LetsEncrypt stooped working with error: Cannot validate argument on parameter 'Value'.
-
Hello All,
We have a mail server thats been running fine for about 6 months or more, however for no reason that I can dicern the ssl letsencrypt funcrion no longer works, we are licneces and fully uptodate I belive.MDaemon Server (64-bit) SMTP/POP/IMAP server: v23.0.2 Webmail HTTP server: v23.0.2 Webmail DLL: v23.0.2 MDaemon Instant Messenger client: v22.0.1 Content filter server: v23.0.2 Content filter DLL: v23.0.2 Content filter GUI: v23.0.2 Calendar API (MDCalendar.dll): v23.0.2 Mailing list API (MDList.dll): v23.0.2 Original "Flat-File" API (MDUser.dll): v23.0.2 COM/DCOM API (MDUserCOM.dll): v23.0.2 LDAP API (MDUserLDAP.dll): v23.0.2 ODBC/SQL API (MDUserODBC.dll): v23.0.2 Cluster Service (64bit) (ClstrSvc.dll): 23.0.2.2 Dynamic Screening (64bit) (DynScrn.dll): 23.0.2.6 ActiveSync Mgmt Module (64bit) (MDASMgmt.dll): 23.0.2.15 AutoDiscovery Service (64bit) (MDAutoDiscover.dll): 23.0.2.3 Message Indexing (64bit) (MdMbSrch.dll): 23.0.2.2 Management Web Service (64bit) (MDMgmtWS.dll): 23.0.2.4 MDPGP (mdpgp.dll): 23.0.2 MDOP (mdop.dll): 1.3.8 ActiveSync (MDAirSync.dll): v23.0.2.36 NT/2K/XP utility API (NTUtil.dll): v23.0.2 DKIM API (LibDKIM.dll): v1.0.21 AntiSpam server daemon (MDSpamD): v3.4.4 CalDAV/CardDAV (MDWebDAV.dll): v23.0.2 XMPP server (WCXMPPServer.exe): v23.0.2 MDaemon AntiVirus: AV overall system: v23.0.2 AV engine source: MDaemon Technologies, Ltd AV last virus update: 2023-08-04 07:46:24 Outbreak Protection (MDOP.dll): v1.3.8 MDaemon Connector: Plug-in: v7.0.7 Remote Administration Server: HTTP server: v23.0.2
When I run the scrip manually I get the following:Starting Script run at 08/04/2023 10:50:08. Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin Starting Script run at 08/04/2023 10:50:08. Get the MDaemon paths. The MDaemon.ini Path is D:\MDaemon\App\MDaemon.ini. The MDaemon APP Path is D:\MDaemon\App\. The MDaemon Pem path is D:\MDaemon\PEM\. The MDaemon Log path is D:\MDaemon\Logs\. The MDaemon RAW path is D:\MDaemon\Queues\Raw\. The WorldClient Path is D:\MDaemon\WorldClient. The WorldClient HTML Path is D:\MDaemon\WorldClient\HTML. The well-known path is D:\MDaemon\WorldClient\HTML\.well-known. The Acme-Challenge path is D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge. The State Path is D:\MDaemon\PEM\_LEState. The FQDN is set to mail2.kee.go.ug. The email address is set to postmaster@mail2.kee.go.ug. Setting the system to use the LetsEncrypt Live Service. The certificate thumbrpint in the MDaemon.ini file is XXXX XXXX XXXX ECA3 46B3 3DCF 1975. Looking for the local certificate. The certificate is not from LetsEncrypt, requesting a new certificate. Importing the ACMESharp module. Getting an updated state. The account is setup and the status is valid. Getting another updated state, just in case. Getting an updated state. Getting service directory. ResourceUrl : https://acme-v02.api.letsencrypt.org/directory NewAccount : https://acme-v02.api.letsencrypt.org/acme/new-acct NewAuthz : NewNonce : https://acme-v02.api.letsencrypt.org/acme/new-nonce NewOrder : https://acme-v02.api.letsencrypt.org/acme/new-order KeyChange : https://acme-v02.api.letsencrypt.org/acme/key-change RevokeCert : https://acme-v02.api.letsencrypt.org/acme/revoke-cert Meta : AcmeDirectoryMeta Getting a new Nonce 891FsRWUqlrWfxRnWfkx96Yu9PaZ_hnd2SJdysFScIm0lIo Getting identifier for mail2.kee.go.ug. Getting identifier for mail2.kee.go.ug. Getting identifier for . Getting identifier for . Creating new certificate. The script is stopping because an error occurred. New-ACMEIdentifier : Cannot validate argument on parameter 'Value'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At D:\MDaemon\LetsEncrypt\letsencrypt.ps1:579 char:38 + $Identifier = New-ACMEIdentifier $domain -ErrorVariable LogText + ~~~~~~~ + CategoryInfo : InvalidData: (:) [New-ACMEIdentifier], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,New-ACMEIdentifier PS D:\MDaemon\LetsEncrypt>
The error seems to revolve arround:
$Identifier = New-ACMEIdentifier $domain -ErrorVariable LogText
Any advise on were to look?
In the meantime have I setup selfsigned certificates, not ideal but...
I've done a tests with poshac.me (https://poshac.me/docs/v4/Tutorial/) and all seems well so i ruled out any systems/connectiviry related issues.
-
Arron StaffThere is a bug in the script included with MDaemon 23.0.2 that can cause an error to be returned if no alternate host names are passed to the script. It looks to me like that is what is occurring.You can work around the problems in a couple of different ways.If you have an alternate host name that you can send to the script using the -AlternateHostNames parameter, adding this to your command line should fix the issue.You can revert to the script that came with the previous version.You can edit the script and find this line around line 721 in the file:$HostNames += $AlternateHostNamesAnd change it to this:if($AlternateHostNames.Length -gt 0){
$HostNames += $AlternateHostNames
}
-
Thank you Arron, this got me further but then another error happened :(
Starting Script run at 08/04/2023 15:08:38. Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin Starting Script run at 08/04/2023 15:08:38. Get the MDaemon paths. The MDaemon.ini Path is D:\MDaemon\App\MDaemon.ini. The MDaemon APP Path is D:\MDaemon\App\. The MDaemon Pem path is D:\MDaemon\PEM\. The MDaemon Log path is D:\MDaemon\Logs\. The MDaemon RAW path is D:\MDaemon\Queues\Raw\. The WorldClient Path is D:\MDaemon\WorldClient. The WorldClient HTML Path is D:\MDaemon\WorldClient\HTML. The well-known path is D:\MDaemon\WorldClient\HTML\.well-known. The Acme-Challenge path is D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge. The State Path is D:\MDaemon\PEM\_LEState. The FQDN is set to mail2.kee.go.ug. The email address is set to postmaster@mail2.kee.go.ug. Setting the system to use the LetsEncrypt Live Service. The certificate thumbrpint in the MDaemon.ini file is 2BB0 6F83 5B37 ECA3 46B3 3DCF 1975 6670 BD54 83C5. Looking for the local certificate. The certificate is not from LetsEncrypt, requesting a new certificate. Importing the ACMESharp module. Getting an updated state. The account is setup and the status is valid. Getting another updated state, just in case. Getting an updated state. Getting service directory. ResourceUrl : https://acme-v02.api.letsencrypt.org/directory NewAccount : https://acme-v02.api.letsencrypt.org/acme/new-acct NewAuthz : NewNonce : https://acme-v02.api.letsencrypt.org/acme/new-nonce NewOrder : https://acme-v02.api.letsencrypt.org/acme/new-order KeyChange : https://acme-v02.api.letsencrypt.org/acme/key-change RevokeCert : https://acme-v02.api.letsencrypt.org/acme/revoke-cert Meta : AcmeDirectoryMeta Getting a new Nonce 371CoOWREPiWgvFf4I4x30vVPrS1BHmd8UrBANI2Gs2vG6U Getting identifier for mail2.kee.go.ug. Getting identifier for mail2.kee.go.ug. Creating new certificate. Getting another updated state, just in case it has changed. Creating a new order for mail2.kee.go.ug using dns:mail2.kee.go.ug Getting an updated state. Getting service directory. ResourceUrl : https://acme-v02.api.letsencrypt.org/directory NewAccount : https://acme-v02.api.letsencrypt.org/acme/new-acct NewAuthz : NewNonce : https://acme-v02.api.letsencrypt.org/acme/new-nonce NewOrder : https://acme-v02.api.letsencrypt.org/acme/new-order KeyChange : https://acme-v02.api.letsencrypt.org/acme/key-change RevokeCert : https://acme-v02.api.letsencrypt.org/acme/revoke-cert Meta : AcmeDirectoryMeta Getting an authorization for the dns:mail2.kee.go.ug. Getting service directory. ResourceUrl : https://acme-v02.api.letsencrypt.org/directory NewAccount : https://acme-v02.api.letsencrypt.org/acme/new-acct NewAuthz : NewNonce : https://acme-v02.api.letsencrypt.org/acme/new-nonce NewOrder : https://acme-v02.api.letsencrypt.org/acme/new-order KeyChange : https://acme-v02.api.letsencrypt.org/acme/key-change RevokeCert : https://acme-v02.api.letsencrypt.org/acme/revoke-cert Meta : AcmeDirectoryMeta Getting an updated state. The .well-known path for is D:\MDaemon\WorldClient\HTML\.well-known The Acme Challenge path for D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge Selecting the http-01 challenge and getting challenge data for dns:mail2.kee.go.ug. Creating challenge file. The challenge status URL is https://acme-v02.api.letsencrypt.org/acme/chall-v3/251865621486/X-01yA. The challenge identifier is dns:mail2.kee.go.ug. The URL to verify the challenge is mail2.kee.go.ug/.well-known/acme-challenge/e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno. The Challenge file name for dns:mail2.kee.go.ug is e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno The Challenge Content for dns:mail2.kee.go.ug is e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno.XpejgSesqQANuVPyLceTwN158x8H-HFy1IDiaBn1BaY Creating D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge\e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno for dns:mail2.kee.go.ug. LastWriteTime : 04/08/2023 15:08:46 Length : 87 Name : e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno Submitting the ACME challenge for dns:mail2.kee.go.ug for verification. ResourceUrl : https://acme-v02.api.letsencrypt.org/acme/order/1094979007/199368893166 Status : pending Expires : 2023-08-11T12:08:48Z NotBefore : NotAfter : Identifiers : {dns:mail2.kee.go.ug} AuthorizationUrls : {https://acme-v02.api.letsencrypt.org/acme/authz-v3/251865621486} FinalizeUrl : https://acme-v02.api.letsencrypt.org/acme/finalize/1094979007/199368893166 CertificateUrl : CSROptions : AcmeCsrOptions Waiting for the order status to update... 0 ResourceUrl : https://acme-v02.api.letsencrypt.org/acme/order/1094979007/199368893166 Status : invalid Expires : 2023-08-11T12:08:48Z NotBefore : NotAfter : Identifiers : {dns:mail2.kee.go.ug} AuthorizationUrls : {https://acme-v02.api.letsencrypt.org/acme/authz-v3/251865621486} FinalizeUrl : https://acme-v02.api.letsencrypt.org/acme/finalize/1094979007/199368893166 CertificateUrl : CSROptions : AcmeCsrOptions Waiting for the order status to update... 1 Error: The challenge did not complete. Host Name: mail2.kee.go.ug Error Code: 400 Error Type: urn:ietf:params:acme:error:connection Error Detail: 212.88.113.90: Fetching http://mail2.kee.go.ug/.well-known/acme-challenge/e8dv0Q7qIWQyFlWUzdSRwcKo5eD9fpx1T1MQ8NUqqno: T imeout during connect (likely firewall problem) This is a critical error, the script will now stop. Information obtained from the following URLs: https://acme-v02.api.letsencrypt.org/acme/authz-v3/251865621486 Unable to send an error email. No To address was specified.
Would you be able to advise whats ports need to be opened? I thought all we needed was 80 and 443 for lets encypt?
Waiting for the order status to update... 1 Error: The challenge did not complete. Host Name: mail2.kee.go.ug Error Code: 400 Error Type: urn:ietf:params:acme:error:connection Error Detail: 212.88.113.90: Fetching http://mail2.kee.go.ug/.well-known/acme-challenge/0bSNY9xMqsv3ENIsE_4dIUYpv-PePIPvQeOGlq-RknM: T imeout during connect (likely firewall problem) This is a critical error, the script will now stop. Information obtained from the following URLs: https://acme-v02.api.letsencrypt.org/acme/authz-v3/251863183736 Unable to send an error email. No To address was specified.
-
Arron Staff
I'm unable to connect to http://mail2.kee.go.ug, I get a connection time out. The log you posted shows that LetsEncrypt is also getting a timeout, error 400, while trying to connect to your server.
Is webmail running?
Can you connect to it locally?
Is it listening on port 80 and 443? Yes these should be the only ports you need open for LetsEncrypt.
Is your firewall allowing the connections through and passing them to the mail server?
-
from google chrome I can access the site, on https (https://mail2.kee.go.ug/) but not http as all http trafic is routed to https via mdaemons own mail server.
-
Arron Staff
HTTP is working for me now. LetsEncrypt should follow the redirect.
Based on the dates for the certificate, it looks like you were able to get it working. Can you confirm? What did you change to get it to work?
-
Hi Arron, I found out the last issue, for some reason the http port was back on 3000? I assume that this was an update? possible to advise if theres an automated way of ensuing the port remain consistat accross updates?
Other than that thank you, for your help in this matter,
-
OK, I found another anomaly related to the Let's Encrypt procedure. It seems that the self-signed certificate recognizes both mail2.kee.go.ug and mail1.kee.go.ug, but when using Let's Encrypt, it only recognizes the primary mail2.kee.go.ug.
-
@Arron yes thankyou, lets encrypt works mostly, it is usable right now, as long as we don't need to use the backup link.
'I found another anomaly related to the Let's Encrypt procedure. It seems that the self-signed certificate recognizes both mail2.kee.go.ug and mail1.kee.go.ug, but when using Let's Encrypt, it only recognizes the primary mail2.kee.go.ug."
-
Arron Staff
An update should not alter the port. The script is already checking the port to make sure its listening on port 80. It checks the following value in the WorldClient.ini file.
[WebServer]
Port=3000However, there are some exceptions that would allow the script to continue running even if it were not configured to listen on port 80.
If ActiveSync is enabled the script continues because the ActiveSync server forces the HTTP server to listen on port 80 in addition to the ports that are configured.
If you have webmail configured to run under IIS, the script will also continue if the port is set to 3000 as the port is not used in this case.
Have either of those settings been changed recently?
-
Arron Staff
When using LetsEncrypt, it will retrieve the default host name from MDaemon. If there are additional host names you want it to use, you need to add them to the list of alternate host names. In MDaemon go to Security / Security Settings / SSL & TLS / LetsEncrypt. In the field for alternate host names add mail1.kee.go.ug. Click Apply and then click Run Now.
The script will run and as long as the challenges complete correctly and everything else works as it is supposed to, you will get a certificate that supports both host names.
-
@Arron I have looked, it all seems correct, mail1.kee.go.ug is present in the letsencrypt settings and it did work previously, I am not aware of any changes that I have made, we do backup the system daily so I can go through the backups to check.
-
Arron Staff
Where did you get the script output that you posted to this thread? Did you run the script manually or was that from a script run where MDaemon executed the script? I'm asking because the output does not include mail1.kee.go.ug. This would happen if you ran the script manually and did not include the -alternatehostnames parameter in the command line.
-
If i may, I also made a chnage to the letsencrypt.ps1, line 717
$LetsEncryptLog = Join-Path $MDLogPath "LetsEncrypt" + "_" + $MyYear + "_" + $MyMonth + "_" + $MyTicks + ".log"
Just to aid trouble shooting, would this course any issues, that you can think of?
-
Arron Staff
Altering the log file name shouldn't cause any issues. It will just create a unique log file for each script run.
The default settings create a single file on disk and then append to the log file each time the script is ran.
-
@Arron Thank you, I think we can close this for now, the logs files don't contain any history beyond a couple of attempts, maybe it got wipped with the update, as its the same on our other servers.
-
Arron Staff
If you have log archiving enabled, the LetsEncrypt log will be moved into the archive file and a new log will be started on the next script run.
-
Hi Seems a not so simlair issue has come up! but.. :(
To my knowlage we have not changed anything, possible to advise.Starting Script run at 08/21/2023 12:06:02. Get the MDaemon paths. The MDaemon.ini Path is D:\MDaemon\App\MDaemon.ini. The MDaemon APP Path is D:\MDaemon\App\. The MDaemon Pem path is D:\MDaemon\PEM\. The MDaemon Log path is E:\MDaemon\Logs\. The MDaemon RAW path is D:\MDaemon\Queues\Raw\. The WorldClient Path is D:\MDaemon\WorldClient. The WorldClient HTML Path is D:\MDaemon\WorldClient\HTML. The well-known path is D:\MDaemon\WorldClient\HTML\.well-known. The Acme-Challenge path is D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge. The State Path is D:\MDaemon\PEM\_LEState. The FQDN is set to mail1.cfts.co. The email address is set to postmaster@mail1.cfts.co. Setting the system to use the LetsEncrypt Live Service. The certificate thumbrpint in the MDaemon.ini file is B1FA C775 2BC2 CDD9 9990 A278 E52D AC34 1637 381D. Looking for the local certificate. I found a certifcate from LetsEncrypt. The certificate is still valid for 30 days. Host names: mail1.cfts.co mail2.cfts.co autodiscover.cfts.co webmail.cfts.co Certificate host names: mail1.cfts.co mail2.cfts.co webmail.cfts.co The list of alternate host names has changed. The alias for the certificate needs to be changed. The list of host names has changed. A new certificate will be requested. Importing the ACMESharp module. Getting an updated state. The account is setup and the status is valid. Getting an updated state. Getting service directory. Getting a new Nonce Getting identifier for mail1.cfts.co. Getting identifier for mail1.cfts.co. Getting identifier for mail2.cfts.co. Getting identifier for mail2.cfts.co. Getting identifier for autodiscover.cfts.co. Getting identifier for autodiscover.cfts.co. Getting identifier for webmail.cfts.co. Getting identifier for webmail.cfts.co. Creating new certificate. Creating a new order for mail1.cfts.co using dns:mail1.cfts.co dns:mail2.cfts.co dns:autodiscover.cfts.co dns:webmail.cfts.co Getting an updated state. Getting service directory. Getting an authorization for the dns:autodiscover.cfts.co dns:mail1.cfts.co dns:mail2.cfts.co dns:webmail.cfts.co. Getting service directory. Getting an updated state. The .well-known path for is D:\MDaemon\WorldClient\HTML\.well-known The Acme Challenge path for D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge Selecting the http-01 challenge and getting challenge data for dns:webmail.cfts.co. The challenge status URL is https://acme-v02.api.letsencrypt.org/acme/chall-v3/252742915216/gvYXsA. The challenge identifier is dns:webmail.cfts.co. The URL to verify the challenge is webmail.cfts.co/.well-known/acme-challenge/nh8H-gTkoXzsqiXCnwsOq0soqlqfiC_q6qtZTfjhsF0. The Challenge file name for dns:webmail.cfts.co is nh8H-gTkoXzsqiXCnwsOq0soqlqfiC_q6qtZTfjhsF0 The Challenge Content for dns:webmail.cfts.co is nh8H-gTkoXzsqiXCnwsOq0soqlqfiC_q6qtZTfjhsF0.MZqOYYhvBrJGDP8_fk9RDUabkWVEhezjB1WAtbrmPOM The Challenge file name for dns:webmail.cfts.co already exists, removing file. Creating D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge\nh8H-gTkoXzsqiXCnwsOq0soqlqfiC_q6qtZTfjhsF0 for dns:webmail.cfts.co. Submitting the ACME challenge for dns:webmail.cfts.co for verification. Selecting the http-01 challenge and getting challenge data for dns:autodiscover.cfts.co. The challenge status URL is https://acme-v02.api.letsencrypt.org/acme/chall-v3/256952754886/rhTZ1w. The challenge identifier is dns:autodiscover.cfts.co. The URL to verify the challenge is autodiscover.cfts.co/.well-known/acme-challenge/8pavKLmwm-i6fVE_fM4ey35Yfm966KXnlesTP0F7Sjc. The Challenge file name for dns:autodiscover.cfts.co is 8pavKLmwm-i6fVE_fM4ey35Yfm966KXnlesTP0F7Sjc The Challenge Content for dns:autodiscover.cfts.co is 8pavKLmwm-i6fVE_fM4ey35Yfm966KXnlesTP0F7Sjc.MZqOYYhvBrJGDP8_fk9RDUabkWVEhezjB1WAtbrmPOM Creating D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge\8pavKLmwm-i6fVE_fM4ey35Yfm966KXnlesTP0F7Sjc for dns:autodiscover.cfts.co. Submitting the ACME challenge for dns:autodiscover.cfts.co for verification. Selecting the http-01 challenge and getting challenge data for dns:mail1.cfts.co. The challenge status URL is https://acme-v02.api.letsencrypt.org/acme/chall-v3/256952754896/Pc46NA. The challenge identifier is dns:mail1.cfts.co. The URL to verify the challenge is mail1.cfts.co/.well-known/acme-challenge/eScLNKI3nqlZGIkoSlcody0v1RQmaqdDOja2ln0sPhI. The Challenge file name for dns:mail1.cfts.co is eScLNKI3nqlZGIkoSlcody0v1RQmaqdDOja2ln0sPhI The Challenge Content for dns:mail1.cfts.co is eScLNKI3nqlZGIkoSlcody0v1RQmaqdDOja2ln0sPhI.MZqOYYhvBrJGDP8_fk9RDUabkWVEhezjB1WAtbrmPOM Creating D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge\eScLNKI3nqlZGIkoSlcody0v1RQmaqdDOja2ln0sPhI for dns:mail1.cfts.co. Submitting the ACME challenge for dns:mail1.cfts.co for verification. Selecting the http-01 challenge and getting challenge data for dns:mail2.cfts.co. The challenge status URL is https://acme-v02.api.letsencrypt.org/acme/chall-v3/256952754906/M7R15Q. The challenge identifier is dns:mail2.cfts.co. The URL to verify the challenge is mail2.cfts.co/.well-known/acme-challenge/Cp3axPhxl3vwSbvbKd03NPu-u83lrGJO5jZyXHfUb1E. The Challenge file name for dns:mail2.cfts.co is Cp3axPhxl3vwSbvbKd03NPu-u83lrGJO5jZyXHfUb1E The Challenge Content for dns:mail2.cfts.co is Cp3axPhxl3vwSbvbKd03NPu-u83lrGJO5jZyXHfUb1E.MZqOYYhvBrJGDP8_fk9RDUabkWVEhezjB1WAtbrmPOM Creating D:\MDaemon\WorldClient\HTML\.well-known\Acme-challenge\Cp3axPhxl3vwSbvbKd03NPu-u83lrGJO5jZyXHfUb1E for dns:mail2.cfts.co. Submitting the ACME challenge for dns:mail2.cfts.co for verification. Waiting for the order status to update... 0 Error: The challenge did not complete. Host Name: autodiscover.cfts.co Error Code: 400 Error Type: urn:ietf:params:acme:error:connection Error Detail: 41.190.136.10: Fetching http://autodiscover.cfts.co/.well-known/acme-challenge/8pavKLmwm-i6fVE_fM4ey35Yfm966KXnlesTP0F7Sjc: Timeout during connect (likely firewall problem) Host Name: mail1.cfts.co Error Code: 400 Error Type: urn:ietf:params:acme:error:connection Error Detail: 41.190.136.10: Fetching http://mail1.cfts.co/.well-known/acme-challenge/eScLNKI3nqlZGIkoSlcody0v1RQmaqdDOja2ln0sPhI: Timeout during connect (likely firewall problem) Host Name: mail2.cfts.co Error Code: 400 Error Type: urn:ietf:params:acme:error:connection Error Detail: 41.190.136.10: Fetching http://mail2.cfts.co/.well-known/acme-challenge/Cp3axPhxl3vwSbvbKd03NPu-u83lrGJO5jZyXHfUb1E: Timeout during connect (likely firewall problem) This is a critical error, the script will now stop. Information obtained from the following URLs: https://acme-v02.api.letsencrypt.org/acme/authz-v3/252742915216 https://acme-v02.api.letsencrypt.org/acme/authz-v3/256952754886 https://acme-v02.api.letsencrypt.org/acme/authz-v3/256952754896 https://acme-v02.api.letsencrypt.org/acme/authz-v3/256952754906
-
Arron Staff
The log shows that the HTTP challenges are failing with error 400, Timeout during connect. I received the same error when I attempted to connect to http://autodiscover.cfts.co. I was able to connect to mail1.cfts.co and mail2.cfts.co.
Upon further investigation, it seems you have HTTP redirecting to HTTPS, but the LetsEncrypt certificate that is currently in place only supports mail1.cfts.co, mail2.cfts.co, and webmail.cfts.co. Have you recently added autodiscover.cfts.co to the list of support host names?
I can see when I try to connect directly to https://autodiscover.cfts.co, I get a certificate error. When I try to connect to http://autodiscover.cfts.co, I get a time out.
Try turning off the redirect to https, have MDaemon run the LetsEncrypt process and request a certificate that is valid for autodiscover, mail1, and mail2. Once the script has been retrieved and MDaemon has been configured to use it, turn the redirect to HTTPS back on.
Was the LetsEncrypt process able to complete? Did it retrieve the desired certificate? Did you get any errors?
-
Hi Arron,
- LetsEncrypt certificate that is currently in place only supports mail1.cfts.co, mail2.cfts.co, and webmail.cfts.co. Have you recently added autodiscover.cfts.co to the list of support host names? Yes to all
- Try turning off the redirect to https, done, also remove all firewalls for the test just in case, no change.
- LetsEncrypt process was not able to complet the very same error persists same error.
As a side note I installed caddy a reverse proxy using lets encrypt as a test, all cetificates were got!
I will do further test tomorrow.
- 1 / 2
- 2