My PBX letsencrypt has stopped working and I cannot log into dashboard via UI because of the expired cert.
It has been working fine for years.
I have added a text file name “ping” that contains “pong” under the .well-known and .freepbx-known folders such that the following two curl commands return “pong”.
curl http://REDACTED/.well-known/acme-challenge/ping curl http://REDACTED/.freepbx-known/ping
I have disabled the firewall to ensure the request isn’t being blocked.
I have tested this using the local network and over the internet.
Here is cli showing a 503 error but it is not clear who the 503 comes from. Can anyone point me in the direction to go?
$ sudo fwconsole certificates --updateall [sudo] password for myusername: Processing: redacted.example.com, Local IP: 127.0.0.1, Public IP: 126.96.36.199 Self test: trying http://redacted.example.com/.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456 Self test: received d6cb0a9dbd3606bb8cf6c3460070d456 Requested 'http://redacted.example.com//.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456' - Service Unavailable Service Unavailable HTTP Error 503. The service is unavailable. Getting list of URLs for API Requesting new nonce for client communication Account already registered. Continuing. Sending registration to letsencrypt server Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct Account: https://acme-v02.api.letsencrypt.org/acme/acct/REDACTED Starting certificate generation process for domains Requesting challenge for redacted.example.com Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/REDACTED Got challenge token for redacted.example.com Token for redacted.example.com saved at /var/www/html/.well-known/acme-challenge/y0M60O6siZmyPB4ISQVf2vQhL2BCYlStHi4vhlRIwTk and should be available at http://redacted.example.com/.well-known/acme-challenge/y0M60O6siZmyPB4ISQVf2vQhL2BCYlStHi4vhlRIwTk Sending request to challenge Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/REDACTED/J2sZww Verification pending, sleeping 1s Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/REDACTED/J2sZww ** Requested 'http://redacted.example.com//.freepbx-known/d6cb0a9dbd3606bb8cf6c3460070d456' - Service Unavailable Service Unavailable HTTP Error 503. The service is unavailable. ** The PBXact Firewall is not enabled. ** The LetsEncrypt servers only send challenge queries to port 80. Certificate requests will fail if public access via port 80 is not available. There was an error updating certificate "redacted.example.com": Unable to update challenge :: authorization must be pending