validation for dita.lwg.cz is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/344547255077' failed - status: invalid
Task validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/344547255077' failed - status: invalid

Infor from LEt's encrypt:

JSON:
{
  "identifier": {
    "type": "dns",
    "value": "dita.lwg.cz"
  },
  "status": "invalid",
  "expires": "2024-05-06T14:18:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "178.238.44.71: Fetching http://dita.lwg.cz/.well-known/acme-challenge/9g70j6YzHdxf3zEOUfv4IARZFzTLfhz8rNlnCFhWX7I: Connection reset by peer",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/344547255077/wfNpZQ",
      "token": "9g70j6YzHdxf3zEOUfv4IARZFzTLfhz8rNlnCFhWX7I",
      "validationRecord": [
        {
          "url": "http://dita.lwg.cz/.well-known/acme-challenge/9g70j6YzHdxf3zEOUfv4IARZFzTLfhz8rNlnCFhWX7I",
          "hostname": "dita.lwg.cz",
          "port": "80",
          "addressesResolved": [
            "178.238.44.71"
          ],
          "addressUsed": "178.238.44.71",
          "resolverAddrs": [
            "A:10.1.12.81:31390",
            "AAAA:10.1.12.89:26534"
          ]
        }
      ],
      "validated": "2024-04-29T14:18:17Z"
    }
  ]
}

I checked firewall and port 80 is open. DNS is resolved correctly. I found nothing in syslog.

Any ideas what could be the problem? Or where can I look to find more information about what failed?