My PBX letsencrypt has stopped working and I cannot log into dashboard via UI because of the expired cert.
It has been working fine for years.
I have added a text file name “ping” that contains “pong” under the .well-known and .freepbx-known folders such that the following two curl commands return “pong”.
curl http://REDACTED/.well-known/acme-challenge/ping
curl http://REDACTED/.freepbx-known/ping
I have disabled the firewall to ensure the request isn’t being blocked.
I have tested this using the local network and over the internet.
Here is cli showing a 503 error but it is not clear who the 503 comes from. Can anyone point me in the direction to go?
$ sudo fwconsole certificates --updateall
[sudo] password for myusername:
Processing: redacted.example.com, Local IP: 127.0.0.1, Public IP: 1.2.3.4
Self test: trying http://redacted.example.com/.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456
Self test: received d6cb0a9dbd3606bb8cf6c3460070d456
Requested 'http://redacted.example.com//.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456' -
Service Unavailable
Service Unavailable
HTTP Error 503. The service is unavailable.
Getting list of URLs for API
Requesting new nonce for client communication
Account already registered. Continuing.
Sending registration to letsencrypt server
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
Account: https://acme-v02.api.letsencrypt.org/acme/acct/REDACTED
Starting certificate generation process for domains
Requesting challenge for redacted.example.com
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED
Got challenge token for redacted.example.com
Token for redacted.example.com saved at /var/www/html/.well-known/acme-challenge/y0M60O6siZmyPB4ISQVf2vQhL2BCYlStHi4vhlRIwTk and should be available at http://redacted.example.com/.well-known/acme-challenge/y0M60O6siZmyPB4ISQVf2vQhL2BCYlStHi4vhlRIwTk
Sending request to challenge
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/REDACTED/J2sZww
Verification pending, sleeping 1s
Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/REDACTED/J2sZww
** Requested 'http://redacted.example.com//.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456' -
Service Unavailable
Service Unavailable
HTTP Error 503. The service is unavailable.
** The PBXact Firewall is not enabled.
** The LetsEncrypt servers only send challenge queries to port 80. Certificate requests will fail if public access via port 80 is not available.
There was an error updating certificate "redacted.example.com": Unable to update challenge :: authorization must be pending