Let's Encrypt bug is back? No registration exists matching provided key","status":403


(Volkswagner) #1

Greetings,

I’m not sure if this old bug is back.

I see there are recent posts on the above report, but the report is old and closed.

I’m not sure how to proceed. Do I open a new bug report?

My full error in GUI:

There was an error updating the certificate: HTTP Challenge for pbx.MyDomain.com is not available. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

I’m running FreePBX Distro - Linux version 3.10.0-957.21.3.el7.x86_64
FreePBX 14.0.13.12
Asterisk 13.29.2

I received the above error before and after updating CertMan to 14.0.4 (I’m not sure what version was installed prior to upgrading modules).

I also ran yum update after discovering issue, which made no change.

My system is behind NAT. I first tried DNAT (80 & 443) to my PBX by allowing only the four IPs associated with
outbound1.letsencrypt.org, outbound2.letsencrypt.org, mirror1.freepbx.org, mirror2.freepbx.org
After getting the above error I opened port 80 and 443 to the world, with no change in error.

Since I’m behind NAT/firewall I have Freepbx firewall turned off.

I’ve tried removing /etc/asterisk/keys/_account, but no change.
I tried removing certMan and reinstalling, but no change.

I’m not sure what logs may offer more detailed info.

Additional Info:
Originally I tried using my dynamic hostname = mypbx.hopto.org
I thought perhaps no-ip domains were an issue, so I created a CNAME pbx.Mydomain.com to point to my dynamic hostname (this did not help either).
Verified hostname command yields pbx.Mydomain.com.
I tried manually creating /var/www/html/.well-known/acme-challenge with asterisk:asterisk 755 perms.
Verified Date and time on system are accurate.

This is the only thing I get in apache accessLog before the failure.

199.102.239.170 - - [02/Dec/2019:18:17:57 -0500] "GET /.freepbx-known/f015652955f0ad825d194252c09698d1 HTTP/1.1" 200 32 "-" "-"

There are no related errors in apache error log

Please let me know if you have anything to try (Google has let me down on this one).

Thanks in advance for taking the time.

Eric


#2

(Volkswagner) #3

@Stewart1

Thank you so much for the quick response. I’m not sure why my google foo did
not land me on that source.

I added Edge repo and upgraded CertMan to 14.0.6 and was able to create
create certificates via Letsencrypt.

Cheers!

Eric


(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.