[SOLVED] Letsencrypt renew fails

[Robert Dahlem]

Hello,

I'm on 6.4-13. All of a sudden Letsencrypt certificate renewals are failing:

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/17197269920' The validation for my.fqdn is pending! Setting up webserver Triggering validation Sleeping for 5 seconds Status is still 'pending', trying again in 10 seconds TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/17197269920' failed - status: invalid

With tcpdump I can see that traffic arrives for port 80 but for requests like GET /.well-known/acme-challenge/zyZNeh3IT5I8eVT6P5lJXhxI-zaBwuZMFfTMlcpomaw HTTP/1.1
I see HTTP/1.1 404 Not Found

That proves that

• my port 80 is reachable from the internet
• the requested domain resolves to my Proxmox system

I don't see another listener on port 80 (lsof -i :80).

Is there anything I can do to debug this?

Regards,
Robert

 

[Robert Dahlem]

Ouch! Port 80 was forwarded to a different machine. I should have checked that tcpdump actually saw incoming traffic.