Closed KodySalak closed 1 year ago
gregtwallace
commented
1 year ago No that’s really weird. Is the date/time on the host machine correct? I’m not sure why it might be doing that.
Essentially the logic is every night it checks for certificates with less than the threshold amount of valid days remaining and it places orders for those.
KodySalak
commented
1 year ago Hmmm... okay. The time is correct on the docker host VM.
I am getting Config Version Match: No, Error! Check and correct your config file immediately! though for the backend config status. See below:
hostname: 'certhub.domain.com'
# pair specified below. If not, http starts.
# WARNING: You should obtain a valid certificate immediately to avoid loss
# of data confidentiality.
# Additionally, key and certificate downloads via the API key will be disabled
# if the server is running as http.
https_port: 4055
http_port: 4060
# enable http redirect - if this is enabled, when server is running
# https it will also start a server on the http port that will redirect
# the client to https
enable_http_redirect: false
# Server logging level (valid levels are: debug, info, warn, error, dpanic,
# panic, and fatal)
log_level: 'debug'
# Should the server also host the frontend?
serve_frontend: true
# API Server's key and cert
# These names should match the 'name' field of the desired key and cert within
# the application.
# If not specified (or invalid), a self-signed cert is created on each launch
# until proper values are specified.
private_key_name: CERT-Certhub
certificate_name: Certhub
# Development mode
# This should NOT be used in production!
dev_mode: false
# Orders configuration
orders:
# settings for automatic ordering
auto_order_enable: true
# order certs with less than this number of days remaining of validity
valid_remaining_days_threshold: 90
# time for the daily ordering to occur
refresh_time_hour: 21
refresh_time_minute: 12
# Challenge Providers
challenges:
dns_checker:
# specifying skip check wait disables dns record validation and instead
# sleeps for the specified number of seconds and then assumes the record
# is fully propagated
skip_check_wait_seconds: null
# services to use if checker is not disabled
dns_services:
# generally you do NOT want these to be internal dns servers
# internal dns usually has long cache and doesn't truly check propagation
# if you don't want external dns checking, use skip_check above
- primary_ip: 1.1.1.1
secondary_ip: 1.0.0.1
- primary_ip: 9.9.9.9
secondary_ip: 149.112.112.112
- primary_ip: 8.8.8.8
secondary_ip: 8.8.4.4
providers:
# http-01 internal server
http_01_internal:
enable: false
# port to run the http challenge server on
port: 4060
# dns-01 using scripts that are external to LeGo
dns_01_manual:
enable: false
create_script: ./scripts/create-dns.sh
delete_script: ./scripts/delete-dns.sh
# dns-01 via LeGo Cloudflare integration
dns_01_cloudflare:
enable: true
accounts:
- email: cloudflare@domain.com
global_api_key: <API-KEY>
tokens:
- email: cloudflare@domain.com
- api_token: <API-KEY>
zone_names:
- domain.comCan you post the debug log from overnight when it placed the order?
KodySalak
commented
1 year ago Shaved off a bit of everything from things that could potentially hurt me... see below.
2023-06-26T21:12:24.000Z info orders/auto_ordering.go:89 adding incomplete orders to order queue
2023-06-26T21:12:24.014Z info orders/auto_ordering.go:106 incomplete orders added to order queue
2023-06-26T21:12:24.014Z info orders/auto_ordering.go:113 adding expiring certificates to order queue
2023-06-26T21:12:24.015Z debug orders/auto_ordering.go:134 placing new order for expiring cert 3
2023-06-26T21:12:24.159Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/10 371CubTzqz-Zwcu3fbd7DANmKqoU8 https://acme-v02.api.letsencrypt.org/acme/new-order}
2023-06-26T21:12:24.160Z debug acme/post_signed.go:112 {"payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoiY2VydGh1Yi5rb2R5c2FsCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ","signature":"EXlRkHAGHDc4lEN5Ip7qNr5dLnKpCfj4OxawPUutXFeQ391pmq8FbXFtyPVvFQXPjdQW-iBH1vF1S4UX_vCnFA6IopTcZPtLcr5NnsspM-Upk4l39Efg1UBc8iUNtzyc"}
2023-06-26T21:12:24.324Z debug acme/post_signed.go:121 acme response status code: 201
2023-06-26T21:12:24.324Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "certhub.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/97",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/237"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/17/1911"
}
2023-06-26T21:12:24.324Z debug orders/order_place.go:36 new order location: https://acme-v02.api.letsencrypt.org/acme/order/10/191
2023-06-26T21:12:24.417Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/1 371CSwFj514Wn1TCxvNb2S_E https://acme-v02.api.letsencrypt.org/acme/order/1090803737/191124784077}
2023-06-26T21:12:24.418Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxsqfnDeu_GF2otmD1ORwxPJ_wCEz1omC1onaNT-0TSodwBP6hvj95qXjGjZBxY5CGAISP3pQDMqnucUf6s0l45QJ9-gUAuIU1kv4NLLtnsEwlen"}
2023-06-26T21:12:24.467Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:24.467Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "certhub.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2337",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1090/1911"
}
2023-06-26T21:12:24.469Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 371C4--pn2UnApnaaI8xSM https://acme-v02.api.letsencrypt.org/acme/finalize/10/1911}
2023-06-26T21:12:24.470Z debug acme/post_signed.go:112 {"payload":"eyJjc3IiOiJNSUlDM2pDQ0FjWUNBUUF3VnpFSk1BY0dBMVVFQmhNQU1Ra3dCd1lEVlFRSUV3QXhDVEFIQmdOVkJBY1RBREVKTUFjR0ExVUVDaE1BTVFrd0J3WURWUVFMRXdBeEhqQWNCZ05WQkFNVEZXTmxjblJvZFdJdWEyOWtlWE5oYkdGckxtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMM0pGeVhLOW1MTzkzN1JQeGttSEtLT1d1c0VXQllMaGhpeUhjUzA3TE9jZnFqV1QzWnpsakxaQmdqaFBlR3VfYjA1cmxnSGN6RVJqT0dFTWo2a0YzQXlJcm1BR2dEeGxPeE9ldGd0cV9neU0xZHkyRXUtN0l0dFNOSDVQVFBLLXNfdE42Z2RjUjd0VGVwZ21ldzBrS0g5R2RMMzEycndwTXVveFhpZGE0ZUVHOEgzU1RxSVZRQ3pjMDVob2Jkd09INVV5cnFTWWVNUi1PZnFtLTA5dE9JY2ZscXN5TzZ6UXp5R2tHMzNpLU5lX2dSZ0U3SUtmeVF5QTJFZUc2OUFZaHJHX1NOY3VCMDNPQ3l5cDB1TvlGgJNXanODCwOQfJ4vlLyHsEhcP3QAhTIfg5m4bKm2NcozyKS6TArUB4BPk5n_a2bVh6qwJe9tHeYtidzpijAZdAw6Uq8PeC3hR1uI"}
2023-06-26T21:12:25.289Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:25.289Z debug acme/post_signed.go:130 {
"status": "valid",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "certhub.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/233438",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1090/1917",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/044fa450fa"
}
2023-06-26T21:12:25.289Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 371CP4u5LsIzywKh3wny9Uxqsw https://acme-v02.api.letsencrypt.org/acme/cert/044fa45633bf}
2023-06-26T21:12:25.289Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZXEFdlyUihOC8yQ_qlru8oSudp5F5l6PYKz94RdFCK8OAInL5N2O6J-gffgwAskkLNzI67SkGSeW1gx3vmapG2m5pQq-SMrlT8afEXqNXyYxx"}
2023-06-26T21:12:25.332Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:25.332Z debug acme/post_signed.go:130 -----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISBE+kVjO/HV6TxPNk7nec8jD6MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA2MjYyMDEyMjRaFw0yMzA5MjQyMDEyMjNaMCAxHjAcBgNVBAMT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
-----END CERTIFICATE-----
2023-06-26T21:12:25.340Z debug orders/worker.go:47 worker 1: end of low priority order fulfiller (orderId: 58)
2023-06-26T21:12:39.419Z debug orders/auto_ordering.go:134 placing new order for expiring cert 4
2023-06-26T21:12:39.421Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/107 1AADHqArlMMb-yXwpiCdEVlStA https://acme-v02.api.letsencrypt.org/acme/new-order}
2023-06-26T21:12:39.422Z debug acme/post_signed.go:112 {"payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoiY2FtZXJhcy5rb2R5c2FsYWsuY29tIn0seyJ0eXovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ","signature":"DCl08hFMrx9k3szjFBNirDbRwnXO6APE6somRcBWiqKfVvonROpr0zIfOSFrAc_RypOMp6q88X91VbxCLNR-DWomiG0V2Wl0xALd6t0Dc1vyi9Uqc1_H7g6RfF4SPGFu"}
2023-06-26T21:12:39.670Z debug acme/post_signed.go:121 acme response status code: 201
2023-06-26T21:12:39.670Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "cameras.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2397",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23343"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1090/148197"
}
2023-06-26T21:12:39.670Z debug orders/order_place.go:36 new order location: https://acme-v02.api.letsencrypt.org/acme/order/109080/191197
2023-06-26T21:12:39.680Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 371Cxy7VRXzXC89-wW7gzjN9Yfg https://acme-v02.api.letsencrypt.org/acme/order/107/1911}
2023-06-26T21:12:39.680Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHN0qZXsi_yV5nYIU-nRkZHkg0odDHt_V3pO-ilnQR2XzQPDcujG2l3wmu_8tch8jBd9mkjQxLafwkGXz0mqQZWPPsVL2XwudJqP7LX9ufIaD8"}
2023-06-26T21:12:39.796Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:39.796Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "cameras.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23997",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/137/197"
}
2023-06-26T21:12:39.799Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/1090 1AADgoUp3brXzSdKkJ7j6f8 https://acme-v02.api.letsencrypt.org/acme/finalize/10908/191124}
2023-06-26T21:12:39.800Z debug acme/post_signed.go:112 {"payload":"eyJjc3IiOiJNSUlDM2pDQ0FjWUNBUUF3VnpFSk1BY0dBMVVFQmhNQU1Ra3dCd1lEVlFRSUV3QXhDVEFIQmdOVkZX_EP2E1eY-8-6P8dRDBeWpd4X0bDpy4x92cSDm8oRUzmzHBPb7tf2U6D5JcNAiohgwZNOtooHaOkeipPBTLgm0oH27uBqWLx2tHUr"}
2023-06-26T21:12:40.532Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:40.532Z debug acme/post_signed.go:130 {
"status": "valid",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "cameras.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2392",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2334"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/107/456",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04995de2c3db53"
}
2023-06-26T21:12:40.533Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/10901AADxbSBYtvEo5m1K736F4LjFTFLoSJE https://acme-v02.api.letsencrypt.org/acme/cert/04995de2c3db53a0aa181}
2023-06-26T21:12:40.533Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yhocdazMphkbE4wTIhapqgMBtSgyuBarDcxAPZ2KF9Hfa4SwcJaYRsLbCJGGDO6KgvjUo40ybnT68ps1GaPkVQgB85ipKTGSlGsvOgY8bPWYGBhC"}
2023-06-26T21:12:40.577Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:40.577Z debug acme/post_signed.go:130 -----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISBJld4sPbU6CqGBxbHuBUOndAMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA2MjYyMDEyNDBaFw0yMzA5MjQyMDEyMzlaMCAxHjAcBgNVBAMT
FWNhbWVyYXMua29keXNhbGFrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
kx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
2023-06-26T21:12:40.586Z debug orders/worker.go:47 worker 2: end of low priority order fulfiller (orderId: 59)
2023-06-26T21:12:54.679Z debug orders/auto_ordering.go:134 placing new order for expiring cert 5
2023-06-26T21:12:54.680Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 371CEidPpBWSjxbhIE https://acme-v02.api.letsencrypt.org/acme/new-order}
2023-06-26T21:12:54.680Z debug acme/post_signed.go:112 {"payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoiKi5rb2R5c2FsYWsuY29tIn0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJrb2R5c2FsYWsuYcmcvYWNtZS9uZXctb3JkZXIifQ","signature":"2tATyLiQ5NBljuCaF06K_OMspjtxqIh_B0NXiWb0LcPBQy95vIXY72tDX8M28ESu8zY-hWS4gBdUBEj_U6w548IO_k_7CfVd01Gk2m-941ySMCUIaQ9ufXstsrjD7Sbr"}
2023-06-26T21:12:54.837Z debug acme/post_signed.go:121 acme response status code: 201
2023-06-26T21:12:54.838Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "*.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23908",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23385"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/10907/19"
}
2023-06-26T21:12:54.838Z debug orders/order_place.go:36 new order location: https://acme-v02.api.letsencrypt.org/acme/order/1097/1911
2023-06-26T21:12:54.863Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 371cg3Vgw3NS4f94g https://acme-v02.api.letsencrypt.org/acme/order/1090803737/191124847267}
2023-06-26T21:12:54.864Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5MDgwMzczNyIsI3dS4cL6hCS7fE-OegJLs2B7yh-IEHm05mAu3xCMtCvse3swHUsK1XKoVNH-SR"}
2023-06-26T21:12:54.907Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:54.907Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "*.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/239887",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1090/19112"
}
2023-06-26T21:12:54.910Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/1090 371C68-NaEI9XgcSmdUA4GceQ https://acme-v02.api.letsencrypt.org/acme/finalize/10/19267}
2023-06-26T21:12:54.910Z debug acme/post_signed.go:112 {"payload":"eyJjc3IiOiJNSUlDMGpDQ0Fib0NBUUF3VVRFSk1BY0dBMVVFQmhNQU1Ra3dCd1lEVlFRSUV3QXhDVEFMDgwMzczNyIsIm5vbmNlIjoiMzcxQzY4LU5hRUk5WGdjU21kVUE0YVNuM2EtSUFLMkZYTTBFcWNaLTJCMUdjZVEiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9maW5hbGl6ZS8xMDkwODAzNzM3LzE5MTEyNDg0NzI2NyJ9","signature":"UYLxCUDkRsnxXH7tTEVAU07tQErfHQ_LTUt5Io6x8IQpXbpSy55JNNYvFcKoDwy_LmFoK7_IzDopfNsWk0rI95smJHbTgK5d2gmnucA6eTrKpOJ5jUKCgayfJUeUgU8U"}
2023-06-26T21:12:55.532Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:55.532Z debug acme/post_signed.go:130 {
"status": "valid",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "*.domain.com"
},
{
"type": "dns",
"value": "domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/237"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1097/191",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04cb00b7306c7c002389"
}
2023-06-26T21:12:55.532Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/1090 375eFInZ7bozY6D3JY https://acme-v02.api.letsencrypt.org/acme/cert/04cb650}
2023-06-26T21:12:55.533Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5MIbpwTMi3tbLua4mv6jaL8VtEfSOxW9jVCSBqyv7Vj_rejBSSfvJiL5R1DACzNqZYy4GKXpG342zEQGMcWqMqF8-"}
2023-06-26T21:12:55.578Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:12:55.578Z debug acme/post_signed.go:130 -----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgISBMtlCBal0toquwC3MGx8ACOJMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA2MjYyMDEyNTVaFw0yMzA5MjQyMDEyNTRaMBoxGDAWBgNVBAMM
Dyoua29keXNhbGFrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJ9Ss/2sdSEGgL72df2vbP/H94xKdtlsuWIMqbcn6CZO0zJRJSjKawc5/WRoT+1n
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
-----END CERTIFICATE-----
2023-06-26T21:12:55.785Z debug orders/worker.go:47 worker 0: end of low priority order fulfiller (orderId: 60)
2023-06-26T21:13:09.864Z debug orders/auto_ordering.go:134 placing new order for expiring cert 6
2023-06-26T21:13:09.865Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/10908 1AADNxhhsHqqP_1sCMdF8gH0 https://acme-v02.api.letsencrypt.org/acme/new-order}
2023-06-26T21:13:09.866Z debug acme/post_signed.go:112 {"payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoibWFpbC5rb2R5c2FsYWsuY29tIn0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJrb2R5c2FsYWsvcmcvYWNtZS9uZXctb3JkZXIifQ","signature":"aQbpDbOimBXXghrqG0UPAesJDs9hcM-F4vOwWMXR6MFGWoPx4iJYG7U2GS5i5pnvIKhmJOAb4g2xvBX4759vtLYyPisncPqFZNOJ1niM2MEfK0sqQZo8LuRJikta_qOq"}
2023-06-26T21:13:10.068Z debug acme/post_signed.go:121 acme response status code: 201
2023-06-26T21:13:10.068Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "mail.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23347",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/23"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1/19117"
}
2023-06-26T21:13:10.068Z debug orders/order_place.go:36 new order location: https://acme-v02.api.letsencrypt.org/acme/order/1090/1911248
2023-06-26T21:13:10.077Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/10908 371Cxc8Sx4DiR6NYweFHkd_y7FSfPE https://acme-v02.api.letsencrypt.org/acme/order/109/19117}
2023-06-26T21:13:10.078Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5MDgwMzczNyIsIm5vbmNlIjoiMzcxQ3hjOFN4a0RabmZRWENGYnNhMj2PaZJKIatDW2gs0iYHuz18_U_J34Ob"}
2023-06-26T21:13:10.124Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:13:10.124Z debug acme/post_signed.go:130 {
"status": "ready",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "mail.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2337",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/27"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/107/197"
}
2023-06-26T21:13:10.126Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/109 1AADmWNhYGLutbTsCcVb5gk92rIKf5cVmYTn8jCdTXpWZ4U https://acme-v02.api.letsencrypt.org/acme/finalize/1090/191}
2023-06-26T21:13:10.127Z debug acme/post_signed.go:112 {"payload":"eyJjc3IiOiJNSUlDMkRDQ0FjQUNBUUF3VkRFSk1BY0dBMVVFQmhNQU1Ra3dCd1lEVlFRSUV3QXhDVEFIQmdOVkJBYa0mzefBdrcJeaiNRCDcWC9oh2xJAnqIDUxRuGafY1DCDyrouksY8AmKdcfdvC06yLHSPNTWiwCVZmJqfOQ4"}
2023-06-26T21:13:10.969Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:13:10.969Z debug acme/post_signed.go:130 {
"status": "valid",
"expires": "2023-07-03T02:23:39Z",
"identifiers": [
{
"type": "dns",
"value": "domain.com"
},
{
"type": "dns",
"value": "mail.domain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/27",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/2397"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/10/1911",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04643d"
}
2023-06-26T21:13:10.970Z debug acme/post_signed.go:71 unencoded acme header: {ES384 %!s(*acme.jsonWebKey=<nil>) https://acme-v02.api.letsencrypt.org/acme/acct/10908 371CLWi1e7JrBd_TCyIdINFIRfzkCM https://acme-v02.api.letsencrypt.org/acme/cert/04643d6f}
2023-06-26T21:13:10.970Z debug acme/post_signed.go:112 {"payload":"","protected":"eyJhbGciOiJFUzM4NCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA5MDgwMzczNyIsHcKllLPuKoDU8yvIQIDVNOq5VjgzqGgNJtA-VCDnLwDv29ZWyrxH_RPI59k2gM_zZlQbxz7hu2EcrnDH"}
2023-06-26T21:13:11.014Z debug acme/post_signed.go:121 acme response status code: 200
2023-06-26T21:13:11.014Z debug acme/post_signed.go:130 -----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISBGQ9brzv7zBoe601TWXiKYCfMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
-----END CERTIFICATE-----
2023-06-26T21:13:11.038Z debug orders/worker.go:47 worker 1: end of low priority order fulfiller (orderId: 61)
2023-06-26T21:13:25.076Z info orders/auto_ordering.go:161 expiring certificates added to order queueAfter reviewing the log and your config this is the issue:
valid_remaining_days_threshold: 90
Your config is set to re-order for certs with less than 90 days of valid time remaining. Since the certs are only good for 90 days they’re reordered every day because they drop to 89 days which is below your configured threshold.
Either remove the line to use the default or edit to what you actually want.
Please confirm this fixes the issue and I will close this.
KodySalak
commented
1 year ago Oh, good lord I can't read. I'll update this to something like 2 and I'll let you know what happens. Thanks for looking at this for me!
gregtwallace
commented
1 year ago Lol. I would not go that low. That’s very risky to let something expire before your client picks up the new order (assuming it runs weekly).
Minimum I’d probably go is 30. The default is 40. This also gives you runway if something breaks and the new cert isn’t installed in a timely manner.
I migrated the database over to a docker container, set up the config... Now it seems that every day a certificate is generated for any order that I placed before. Is that correct? Screenshot below.
Image