Comments (5)
Thanks alot - this helped very much. The first issue was that I forgot to remove the challenge endpoint from authentication. Another issue was the Thymeleaf template resolver. Had to return null in handleRequestInternal. No it works great - thank you for all your effort - great project!!
from letsencrypt-helper.
@bhoeferlin Quite hard to tell, it can be i.e. you haven't accepted LetsEncrypt Terms of service
in case it is new keystore, there should be a message in logs indicating that, is there any log messages from the library available - they may indicate the reason
I'll improve logging to provide more information later on weekends
from letsencrypt-helper.
I've created test VM+domain with https://github.com/valb3r/letsencrypt-helper/tree/master/example application and it works perfectly, so it is not some obvious bug.
Meanwhile, can it be a configuration application configuration issue?
Order's status ("invalid")
is always reproducible when lets-encrypt-helper.domain
has the wrong value (i.e. not your own domain)
Example logs when domain is incorrect:
2021-12-07 07:28:56.915 INFO 2073 --- [ main] example.SpringBootApp : Starting SpringBootApp on letsencrypt-test with PID 2073 (/home/root/letsencrypt-helper-example-0.1.3-SNAPSHOT.jar started by root in /home/root)
2021-12-07 07:28:56.928 INFO 2073 --- [ main] example.SpringBootApp : No active profile set, falling back to default profiles: default
2021-12-07 07:29:03.621 INFO 2073 --- [ main] lKnownLetsEncryptChallengeEndpointConfig : Created basic (dummy cert, real account/domain keys) KeyStore: /home/root/letsencrypt-keystore
2021-12-07 07:29:04.101 INFO 2073 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 443 (https) 80 (http)
2021-12-07 07:29:04.238 INFO 2073 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2021-12-07 07:29:04.244 INFO 2073 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.38]
2021-12-07 07:29:04.806 INFO 2073 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2021-12-07 07:29:04.831 INFO 2073 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 7714 ms
2021-12-07 07:29:06.071 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:29:07.132 INFO 2073 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2021-12-07 07:29:08.603 INFO 2073 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 443 (https) 80 (http) with context path ''
2021-12-07 07:29:08.631 INFO 2073 --- [ main] example.SpringBootApp : Started SpringBootApp in 13.301 seconds (JVM running for 14.964)
2021-12-07 07:29:09.265 INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:29:13.007 INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:29:13.497 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null
org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
2021-12-07 07:29:13.499 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore
java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
... 3 common frames omitted
2021-12-07 07:30:14.085 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:30:16.139 INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:30:19.737 INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:30:20.166 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null
org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
2021-12-07 07:30:20.168 WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore
java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
... 3 common frames omitted
from letsencrypt-helper.
@bhoeferlin I've released 0.2.1
with better logging - it provides LetsEncrypt URLs with order/authorization status in logs, that would describe an error better
from letsencrypt-helper.
@bhoeferlin Incorporated your feedback for Thymeleaf in 0.2.2
from letsencrypt-helper.
Related Issues (16)
- Explicitly store LE account ID
- Does it support spring cloud gateway? HOT 1
- Instructions/code on how to redirect http to https would be helpful HOT 1
- subscriber agreement error - "WARN lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" HOT 1
- Protocol org.apache.coyote.http11.Http11NioProtocol:443 has different KeyStore file HOT 3
- Anybody could help me?
- Upgrade to Spring Boot 3 HOT 4
- Is that working when only allow with https? HOT 2
- Is that support for spring boot 3? HOT 2
- Improve logging
- Latest version 3.0.0 not working with Spring boot 3.1.0, Getting exception HOT 5
- Please add example with using "application.properties". And issue about customization "server.ssl.key-store**" HOT 6
- Doc request for Docker HOT 1
- Support for Jetty
- Certificate chain stored? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from letsencrypt-helper.