Page 1 of 1

Error: Let's Encrypt validation status 400

Posted: Sun Jun 27, 2021 8:35 pm
by rogero
Many domain names get Error: Let's Encrypt validation status 400 Some are automatically renewed after migration to new server with myvestacp. But new and other domain names are not getting renewed

Re: Error: Let's Encrypt validation status 400

Posted: Sun Jun 27, 2021 9:01 pm
by myVesta
You need correctly configured DNS.

If you are using your own nameservers,then:
  • In your DNS you have NS1 and NS2 as A record that is pointing to IPv4 of your server
  • NS1 and NS2 are registered as Nameservers at register of your domain.

If you are using other DNS,then: CloudFlare is exception, it will return it's own IPv4 and IPv6, and that's fine.

Re: Error: Let's Encrypt validation status 400

Posted: Sun May 21, 2023 7:46 pm
by kjernekrafttrikk
Same problem. I have IDN (cyrillic), that brings problems like this not the first time. Latin domains are updated OK.
Here's part of letsencrypt.log, in which, I guess, the main drama is:

Code: Select all

[Sun 21 May 2023 07:36:57 PM EET] : sleep 4 (i=2)
[Sun 21 May 2023 07:37:01 PM EET] : - Doing pol check on status
[Sun 21 May 2023 07:37:01 PM EET] : query_le_v2 "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229834129207/h>
[Sun 21 May 2023 07:37:02 PM EET] : answer=HTTP/2 400
server: nginx
date: Sun, 21 May 2023 17:37:02 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 907667017
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}
[Sun 21 May 2023 07:37:02 PM EET] : url2=
[Sun 21 May 2023 07:37:02 PM EET] : validation=
[Sun 21 May 2023 07:37:02 PM EET] : nonce=5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU
[Sun 21 May 2023 07:37:02 PM EET] : status=400
[Sun 21 May 2023 07:37:02 PM EET] : EXIT=Let's Encrypt validation status 400

Re: Error: Let's Encrypt validation status 400

Posted: Mon Jul 03, 2023 1:03 am
by kjernekrafttrikk
kjernekrafttrikk wrote: Sun May 21, 2023 7:46 pm Same problem. I have IDN (cyrillic), that brings problems like this not the first time. Latin domains are updated OK.
Here's part of letsencrypt.log, in which, I guess, the main drama is:

Code: Select all

[Sun 21 May 2023 07:36:57 PM EET] : sleep 4 (i=2)
[Sun 21 May 2023 07:37:01 PM EET] : - Doing pol check on status
[Sun 21 May 2023 07:37:01 PM EET] : query_le_v2 "https://acme-v02.api.letsencrypt.org/acme/chall-v3/229834129207/h>
[Sun 21 May 2023 07:37:02 PM EET] : answer=HTTP/2 400
server: nginx
date: Sun, 21 May 2023 17:37:02 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 907667017
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}
[Sun 21 May 2023 07:37:02 PM EET] : url2=
[Sun 21 May 2023 07:37:02 PM EET] : validation=
[Sun 21 May 2023 07:37:02 PM EET] : nonce=5CA2fM78-qmdY7N7bMHCQ3WT0vfOyMQRBkXm4tPN6xz1XRU
[Sun 21 May 2023 07:37:02 PM EET] : status=400
[Sun 21 May 2023 07:37:02 PM EET] : EXIT=Let's Encrypt validation status 400
By long and terrible research I've found the solution. There was my forced redirection from http to https. I turned it off and it started to work. It's still interesting, that other domains have the same rule and still are updated correctly. Dev, if it's worthable for you, so pay attention to this case.