Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-v01.api.letsencrypt.org/acme/authz-v3/479791894

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Support  / Archive  /

An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-v01.api.letsencrypt.org/acme/authz-v3/479791894

[manfred.ell@mani.pt]
manfred.ell@man…
manfred.ell@mani.pt - 02:15am, Sep 24 2019
Guest User

Hi

I’ve set up LetsEncrypt a couple of months ago sand it has been working fine.
Upon scheduled cert renewal I get the following error vis email:

An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-v01.api.letsencrypt.org/acme/authz-v3/479791894


I’m at a loss here as I’m not knowledgeable enough on certs.


Help appreciated

--
Manfred Ell, Dr. rer. nat., Dipl. Chem., MBA
MANI Indústrias Plásticas, S.A.
Av. 1. de Maio 106 - Alto dos Bonecos | 2840-547 Aldeia de Paio Pires | Portugal | www.mani.pt
manfred.ell@mani.pt | phone: +351 212219420 | fax: +351 212219434

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

  (older msg: 6)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron.Caruth@mdaemon.com - Sep 24, 2019 8:08 am (#7 Total: 8)  

Guest User  

Photo of Author
Posts: 1

Yes the old certificates can be deleted.   I believe the script in 19.0 deletes the old challenge files and old pfx files automatically.  The next version will remove old certificates from the certificate store if you enable the option.

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Manfred Ell (manfred.ell@mani.pt)
Sent: Tuesday, September 24, 2019 7:59 AM
To: md-support@mdaemon.com
Subject: [md-support] An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-

 

Ah OK. Thx!!

 

The old certificates can they be deleted after a while, i.e. when they are old?

 

--

Manfred Ell, Dr. rer. nat., Dipl. Chem., MBA

MANI Indústrias Plásticas, S.A.

Av. 1. de Maio 106 - Alto dos Bonecos | 2840-547 Aldeia de Paio Pires | Portugal | www.mani.pt

On 24. Sep 2019, 13:54 +0100, Arron.Caruth@mdaemon.com (Arron Caruth) <Arron.Caruth@mdaemon.com>, wrote:

LetsEncrypt requires that port 80 be available in order to complete the HTTP challenge.  You can redirect HTTP port 80 to HTTPS if you’d like.

 

Yes, the process creates a new certificate each time it renews.

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Manfred Ell (manfred.ell@mani.pt)
Sent: Tuesday, September 24, 2019 7:49 AM
To: md-support@mdaemon.com
Subject: [md-support] An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-

 

Arron

 

I just remembered the following: a couple of weeks ago we had changed a setting on the  webmail, we changed to HTTPS only because we internally stopped using HTTP for safety reasons.

I changed back to HTTP and HTTPS and the script did run and finish.

 

 

<image001.jpg>

 

BUT now we have an additional cert (23/10/2019)…

 

Here is the log:

 

 

Starting Script run at 09/24/2019 13:40:33.
Get the MDaemon paths.
The MDaemon.ini Path is C:\Mdaemon\App\MDaemon.ini.
The MDaemon APP Path is C:\Mdaemon\app\.
The MDaemon Pem path is C:\Mdaemon\Pem.
The MDaemon Log path is F:\MDAEMON\Logs\.
The MDaemon RAW path is f:\MDaemon\Queues\Raw\.
The WorldClient Path is C:\Mdaemon\WorldClient.
The WorldClient HTML Path is C:\Mdaemon\WorldClient\HTML.
The well-known path is C:\Mdaemon\WorldClient\HTML\.well-known.
The Acme-Challenge path is C:\Mdaemon\WorldClient\HTML\.well-known\Acme-challenge.
The FQDN is set to mail.mani.pt.
The email address is set to postmaster@mail.mani.pt.
Importing the ACMESharp module.
The ACME Vault is already setup.
The ACME registration is already setup.
Setting up mail.mani.pt.
Reading configurations from C:\Mdaemon\LetsEncrypt\LetsEncrypt.XML.
Reading configurations from C:\Mdaemon\LetsEncrypt\LetsEncrypt.XML.
The Alias stored in XML is for mail.mani.pt is mail.mani.pt_Cert_2019_09_637049093880112578.
XML Month is 09
XML Year is 2019
The global:alias is mail.mani.pt_Cert_2019_09_637049093880112578
AltHostName is False.
Checking to see if a certificate already exists for mail.mani.pt_Cert_2019_09_637049093880112578.
The given key was not present in the dictionary.
The certificate doesn't exist.
The alias is set to mail.mani.pt_Cert_2019_09_637049093880112578.
The current challenge is Invalid. Creating new alias.
Setting mail.mani.pt_Cert_2019_09_637049292333649663 as the Alias for mail.mani.pt.
Setting up new ACME identifier for mail.mani.pt using mail.mani.pt_Cert_2019_09_637049292333649663.
https://acme-v01.api.letsencrypt.org/acme/authz-v3/482910017
Setting up ACME challenge for mail.mani.pt using mail.mani.pt_Cert_2019_09_637049292333649663.
The .well-known path for is C:\Mdaemon\WorldClient\HTML\.well-known
The Acme Challenge path for mail.mani.pt is C:\Mdaemon\WorldClient\HTML\.well-known\Acme-challenge
The Challenge Token for mail.mani.pt and alias mail.mani.pt_Cert_2019_09_637049292333649663 is yJ-KifuRIr7MWxEZaUI3yo1zwWhl2THDf7BQBcyiuo0
The Challenge Content for mail.mani.pt and alias mail.mani.pt_Cert_2019_09_637049292333649663 is yJ-KifuRIr7MWxEZaUI3yo1zwWhl2THDf7BQBcyiuo0.f6l4Y-7k2XWmKO4gtCeMuk-zTOP50vv6hqNcvo64ZsA
Creating C:\Mdaemon\WorldClient\HTML\.well-known\Acme-challenge\yJ-KifuRIr7MWxEZaUI3yo1zwWhl2THDf7BQBcyiuo0 for mail.mani.pt.
Submitting the ACME challenge for mail.mani.pt and alias mail.mani.pt_Cert_2019_09_637049292333649663 for verification.
Status is still 'pending' for mail.mani.pt and mail.mani.pt_Cert_2019_09_637049292333649663, waiting for it to change...
Checking to see if a certificate already exists for mail.mani.pt_Cert_2019_09_637049292333649663.
The given key was not present in the dictionary.
No certificate was found for mail.mani.pt_Cert_2019_09_637049292333649663.
Creating new certificate.
No alternate host names specified.
IssuerSerialNumber is not set yet, waiting for it to be populated...
Downloading Certificate.
All done, there's a pfx file at C:\Mdaemon\Pem\mail.mani.pt_Cert_2019_09_637049292333649663.pfx.
Importing the certificate
Setting the certificate hash value in the MDaemon.ini file to 1AEF EAB9 C14B EDDF 4318 DDD8 62CB 3648 CD46 B7C2.
Setting the certificate hash value in the C:\Mdaemon\WorldClient\WorldClient.ini file to 1AEF EAB9 C14B EDDF 4318 DDD8 62CB 3648 CD46 B7C2.
Setting the certificate hash value in the C:\Mdaemon\WebAdmin\WebAdmin.ini file to 1AEF EAB9 C14B EDDF 4318 DDD8 62CB 3648 CD46 B7C2.
Stopping MDaemon...
The MDaemon service has stopped.
Starting MDaemon...
Cleaning up old files.
Checking for PFX files that begin with and are older than 180 days in the C:\Mdaemon\Pem directory.
Checking for files older than 180 days in the C:\Mdaemon\WorldClient\HTML\.well-known\Acme-challenge directory.

 

 

--

Manfred Ell, Dr. rer. nat., Dipl. Chem., MBA

MANI Indústrias Plásticas, S.A.

Av. 1. de Maio 106 - Alto dos Bonecos | 2840-547 Aldeia de Paio Pires | Portugal | www.mani.pt

On 24. Sep 2019, 13:41 +0100, Arron.Caruth@mdaemon.com (Arron Caruth) <Arron.Caruth@mdaemon.com>, wrote:

Yes, the URI would be handled by the webmail server. 

 

Are you able to connect to http://mail.mani.pt on your local network?

 

Are you able to connect to http://mail.mani.pt from the internet?  I tested this, you cannot connect.  So this means that either you are not accepting HTTP connections, or you have something that is blocking the connections.  There are a LOT of things that could be blocking it….  But wait, it seems like it just got fixed as I can connect now.

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Manfred Ell (manfred.ell@mani.pt)
Sent: Tuesday, September 24, 2019 7:36 AM
To: md-support@mdaemon.com
Subject: [md-support] An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-

 

Hi Arron

 

I’ve visted the URI but I didn’t have a clue what it meant.

 

The Url it tries to connect to: "detail": "Fetching http://mail.mani.pt/.well-known/acme-challenge/ekifo-LpC9IN5PDEZlDmxmUqtiUABDTDrh5r8BL8iJM: Connection refused",

 

is handled by Mdaemon server, right? As we don’t have a web server at that address. The resolved IP is the IP of our Mdaemon server.

 

We haven’t changed anything since the first time we fetched the Cert….  So I don’t know what to do here….

 

 

 

--

Manfred Ell, Dr. rer. nat., Dipl. Chem., MBA

MANI Indústrias Plásticas, S.A.

Av. 1. de Maio 106 - Alto dos Bonecos | 2840-547 Aldeia de Paio Pires | Portugal | www.mani.pt

On 24. Sep 2019, 13:26 +0100, Arron.Caruth@mdaemon.com (Arron Caruth) <Arron.Caruth@mdaemon.com>, wrote:

To start with, I’d suggest visiting the URI in the log for more information.  It is not the most user friendly to look at, but there is lots of helpful data available.

 

Visit the following URI for more information: https://acme-v01.api.letsencrypt.org/acme/authz-v3/479791894

 

Once you visit the URI you can see the status is invalid.  Looking at the detail you can see the URI that LetsEncrypt is attempting to connect to in order to complete the HTTP challenge, http://mail.mani.pt/.well-known/acme-challenge/ekifo-LpC9IN5PDEZlDmxmUqtiUABDTDrh5r8BL8iJM  You can also see that it is getting a 400 connection refused error.  Looking further down in the information you can see that LetsEncrypt resolved mail.mani.pt to 195.22.7.222.

 

"status": "invalid",
  "expires": "2019-10-01T06:57:11Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Fetching http://mail.mani.pt/.well-known/acme-challenge/ekifo-LpC9IN5PDEZlDmxmUqtiUABDTDrh5r8BL8iJM: Connection refused",
        "status": 400
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/chall-v3/479791894/0EOVvQ",
      "token": "ekifo-LpC9IN5PDEZlDmxmUqtiUABDTDrh5r8BL8iJM",
      "validationRecord": [
        {
          "url": "http://mail.mani.pt/.well-known/acme-challenge/ekifo-LpC9IN5PDEZlDmxmUqtiUABDTDrh5r8BL8iJM",
          "hostname": "mail.mani.pt",
          "port": "80",
          "addressesResolved": [
            "195.22.7.222"
          ],
          "addressUsed": "195.22.7.222"
        }
      ]
    },

 

When I attempt to open the URI provided in the details with a browser I also get ERR_CONNECTION_REFUSED.  So for some reason, it looks like your web server is rejecting the connections.

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-support@mdaemon.com [mailto:md-support@mdaemon.com] On Behalf Of Manfred Ell (manfred.ell@mani.pt)
Sent: Tuesday, September 24, 2019 2:15 AM
To: md-support@mdaemon.com
Subject: [md-support] An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-v01.

 

Hi

 

I’ve set up LetsEncrypt a couple of months ago sand it has been working fine.

Upon scheduled cert renewal I get the following error vis email:

 

An error occurred during the LetsEncrypt process. The error message is: The challenge Status is invalid for mail.mani.pt using alias mail.mani.pt_Cert_2019_09_637049086604674407. Visit the following URI for more information: https://acme-v01.api.letsencrypt.org/acme/authz-v3/479791894

 

 

I’m at a loss here as I’m not knowledgeable enough on certs.

 

 

Help appreciated

 

--

Manfred Ell, Dr. rer. nat., Dipl. Chem., MBA

MANI Indústrias Plásticas, S.A.

Av. 1. de Maio 106 - Alto dos Bonecos | 2840-547 Aldeia de Paio Pires | Portugal | www.mani.pt

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe  
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user  
support and discussion.  MDaemon staff members may participate in the  
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical  
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe  
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user  
support and discussion.  MDaemon staff members may participate in the  
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical  
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

 

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

 
 
--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------
 
--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-SUPPORT--------------------------------------------------------------
This list is for questions and discussion about MDAEMON. To unsubscribe 
from this mailing list send an email to md-support-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

--
Arron Caruth
Director of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server



  (newer msg:1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.