Error: Let's Encrypt validation status 400

Post Reply
rogero
Posts: 8
Joined: Thu Apr 01, 2021 2:56 pm

Many domain names get Error: Let's Encrypt validation status 400 Some are automatically renewed after migration to new server with myvestacp. But new and other domain names are not getting renewed

Tags:
User avatar
myVesta
Site Admin
Posts: 928
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

You need correctly configured DNS.

If you are using your own nameservers,then:
  • In your DNS you have NS1 and NS2 as A record that is pointing to IPv4 of your server
  • NS1 and NS2 are registered as Nameservers at register of your domain.

If you are using other DNS,then: CloudFlare is exception, it will return it's own IPv4 and IPv6, and that's fine.
kjernekrafttrikk
Posts: 9
Joined: Sat Apr 09, 2022 1:17 pm

Same problem. I have IDN (cyrillic), that brings problems like this not the first time. Latin domains are updated OK.
Here's part of letsencrypt.log, in which, I guess, the main drama is:

Code: Select all

[Sun 21 May 2023 07:36:57 PM EET] : sleep 4 (i=2)
[Sun 21 May 2023 07:37:01 PM EET] : - Doing pol check on status
[Sun 21 May 2023 07:37:01 PM EET] : query_le_v2 "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229834129207/h>
[Sun 21 May 2023 07:37:02 PM EET] : answer=HTTP/2 400
server: nginx
date: Sun, 21 May 2023 17:37:02 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 907667017
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}
[Sun 21 May 2023 07:37:02 PM EET] : url2=
[Sun 21 May 2023 07:37:02 PM EET] : validation=
[Sun 21 May 2023 07:37:02 PM EET] : nonce=5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU
[Sun 21 May 2023 07:37:02 PM EET] : status=400
[Sun 21 May 2023 07:37:02 PM EET] : EXIT=Let's Encrypt validation status 400
kjernekrafttrikk
Posts: 9
Joined: Sat Apr 09, 2022 1:17 pm

kjernekrafttrikk wrote: Sun May 21, 2023 7:46 pm Same problem. I have IDN (cyrillic), that brings problems like this not the first time. Latin domains are updated OK.
Here's part of letsencrypt.log, in which, I guess, the main drama is:

Code: Select all

[Sun 21 May 2023 07:36:57 PM EET] : sleep 4 (i=2)
[Sun 21 May 2023 07:37:01 PM EET] : - Doing pol check on status
[Sun 21 May 2023 07:37:01 PM EET] : query_le_v2 "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229834129207/h>
[Sun 21 May 2023 07:37:02 PM EET] : answer=HTTP/2 400
server: nginx
date: Sun, 21 May 2023 17:37:02 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 907667017
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}
[Sun 21 May 2023 07:37:02 PM EET] : url2=
[Sun 21 May 2023 07:37:02 PM EET] : validation=
[Sun 21 May 2023 07:37:02 PM EET] : nonce=5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU
[Sun 21 May 2023 07:37:02 PM EET] : status=400
[Sun 21 May 2023 07:37:02 PM EET] : EXIT=Let's Encrypt validation status 400
By long and terrible research I've found the solution. There was my forced redirection from http to https. I turned it off and it started to work. It's still interesting, that other domains have the same rule and still are updated correctly. Dev, if it's worthable for you, so pay attention to this case.
Post Reply