Problem renew Let's encrypt certificat

Message

tchicken · #1 Post by **tchicken** » 2022-07-24 09:24

Hi there,

I have 3 FTPS servers configured for automatic renewal with Let's Encrypt, I arrived under the 3 week period for the renewal tests, and every 3 minutes, the test fails, here is the log :

<Date> Info [Type] Message
<24/07/2022 11:03:56> ACME [Error] An operation is already being executed.
<24/07/2022 11:03:56> ACME Daemon [Error] Finished renewal of certificate for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org], registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726]. FAILED.
<24/07/2022 11:03:56> ACME Daemon [Error] Retrying in 300 seconds.
<24/07/2022 11:03:56> ACME Daemon [Status] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726], for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org].
<24/07/2022 11:03:56> ACME Daemon [Status] It will be renewed on the date [Sun, 24 Jul 2022 09:08:56 GMT].
<24/07/2022 11:08:56> ACME Daemon [Status] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726], for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org].
<24/07/2022 11:08:56> ACME Daemon [Status] Starting renewal of certificate NOW.
<24/07/2022 11:08:56> ACME [Error] An operation is already being executed.
<24/07/2022 11:08:56> ACME Daemon [Error] Finished renewal of certificate for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org], registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726]. FAILED.
<24/07/2022 11:08:56> ACME Daemon [Error] Retrying in 300 seconds.
<24/07/2022 11:08:56> ACME Daemon [Status] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726], for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org].
<24/07/2022 11:08:56> ACME Daemon [Status] It will be renewed on the date [Sun, 24 Jul 2022 09:13:56 GMT].

2 of my servers are clones of the 1st (linselles.dyndns.org), the one on which I retrieved the log, but the problem is identical on the 3 servers.

Below is my renewal process :

: LetsEncrypt-conf.jpg (101.57 KiB) Viewed 4054 times

: LetsEncrypt-renew-1.jpg (117.76 KiB) Viewed 4054 times

: LetsEncrypt-renew-2.jpg (18.42 KiB) Viewed 4054 times

: LetsEncrypt-renew-3.jpg (23.95 KiB) Viewed 4054 times

Thank's for your help, Tchicken.

oibaf · #2 Post by **oibaf** » 2022-07-24 11:19

Could you set the log to "5 - debug", restart the server and send us the full log, not just those error lines?

tchicken · #3 Post by **tchicken** » 2022-07-25 06:25

<Date> Info [Type] Message
<25/07/2022 08:23:56> Admin UI [Error] GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
<25/07/2022 08:23:56> Admin UI [Status] Server did not properly shut down TLS connection
<25/07/2022 08:23:56> Admin UI [Error] Session ended with error from source 0. Reason: ECONNABORTED - Connection aborted.
<25/07/2022 08:23:56> [Error] Disconnected from server 127.0.0.1:14148 with error 106 (ECONNABORTED - Connection aborted).
<25/07/2022 08:23:56> Admin UI [Status] Attempting reconnection to server 127.0.0.1:14148 in 2 seconds...
<25/07/2022 08:23:58> Admin UI [Status] Successfully connected to server 127.0.0.1:14148.
<25/07/2022 08:23:58> ACME Daemon [Status] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/ac ... /537564726], for the domains [lesarcs.dyndns.org linselles.dyndns.org presles.dyndns.org].
<25/07/2022 08:23:58> ACME Daemon [Status] Starting renewal of certificate NOW.
<25/07/2022 08:23:58> ACME [Status] Listening on 0.0.0.0:80 (tls_mode = 0).
<25/07/2022 08:23:58> ACME [Status] Listening on :::80 (tls_mode = 0).
<25/07/2022 08:23:58> ACME [Trace] Getting directory...
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] add_to_buffer()/request: GET /directory HTTP/1.1
Connection: close
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

***END
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:23:58 GMT
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 658
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:23:58> ACME [Trace] Directory: {
"E2ireIczubg": "https://community.letsencrypt.org/t/add ... tory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
<25/07/2022 08:23:58> ACME [Trace] Getting Nonce...
<25/07/2022 08:23:58> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] add_to_buffer()/request: HEAD /acme/new-nonce HTTP/1.1
Connection: close
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

***END
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:23:59 GMT
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:23:59> ACME [Trace] Nonce: 0001IQp7kHaQ-A-
<25/07/2022 08:23:59> ACME [Trace] make_jws, payload: {"onlyReturnExisting":true,"termsOfServiceAgreed":true}
<25/07/2022 08:23:59> ACME [Trace] make_jws, extra: {"jwk":{"crv":"P-256","kty":"EC","x":"","y":""},"nonce":"","url":"https://acme-v02.api.letsencrypt.org/acme/new-acct"}
<25/07/2022 08:23:59> ACME [Trace] Getting account...
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] add_to_buffer()/request: POST /acme/new-acct HTTP/1.1
Connection: close
Content-length: 558
Content-Type: application/jose+json
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

{"payload":""}***END
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:23:59 GMT
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 310
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Boulder-Requester: 537564726
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Location: https://acme-v02.api.letsencrypt.org/ac ... /537564726
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:23:59> ACME [Trace] Account object: {
"key": {},
"contact": [
],
"initialIp": "",
"createdAt": "2022-05-10T20:35:15Z",
"status": "valid"
}
<25/07/2022 08:23:59> ACME [Trace] Account URI: https://acme-v02.api.letsencrypt.org/ac ... /537564726
<25/07/2022 08:23:59> ACME [Trace] make_jws, payload: {"identifiers":[{"type":"dns","value":"lesarcs.dyndns.org"},{"type":"dns","value":"linselles.dyndns.org"},{"type":"dns","value":"presles.dyndns.org"}]}
<25/07/2022 08:23:59> ACME [Trace] make_jws, extra: {"kid":"https://acme-v02.api.letsencrypt.org/ac ... /new-order"}
<25/07/2022 08:23:59> ACME [Trace] Getting certificate order...
<25/07/2022 08:23:59> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] add_to_buffer()/request: POST /acme/new-order HTTP/1.1
Connection: close
Content-length: 596
Content-Type: application/jose+json
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

{"payload":""}***END
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 201 Created
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:24:00 GMT
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 627
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Boulder-Requester: 537564726
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Location: https://acme-v02.api.letsencrypt.org/ac ... 9902384076
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:24:00> ACME [Trace] Certificate order: {
"status": "pending",
"expires": "2022-07-28T08:34:21Z",
"identifiers": [
{
"type": "dns",
"value": "lesarcs.dyndns.org"
},
{
"type": "dns",
"value": "linselles.dyndns.org"
},
{
"type": "dns",
"value": "presles.dyndns.org"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/ac ... 2993178796",
"https://acme-v02.api.letsencrypt.org/ac ... 2995797266",
"https://acme-v02.api.letsencrypt.org/ac ... 2995797276"
],
"finalize": "https://acme-v02.api.letsencrypt.org/ac ... 9902384076"
}
<25/07/2022 08:24:00> ACME [Trace] make_jws, payload:
<25/07/2022 08:24:00> ACME [Trace] make_jws, extra: {"kid":"https://acme-v02.api.letsencrypt.org/ac ... 2993178796"}
<25/07/2022 08:24:00> ACME [Trace] Getting account auth...
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] add_to_buffer()/request: POST /acme/authz-v3/132993178796 HTTP/1.1
Connection: close
Content-length: 410
Content-Type: application/jose+json
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

{"payload":"","protected":"","signature":""}***END
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:24:00 GMT
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 763
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Boulder-Requester: 537564726
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:24:00> ACME [Trace] Account auth for [lesarcs.dyndns.org] is: {
"identifier": {
"type": "dns",
"value": "lesarcs.dyndns.org"
},
"status": "valid",
"expires": "2022-08-20T08:24:36Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 796/ATTfnw",
"token": "0Y6PB1mR6Ymg4JCWezaUzFg404Rhw-u26xDxUgizuf4",
"validationRecord": [
{
"url": "http://lesarcs.dyndns.org/.well-known/a ... xDxUgizuf4",
"hostname": "lesarcs.dyndns.org",
"port": "80",
"addressesResolved": [
"82.65.91.6"
],
"addressUsed": "82.65.91.6"
}
],
"validated": "2022-07-21T08:24:35Z"
}
]
}
<25/07/2022 08:24:00> ACME [Trace] make_jws, payload:
<25/07/2022 08:24:00> ACME [Trace] make_jws, extra: {"kid":"https://acme-v02.api.letsencrypt.org/ac ... 2995797266"}
<25/07/2022 08:24:00> ACME [Trace] Getting account auth...
<25/07/2022 08:24:00> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] add_to_buffer()/request: POST /acme/authz-v3/132995797266 HTTP/1.1
Connection: close
Content-length: 410
Content-Type: application/jose+json
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

{"payload":"","protected":"","signature":""}***END
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:24:01 GMT
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 804
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Boulder-Requester: 537564726
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:24:01> ACME [Trace] Account auth for [linselles.dyndns.org] is: {
"identifier": {
"type": "dns",
"value": "linselles.dyndns.org"
},
"status": "pending",
"expires": "2022-07-28T08:34:21Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 266/y30uZA",
"token": ""
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 266/5OD3DQ",
"token": ""
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 266/ZQDtcQ",
"token": ""
}
]
}
<25/07/2022 08:24:01> ACME [Trace] make_jws, payload:
<25/07/2022 08:24:01> ACME [Trace] make_jws, extra: {"kid":"https://acme-v02.api.letsencrypt.org/ac ... 2995797276"}
<25/07/2022 08:24:01> ACME [Trace] Getting account auth...
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] Connecting to acme-v02.api.letsencrypt.org:443
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] Certificate is trusted: yes
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] add_to_buffer()/request: POST /acme/authz-v3/132995797276 HTTP/1.1
Connection: close
Content-length: 410
Content-Type: application/jose+json
Host: acme-v02.api.letsencrypt.org
User-Agent: FileZilla-Server/1.4.1

{"payload":"","protected":"","signature":""}***END
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 0] HTTP/1.1 200 OK
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Server: nginx
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Date: Mon, 25 Jul 2022 06:24:01 GMT
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Content-Type: application/json
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Content-Length: 802
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Connection: close
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Boulder-Requester: 537564726
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Cache-Control: public, max-age=0, no-cache
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Link: <https://acme-v02.api.letsencrypt.org/di ... rel="index"
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Replay-Nonce:
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] X-Frame-Options: DENY
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1] Strict-Transport-Security: max-age=604800
<25/07/2022 08:24:01> ACME/HTTP Client [Trace] [Status: 1]
<25/07/2022 08:24:01> ACME [Trace] Account auth for [presles.dyndns.org] is: {
"identifier": {
"type": "dns",
"value": "presles.dyndns.org"
},
"status": "pending",
"expires": "2022-07-28T08:34:21Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 276/niOkhA",
"token": ""
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 276/guNRXQ",
"token": ""
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/ac ... 276/dV6lwg",
"token": ""
}
]
}

tchicken · #4 Post by **tchicken** » 2022-07-25 07:22

Question: Should port 80 be open for all 3 servers, or should it only be open for the server doing the renewal : linselles.dyndns.org ?

#5 Post by **botg** » 2022-07-25 07:25

It must be open on all IP addresses each hostname resolves to.

tchicken · #6 Post by **tchicken** » 2022-07-25 08:44

Question 1 : at the firewall, port 80 must be open for the FileZilla application, or for another service ? If the latter, can you tell me which one please ?

Question 2 : I have another Synology server, can I centralize certificate renewal on this server ? And in this case what would be the method for my FileZilla servers to take into account these new certificates ?

oibaf · #7 Post by **oibaf** » 2022-07-25 10:28

tchicken wrote: ↑
2022-07-25 06:25
<Date> Info [Type] Message
[... rest of the log ...]

There doesn't seem to be any let's encrypt-related error in the log. You sure you pasted the full log of the issue?

Also, pay attention to personal info when posting the log: you can safely edit out the key information that is logged. We'll make sure to not have that printed in clear in the log in one of the next releases.

tchicken · #8 Post by **tchicken** » 2022-07-26 20:23

yes, it's seems to be a mystery !!!

I will take a closer look ...

I have 2 questions :

Question 1 : at the firewall, port 80 must be open for the FileZilla application, or for another service ? If the latter, can you tell me which one please ?

Question 2 : I have another Synology server, can I centralize certificate renewal on this server ? And in this case what would be the method for my FileZilla servers to take into account these new certificates ?

Thanks for your help

FileZilla Forums

Problem renew Let's encrypt certificat

Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat

Re: Problem renew Let's encrypt certificat