Hi everyone,
I'm facing an issue where several of my hosts no longer receive certificates.
I'm using the DNS challenge with All-Inkl. The TXT records are being created correctly with the configured settings.
The problem occurs on two PVE installations at two different locations (both using Telekom fiber connections, in case that's relevant). Interestingly, I also have a third installation at Hetzner (freshly installed recently), and there everything works without any issues.
The error I'm consistently getting is:
TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz/23347xxx17/50552xxx46437' failed - status: invalid
I haven't changed anything in the configuration — it was working before. The DNS entries are being created properly, and even with a 1200s delay for propagation, the challenge validation still fails.
At one of the affected locations, I have a 5-node cluster. Interestingly, the certificate renewal works fine on 4 out of the 5 hosts — only the fifth one is failing. This fifth host is the newest one in the cluster, and certificate issuance did work on it before (both for initial issuance and renewal). Now, neither renewal nor issuing a completely new certificate works on this node.
I already posted this issue in the German section of the forum, but unfortunately didn’t receive any replies so far.
Does anyone have an idea where I could dig deeper to find the root cause of this problem?
Thanks a lot in advance for any help!
I'm facing an issue where several of my hosts no longer receive certificates.
I'm using the DNS challenge with All-Inkl. The TXT records are being created correctly with the configured settings.
The problem occurs on two PVE installations at two different locations (both using Telekom fiber connections, in case that's relevant). Interestingly, I also have a third installation at Hetzner (freshly installed recently), and there everything works without any issues.
The error I'm consistently getting is:
TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz/23347xxx17/50552xxx46437' failed - status: invalid
I haven't changed anything in the configuration — it was working before. The DNS entries are being created properly, and even with a 1200s delay for propagation, the challenge validation still fails.
At one of the affected locations, I have a 5-node cluster. Interestingly, the certificate renewal works fine on 4 out of the 5 hosts — only the fifth one is failing. This fifth host is the newest one in the cluster, and certificate issuance did work on it before (both for initial issuance and renewal). Now, neither renewal nor issuing a completely new certificate works on this node.
I already posted this issue in the German section of the forum, but unfortunately didn’t receive any replies so far.
Does anyone have an idea where I could dig deeper to find the root cause of this problem?
Thanks a lot in advance for any help!