server could not connect to validation target #1978

morikplay · 2024-08-30T04:32:07Z

morikplay
Aug 30, 2024

Hello experts,
I've searched these discussions, stackoverflow, reddit, and few other avenues for answers but I was unable to find a solution.

The issue
step-ca 0.24.2 linux/amd64 was installed, configured and working fine (100+ certs issued) for past 1.5 years. Few days ago, it stopped working. Network topology or configuration have not changed. Upgrade to 0.27.2 hasn't fixed the issue either.

{
  "duration": "14.689597ms",
  "duration-ns": 14689597,
  "fields.time": "2024-08-29T21:06:46-07:00",
  "level": "info",
  "method": "POST",
  "msg": "",
  "name": "ca",
  "nonce": "TTNTbnBaMHkzYzNaaG5SdllxVHp1OWROUjZNVXdPN2Y",
  "path": "/acme/acme/authz/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE",
  "protocol": "HTTP/1.1",
  "referer": "",
  "remote-address": "192.168.100.23",
  "request-id": "73995c7d-1b6c-4c25-aadd-55731baabb56",
  "response": "{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/1nBgVcEvK81625khkvy4OJtvRYJXUmP9\"},**{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/o9DuctBzGXzJHo134VRdcEnfAVNx3Gkj\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}**,{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/gRsgifXb5eCmIkLBnjSokHhQaCzLPVtG\"}],\"wildcard\":false,\"expires\":\"2024-08-31T04:05:59Z\"}",
  "size": 883,
  "status": 200,
  "time": "2024-08-29T21:06:46-07:00",
  "user-agent": "CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12",
  "user-id": ""
}

ca.json

{
	"root": "<somewhere>",
	"federatedRoots": null,
	"crt": "<somewhere>",
	"key": "<somewhere>",
	"address": ":8443",
	"insecureAddress": "",
	"dnsNames": [
		"ldap.esco.ghaar"
	],
	"logger": {
		"format": "json"
	},
	"db": {
		"type": "badgerv2",
		"dataSource": "/etc/step/db",
		"badgerFileLoadingMode": ""
	},
	"authority": {
		"provisioners": [
			{
				"type": "JWK",
                                  ...			
                        },
			{
				"type": "ACME",
				"name": "acme",
				"claims": {...
				},
				"options": {
					"x509": {},
					"ssh": {}
				}
			}
		],
		"template": {},
		"backdate": "1m0s"
	},
	"tls": {
		"cipherSuites": [
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
		],
		"minVersion": 1.2,
		"maxVersion": 1.3,
		"renegotiation": false
	},
	"commonName": "Step Online CA"
}

Scenario
certbot from a newly provisioned VM attempting to acquire a cert using

sudo certbot certonly --standalone -n --agree-tos -m some@email.com -d `hostname -f` --dry-run -v --http-01-address docker-center.esco.ghaar --http-01-port 80 --debug --preferred-challenges "http" --server https://ldap.esco.ghaar:8443/acme/acme/director

client-side result:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Simulating a certificate request for docker-central.esco.ghaar
Performing the following challenges:
http-01 challenge for docker-central.esco.ghaar
Waiting for verification...
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 182, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.

step-ca side error:

   1 badger 2023/05/27 18:56:50 INFO: All 0 tables opened in 0s
   2 2023/05/27 18:56:50 Starting Smallstep CA/0.24.2 (linux/amd64)
   3 2023/05/27 18:56:50 Documentation: https://u.step.sm/docs/ca
   4 2023/05/27 18:56:50 Community Discord: https://u.step.sm/discord
   5 2023/05/27 18:56:50 Config file: /home/step/.step/config/ca.json
   6 2023/05/27 18:56:50 The primary server URL is https://ldap.esco.ghaar:8443
   7 2023/05/27 18:56:50 Root certificates are available at https://ldap.esco.ghaar:8443/roots.pem
   8 2023/05/27 18:56:50 X.509 Root Fingerprint: c63f847cd06bd9646fa1a4c5a3cfb8159ccdcb23a93a802b8c64d1a274436822
   9 2023/05/27 18:56:50 Serving HTTPS on :8443 ...
  10 time="2023-05-27T19:10:17-07:00" level=info duration="605.099µs" duration-ns=605099 fields.time="2023-05-27T19:10:17-07:00" method=GET name=ca path=/acme/acme/directory protocol=HTTP/1.1 r     eferer= remote-address=192.168.100.9 request-id=chpbg2clcphievf9pa90 response="{\"newNonce\":\"https://ldap.esco.ghaar:8443/acme/acme/new-nonce\",\"newAccount\":\"https://ldap.esco.ghaar:8     443/acme/acme/new-account\",\"newOrder\":\"https://ldap.esco.ghaar:8443/acme/acme/new-order\",\"revokeCert\":\"https://ldap.esco.ghaar:8443/acme/acme/revoke-cert\",\"keyChange\":\"https://     ldap.esco.ghaar:8443/acme/acme/key-change\"}" size=322 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flag     s: ) Py/3.10.6" user-id=
  11 time="2023-05-27T19:10:21-07:00" level=info duration=2.978716ms duration-ns=2978716 fields.time="2023-05-27T19:10:21-07:00" method=HEAD name=ca nonce=VEx1UjA3Uk9tbjRvWERuVnZXNHFCY3Q0N3dsRU     5JRFc path=/acme/acme/new-nonce protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg3clcphievf9pa9g size=0 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubu     ntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" user-id=
  12 time="2023-05-27T19:10:21-07:00" level=info duration=9.648387ms duration-ns=9648387 fields.time="2023-05-27T19:10:21-07:00" method=POST name=ca nonce=aVEzN1M5NDRrNE9UY2JsZkRGNXBYR0ZjOHZyek     1ZQVM path=/acme/acme/new-account protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg3clcphievf9paa0 response="{\"contact\":[\"mailto:some@email.com\"],\"stat     us\":\"valid\",\"orders\":\"https://ldap.esco.ghaar:8443/acme/acme/account/XQ5EECRtWViMtnAXitWQvOfWdLlPzF3D/orders\"}" size=162 status=201 user-agent="CertbotACMEClient/1.21.0 (certbot; Ub     untu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" user-id=
  13 time="2023-05-27T19:10:28-07:00" level=info duration=13.271567ms duration-ns=13271567 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=WWJZNXlsbVJyQUMzaFo0U3ZWd0ZZUDVLWFZt     QndnS2g path=/acme/acme/new-order protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9paag response="{\"id\":\"7xSnGdXmG3eoWlfHHdRG3J0veIClOw7r\",\"status\":     \"pending\",\"expires\":\"2023-05-29T02:10:28Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"ansible.esco.ghaar\"}],\"notBefore\":\"2023-05-28T02:09:28Z\",\"notAfter\":\"2023-08-26T02:1     0:28Z\",\"authorizations\":[\"https://ldap.esco.ghaar:8443/acme/acme/authz/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA\"],\"finalize\":\"https://ldap.esco.ghaar:8443/acme/acme/order/7xSnGdXmG3eoWlfHH     dRG3J0veIClOw7r/finalize\"}" size=422 status=201 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" u     ser-id=
  14 time="2023-05-27T19:10:28-07:00" level=info duration=2.72208ms duration-ns=2722080 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=dHNBVDVaNlpGYmJiOFZra0NXQ1ZFVHl0SlpWUXl     zVE0 path=/acme/acme/authz/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9pab0 response="{\"identifier\":{\"type\":\"dn     s\",\"value\":\"ansible.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"url\":\"https://ld     ap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/dddiiCpN5ggDNZ7zOFbfPNgFnETJHTab\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42A     uzaLjjZJ8\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\"     ,\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/o7c31iamx6XES7pHtU2pXdpfhp6JppgZ\"}],\"wildcard\     ":false,\"expires\":\"2023-05-29T02:10:28Z\"}" size=758 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; fla     gs: ) Py/3.10.6" user-id=
  15 time="2023-05-27T19:10:28-07:00" level=info duration=7.902943ms duration-ns=7902943 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=eWZrZ1NEbzVkem11Nk45RFhmaHNHNGUzN2hsUm     RLRFM path=/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1 protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9pabg re     sponse="{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"validated\":\"2023-05-28T02:10:28Z\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/ch     allenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1\"}" size=237 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalon     e Installer/None (certonly; flags: ) Py/3.10.6" user-id=
 NORMAL  /var/log/step-ca/output.log ⊝                                                                                                                             utf-8[unix]  0% ㏑:1/6389☰℅:1
"/var/log/step-ca/output.log" [readonly] 6389L, 7756277B
 /v/l/s/output.log                                                                                                                                                                       buffers
   1 badger 2023/05/27 18:56:50 INFO: All 0 tables opened in 0s
   2 2023/05/27 18:56:50 Starting Smallstep CA/0.24.2 (linux/amd64)
   3 2023/05/27 18:56:50 Documentation: https://u.step.sm/docs/ca
   4 2023/05/27 18:56:50 Community Discord: https://u.step.sm/discord
   5 2023/05/27 18:56:50 Config file: /home/step/.step/config/ca.json
   6 2023/05/27 18:56:50 The primary server URL is https://ldap.esco.ghaar:8443
   7 2023/05/27 18:56:50 Root certificates are available at https://ldap.esco.ghaar:8443/roots.pem
   8 2023/05/27 18:56:50 X.509 Root Fingerprint: c63f847cd06bd9646fa1a4c5a3cfb8159ccdcb23a93a802b8c64d1a274436822
   9 2023/05/27 18:56:50 Serving HTTPS on :8443 ...
  10 time="2023-05-27T19:10:17-07:00" level=info duration="605.099µs" duration-ns=605099 fields.time="2023-05-27T19:10:17-07:00" method=GET name=ca path=/acme/acme/directory protocol=HTTP/1.1 r     eferer= remote-address=192.168.100.9 request-id=chpbg2clcphievf9pa90 response="{\"newNonce\":\"https://ldap.esco.ghaar:8443/acme/acme/new-nonce\",\"newAccount\":\"https://ldap.esco.ghaar:8     443/acme/acme/new-account\",\"newOrder\":\"https://ldap.esco.ghaar:8443/acme/acme/new-order\",\"revokeCert\":\"https://ldap.esco.ghaar:8443/acme/acme/revoke-cert\",\"keyChange\":\"https://     ldap.esco.ghaar:8443/acme/acme/key-change\"}" size=322 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flag     s: ) Py/3.10.6" user-id=
  11 time="2023-05-27T19:10:21-07:00" level=info duration=2.978716ms duration-ns=2978716 fields.time="2023-05-27T19:10:21-07:00" method=HEAD name=ca nonce=VEx1UjA3Uk9tbjRvWERuVnZXNHFCY3Q0N3dsRU     5JRFc path=/acme/acme/new-nonce protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg3clcphievf9pa9g size=0 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubu     ntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" user-id=
  12 time="2023-05-27T19:10:21-07:00" level=info duration=9.648387ms duration-ns=9648387 fields.time="2023-05-27T19:10:21-07:00" method=POST name=ca nonce=aVEzN1M5NDRrNE9UY2JsZkRGNXBYR0ZjOHZyek     1ZQVM path=/acme/acme/new-account protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg3clcphievf9paa0 response="{\"contact\":[\"mailto:some@email.com\"],\"stat     us\":\"valid\",\"orders\":\"https://ldap.esco.ghaar:8443/acme/acme/account/XQ5EECRtWViMtnAXitWQvOfWdLlPzF3D/orders\"}" size=162 status=201 user-agent="CertbotACMEClient/1.21.0 (certbot; Ub     untu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" user-id=
  13 time="2023-05-27T19:10:28-07:00" level=info duration=13.271567ms duration-ns=13271567 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=WWJZNXlsbVJyQUMzaFo0U3ZWd0ZZUDVLWFZt     QndnS2g path=/acme/acme/new-order protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9paag response="{\"id\":\"7xSnGdXmG3eoWlfHHdRG3J0veIClOw7r\",\"status\":     \"pending\",\"expires\":\"2023-05-29T02:10:28Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"ansible.esco.ghaar\"}],\"notBefore\":\"2023-05-28T02:09:28Z\",\"notAfter\":\"2023-08-26T02:1     0:28Z\",\"authorizations\":[\"https://ldap.esco.ghaar:8443/acme/acme/authz/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA\"],\"finalize\":\"https://ldap.esco.ghaar:8443/acme/acme/order/7xSnGdXmG3eoWlfHH     dRG3J0veIClOw7r/finalize\"}" size=422 status=201 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; flags: ) Py/3.10.6" u     ser-id=
  14 time="2023-05-27T19:10:28-07:00" level=info duration=2.72208ms duration-ns=2722080 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=dHNBVDVaNlpGYmJiOFZra0NXQ1ZFVHl0SlpWUXl     zVE0 path=/acme/acme/authz/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9pab0 response="{\"identifier\":{\"type\":\"dn     s\",\"value\":\"ansible.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"url\":\"https://ld     ap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/dddiiCpN5ggDNZ7zOFbfPNgFnETJHTab\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42A     uzaLjjZJ8\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\"     ,\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/o7c31iamx6XES7pHtU2pXdpfhp6JppgZ\"}],\"wildcard\     ":false,\"expires\":\"2023-05-29T02:10:28Z\"}" size=758 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalone Installer/None (certonly; fla     gs: ) Py/3.10.6" user-id=
  15 time="2023-05-27T19:10:28-07:00" level=info duration=7.902943ms duration-ns=7902943 fields.time="2023-05-27T19:10:28-07:00" method=POST name=ca nonce=eWZrZ1NEbzVkem11Nk45RFhmaHNHNGUzN2hsUm     RLRFM path=/acme/acme/challenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1 protocol=HTTP/1.1 referer= remote-address=192.168.100.9 request-id=chpbg54lcphievf9pabg re     sponse="{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"SQ4MsnQ96HUQqg6nYbJE42AuzaLjjZJ8\",\"validated\":\"2023-05-28T02:10:28Z\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/ch     allenge/XZkFlf8AXV6g1aqWal64jf40cHc1ZnaA/8lGJd06A4koQallJeEEUkmpeSsYE5sK1\"}" size=237 status=200 user-agent="CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.2 LTS) Authenticator/standalon     e Installer/None (certonly; flags: ) Py/3.10.6" user-id=
 NORMAL  /var/log/step-ca/output.log ⊝                                                                                                                             utf-8[unix]  0% ㏑:1/6389☰℅:1
"/var/log/step-ca/output.log" [readonly] 6389L, 7756277B
 /v/l/s/output.log                                                                                                                                                                       buffers
6386 {"duration":"14.258177ms","duration-ns":14258177,"fields.time":"2024-08-29T21:07:19-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"eGMzZzlGcVhTWUhhY0xleFU1R2hjODN5T2xs     Vnc3RWU","path":"/acme/acme/authz/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"837b23f5-6c57-48e1-886d-3c6ac6b3d8bc"     ,"response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"vQpiF     EDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/1nBgVcEvK81625khkvy4OJtvRYJXUmP9\"},{\"type\":\"http-01\",\"status     \":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/o9DuctBzGXzJHo134VRdcEnfAVNx3Gkj\"     ,\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\"     :\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/gRsgifXb5eCmIkLBnjSokHhQaCzLPVtG\"}],\"wildcard\":false,\"     expires\":\"2024-08-31T04:05:59Z\"}","size":883,"status":200,"time":"2024-08-29T21:07:19-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalon     e Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
6387 {"duration":"11.892588ms","duration-ns":11892588,"fields.time":"2024-08-29T21:07:22-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"MFZlYTdBd2hUTDdFcVZTaVk1MlQwdmZzaW1T     VGJEOVI","path":"/acme/acme/authz/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"d349191d-a1f9-4d1b-a6b7-1db80fd34aac"     ,"response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"vQpiF     EDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/1nBgVcEvK81625khkvy4OJtvRYJXUmP9\"},{\"type\":\"http-01\",\"status     \":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/o9DuctBzGXzJHo134VRdcEnfAVNx3Gkj\"     ,\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\"     :\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/gRsgifXb5eCmIkLBnjSokHhQaCzLPVtG\"}],\"wildcard\":false,\"     expires\":\"2024-08-31T04:05:59Z\"}","size":883,"status":200,"time":"2024-08-29T21:07:22-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalon     e Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
6388 {"duration":"17.195038ms","duration-ns":17195038,"fields.time":"2024-08-29T21:07:25-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"S2hIOUNHVlVERUxscjF0dXNwbFZKdXo2aWg2     NjMzcEU","path":"/acme/acme/authz/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"418eba63-ed63-4e54-8828-22e4606411e1"     ,"response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"vQpiF     EDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/1nBgVcEvK81625khkvy4OJtvRYJXUmP9\"},{\"type\":\"http-01\",\"status     \":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/o9DuctBzGXzJHo134VRdcEnfAVNx3Gkj\"     ,\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\"     :\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/gRsgifXb5eCmIkLBnjSokHhQaCzLPVtG\"}],\"wildcard\":false,\"     expires\":\"2024-08-31T04:05:59Z\"}","size":883,"status":200,"time":"2024-08-29T21:07:25-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalon     e Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
6389 {"duration":"10.436872ms","duration-ns":10436872,"fields.time":"2024-08-29T21:07:28-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"NXNSUmZ3bmxCRkJDUUhCclZkOTBoa1hzRngz     Y0g1Z0o","path":"/acme/acme/authz/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"d9c3d040-d247-4fbb-a68c-2f0cec319db0"     ,"response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"vQpiF     EDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/1nBgVcEvK81625khkvy4OJtvRYJXUmP9\"},{\"type\":\"http-01\",\"status     \":\"pending\",\"token\":\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/o9DuctBzGXzJHo134VRdcEnfAVNx3Gkj\"     ,\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\"     :\"vQpiFEDRw86O4GNr6qmEpmi1VfrUTjIl\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/EDhmQy8WxIGl8vvee9ktdxLKAK3Si6ZE/gRsgifXb5eCmIkLBnjSokHhQaCzLPVtG\"}],\"wildcard\":false,\"     expires\":\"2024-08-31T04:05:59Z\"}","size":883,"status":200,"time":"2024-08-29T21:07:28-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalon     e Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}

What can be ruled out?

Connectivity:
- client (docker-central.esco.ghaar) can ping server (ldap.esco.ghaar)
Resolution:
- client and server dns resolution work properly

  dig docker-center.esco.ghaar
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> docker-center.esco.ghaar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43901
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;docker-center.esco.ghaar.	IN	A
;; ANSWER SECTION:
docker-center.esco.ghaar. 1068	IN	A	192.168.100.23
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Aug 29 21:25:43 PDT 2024
;; MSG SIZE  rcvd: 69

curl issued from server when client has spun a standalone server and is re-trying attempts to server succeeds with

curl http://docker-center.esco.ghaar
ACME client standalone vim config/ca.json

I'd be grateful for pointers steering me in the right direction.
Thank you in advance.

hslatman · 2024-09-02T12:28:12Z

hslatman
Sep 2, 2024
Collaborator

@morikplay it's possible the CA process itself is not able to resolve the .ghaar domain locally. How are you managing DNS? If you have your own server locally, can you try starting the CA with --resolver host:port?

1 reply

morikplay Sep 2, 2024
Author

Thank you for looking into my woes. Much appreciated. I do have an Unbound + Bind9 for local network, and all DNS quer resolution (for A, SRV, NAPTR, CNAME etc) run properly. I am aware that Canonical made a few changes to systemd-resolved, but I have yet to see it impact my network. VM's local DNS resolver has a simlink to conf file which lists my network's DNS servers along with the domain name, and appears to work fine for other queries.

I'll revert with the result by Sept 5.

morikplay · 2024-09-07T03:27:36Z

morikplay
Sep 7, 2024
Author

Thank yoou @hslatman for your patience and willingness to help. Same result from running step-ca with --resolver host:port. To be doubly sure, I changed hostname of candidate/client VM to something else twice, ensured intra-network DNS resolution works, re-started CA with updated parameters and re-requested the certificate.

dig for client from CA

dig @192.168.100.36 docker-central.esco.ghaar

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.100.36 docker-central.esco.ghaar
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;docker-central.esco.ghaar.	IN	A

;; ANSWER SECTION:
docker-central.esco.ghaar. 2752	IN	A	192.168.100.23

;; Query time: 0 msec
;; SERVER: 192.168.100.36#53(192.168.100.36) (UDP)
;; WHEN: Fri Sep 06 20:28:29 PDT 2024
;; MSG SIZE  rcvd: 70

dig for CA from client

$ dig @192.168.100.36 ldap.esco.ghaar

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @192.168.100.36 ldap.esco.ghaar
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25723
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ldap.esco.ghaar.		IN	A

;; ANSWER SECTION:
ldap.esco.ghaar.	375	IN	A	192.168.100.10

;; Query time: 0 msec
;; SERVER: 192.168.100.36#53(192.168.100.36) (UDP)
;; WHEN: Fri Sep 06 20:29:37 PDT 2024
;; MSG SIZE  rcvd: 60

step-ca service:

cat /etc/systemd/system/step-ca.service.d/override.conf
[Service]
ExecStart=
ExecStart=/bin/sh -c '/bin/step-ca /etc/step/config/ca.json --password-file=/etc/step/config/pwd --resolver 192.168.100.36:53 >> /var/log/step-ca/output.log 2>&1'

docker-central log:

sudo certbot certonly --standalone -n --agree-tos -m some@email.com -d `hostname -f` --dry-run -v --debug --preferred-challenges "http" --server https://ldap.esco.ghaar:8443/acme/acme/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cannot extract OCSP URI from /etc/letsencrypt/archive/docker-central.esco.ghaar/cert1.pem
Certificate not due for renewal, but simulating renewal for dry run
Simulating renewal of an existing certificate for docker-central.esco.ghaar
Performing the following challenges:
http-01 challenge for docker-central.esco.ghaar
Waiting for verification...
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 335, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 182, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.

step-ca logs:

{"duration":"11.030592ms","duration-ns":11030592,"fields.time":"2024-09-06T20:21:57-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"QUVobzlvOEczSHFYWTAwZnh0R3JUUlEzV3JwTzRnMGs","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"2333c83f-124c-4c49-9212-f00f34bea84d","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:21:57-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"11.25744ms","duration-ns":11257440,"fields.time":"2024-09-06T20:22:00-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"ZG00dlFHYlB1Nzg5NjVoZFZycHpuV1FSYTQ0RWtOYUo","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"806662b9-0222-4adb-bc04-53fa0859a1a6","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:00-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"12.954484ms","duration-ns":12954484,"fields.time":"2024-09-06T20:22:03-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"aW1SNFpscFRCVnhTT1hoMktMRjVic01TeUY5SzRHbDg","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"a0e31307-0916-4238-8259-7b8755e97096","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:03-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"13.779684ms","duration-ns":13779684,"fields.time":"2024-09-06T20:22:06-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"dG5GaVZEeG9oSHZVNHBnVVFKVGFlenRTeThpb2JIZjg","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"db4812ae-459e-4668-a09e-65d0ee005289","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:06-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"13.411589ms","duration-ns":13411589,"fields.time":"2024-09-06T20:22:09-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"RFh3aWlVNGIxVGpQQWlxR3FHcE5CMlpFeTBWSUtPejA","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"48ef3851-e58b-4784-bac2-b4cd9b02cbab","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:09-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"12.519746ms","duration-ns":12519746,"fields.time":"2024-09-06T20:22:12-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"SGJjOEs2WGZPVGRFcEszQ1RoVENHQzhBZEZmRmp2bVI","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"f91dbe27-8834-41d3-8d4b-699af5cc0408","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:12-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"13.195155ms","duration-ns":13195155,"fields.time":"2024-09-06T20:22:15-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"RHMxVXl3aU53SXh3SkZOMHpjbDFadFlnMDBLWTJhRWQ","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"d41992aa-ab23-4788-8fc2-32c39d9ef735","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:15-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"12.883832ms","duration-ns":12883832,"fields.time":"2024-09-06T20:22:18-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"MkN5b0pVZnNzMjU1S2R1Tnc5UTU1cDdTV2tKbUNCb00","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"098b1032-1d3a-4afc-876b-ae26620aaae8","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:18-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"13.885589ms","duration-ns":13885589,"fields.time":"2024-09-06T20:22:21-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"T2VQMzd3ZHMyZkRPa3B1enZOZVA2TlA0b250UXNZeHU","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"1c64912b-ab41-4021-a2b4-61774ccc61f8","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:21-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"11.848195ms","duration-ns":11848195,"fields.time":"2024-09-06T20:22:24-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"RWpvNkFYYlY1dUFReVNia1ZHa2EzbkNJSGFMaWRBNjM","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"877d5c5c-dbab-4a19-9f0a-24df410b6e0d","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:24-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"12.543562ms","duration-ns":12543562,"fields.time":"2024-09-06T20:22:27-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"cThaNGZGS0lBc2pZRlRSSlJSMng1TDcyUHpqQ3ZpakE","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"74e88e2f-4902-4d5a-b9c3-3691493399e8","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:27-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}
{"duration":"12.01329ms","duration-ns":12013290,"fields.time":"2024-09-06T20:22:30-07:00","level":"info","method":"POST","msg":"","name":"ca","nonce":"QXZMU3c4QjFlNUY1TGFlMG55Vm5SN25WRDdYYjVhWDY","path":"/acme/acme/authz/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov","protocol":"HTTP/1.1","referer":"","remote-address":"192.168.100.23","request-id":"269fa2ea-d82d-4cac-97d0-e5b78ed37a60","response":"{\"identifier\":{\"type\":\"dns\",\"value\":\"docker-central.esco.ghaar\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"Ui5KRecsGutSO47g5fEaxLauOdSXebrJ\",\"url\":\"https://ldap.esco.ghaar:8443/acme/acme/challenge/Lnm3MUF0OFUWF7lHxcZINMG1YJI0Tcov/unTm5ekJc0nPVDkVBibz704zI5fA2Sk0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}],\"wildcard\":false,\"expires\":\"2024-09-08T03:21:01Z\"}","size":472,"status":200,"time":"2024-09-06T20:22:30-07:00","user-agent":"CertbotACMEClient/1.21.0 (certbot; Ubuntu 22.04.4 LTS) Authenticator/standalone Installer/None (certonly; flags: n) Py/3.10.12","user-id":""}

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

server could not connect to validation target #1978

{{title}}

Replies: 2 comments 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

server could not connect to validation target #1978

morikplay Aug 30, 2024

Replies: 2 comments · 1 reply

hslatman Sep 2, 2024 Collaborator

morikplay Sep 2, 2024 Author

morikplay Sep 7, 2024 Author

morikplay
Aug 30, 2024

Replies: 2 comments 1 reply

hslatman
Sep 2, 2024
Collaborator

morikplay Sep 2, 2024
Author

morikplay
Sep 7, 2024
Author