Let's Encrypt "Token did not Match"

I’m at a loss. I feel like I’ve tried everything I’ve seen in the forums to solve this problem. One of my let’s encrypt certificates is expiring in 6 days. So I tried to update it manually by going into certificate manager and hitting the “Update Certificate” button. But I get this error:

There was an error updating the certificate: Error ‘Token did not match’ when requesting http://properfqdn//.freepbx-known/3a59620b1679e170016d4c6b7ffa7d68

I’ve tried messing with the port settings in system admin. I changed the web administration to 8080, and enabled Let’s Encrypt on 80. I then went into services and allowed this on the internet zone. I’ve got the let’s encrypt fqdns in the trusted zones. I’ve tried disabling the firewall altogether, still no cigar. I’ve updated everything. I’m on, if that makes a difference. I’ve tried creating a new let’s encrypt cert, but I get the same error. I’ve made sure my hostname is the same as my fqdn, which isn’t supposed to help, but I tried it anyway. I’ve tried changing DNS settings. I’ve tried accessing the url listed in the error, and am able to access it from a totally different network (my mobile network on my cell phone after disabling wifi).

I haven’t yet deleted that cert and tried again, as I don’t want to bury myself further. And I haven’t tried to manually update the cert from the cli, as again, I’m worried about burying myself.

This is on a hosted box, and there is no other firewall in front of the pbx other than the built-in Freepbx firewall.

What should I try next?


Another interesting thing I noticed is that in the certificate policies, I have a “user notice” and subsequent message that doesn’t show up in my other PBXs that update fine.

  CPS: http://cps.letsencrypt.org
  User Notice:
    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.