Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"404 Expired authorization" when run in Cron #688

Open
tingvold opened this issue Oct 24, 2019 · 0 comments

Comments

@tingvold
Copy link

@tingvold tingvold commented Oct 24, 2019

Hi,

Trying to run dehydrated in cron, yields the following error;

Wed Oct 23 02:19:01 CEST 2019: running dehydrated...
# INFO: Using main config file /srv/letsencrypt/scripts/dehydrated.conf
13348 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
13351 > Wed Oct 23 02:19:02 CEST 2019: Hook: startup_hook
Processing foobar.com with alternative names: www.foobar.com kek.foobar.com lol.foobar.com
13375 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Nov 14 23:21:29 2019 GMT Certificate will expire
(Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 4 authorizations URLs from the CA
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/<snip> (Status 404)

Details:
HTTP/1.1 200 Connection established

HTTP/2 404
server: nginx
date: Wed, 23 Oct 2019 00:19:04 GMT
content-type: application/problem+json
content-length: 106
boulder-requester: 2680473
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: <snip>

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Expired authorization",
  "status": 404
}

...skipping...

Running the same command manually, works just fine;

[…]
 + Requesting new certificate order from CA...
 + Received 4 authorizations URLs from the CA
 + Handling authorization for foobar.com
 + Handling authorization for www.foobar.com
 + Handling authorization for lol.foobar.com
 + Handling authorization for kek.foobar.com
 + 4 pending challenge(s)
 + Deploying challenge tokens...
[…]

The "error" it receives in cron, happens every time (since I have it once per 24h, and the certificates are almost 10 days past the "30 day renewal" that I've set).

Some of these domains where signed by v1 of the LE API, while I'm now using v2. Could this be the culprit? If so, it's strange that it works when I ran the crontab-command manually.

Any pointers?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.