Giter Club home page Giter Club logo

Comments (5)

bhoeferlin avatar bhoeferlin commented on June 19, 2024 1

Thanks alot - this helped very much. The first issue was that I forgot to remove the challenge endpoint from authentication. Another issue was the Thymeleaf template resolver. Had to return null in handleRequestInternal. No it works great - thank you for all your effort - great project!!

from letsencrypt-helper.

valb3r avatar valb3r commented on June 19, 2024

@bhoeferlin Quite hard to tell, it can be i.e. you haven't accepted LetsEncrypt Terms of service in case it is new keystore, there should be a message in logs indicating that, is there any log messages from the library available - they may indicate the reason

I'll improve logging to provide more information later on weekends

from letsencrypt-helper.

valb3r avatar valb3r commented on June 19, 2024

I've created test VM+domain with https://github.com/valb3r/letsencrypt-helper/tree/master/example application and it works perfectly, so it is not some obvious bug.
Meanwhile, can it be a configuration application configuration issue?
Order's status ("invalid") is always reproducible when lets-encrypt-helper.domain has the wrong value (i.e. not your own domain)

Example logs when domain is incorrect:

2021-12-07 07:28:56.915  INFO 2073 --- [           main] example.SpringBootApp                    : Starting SpringBootApp on letsencrypt-test with PID 2073 (/home/root/letsencrypt-helper-example-0.1.3-SNAPSHOT.jar started by root in /home/root)
2021-12-07 07:28:56.928  INFO 2073 --- [           main] example.SpringBootApp                    : No active profile set, falling back to default profiles: default
2021-12-07 07:29:03.621  INFO 2073 --- [           main] lKnownLetsEncryptChallengeEndpointConfig : Created basic (dummy cert, real account/domain keys) KeyStore: /home/root/letsencrypt-keystore
2021-12-07 07:29:04.101  INFO 2073 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 443 (https) 80 (http)
2021-12-07 07:29:04.238  INFO 2073 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2021-12-07 07:29:04.244  INFO 2073 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.38]
2021-12-07 07:29:04.806  INFO 2073 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2021-12-07 07:29:04.831  INFO 2073 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 7714 ms
2021-12-07 07:29:06.071  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:29:07.132  INFO 2073 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2021-12-07 07:29:08.603  INFO 2073 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 443 (https) 80 (http) with context path ''
2021-12-07 07:29:08.631  INFO 2073 --- [           main] example.SpringBootApp                    : Started SpringBootApp in 13.301 seconds (JVM running for 14.964)
2021-12-07 07:29:09.265  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:29:13.007  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:29:13.497  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null

org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

2021-12-07 07:29:13.499  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore

java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	... 3 common frames omitted

2021-12-07 07:30:14.085  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:30:16.139  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:30:19.737  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:30:20.166  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null

org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

2021-12-07 07:30:20.168  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore

java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	... 3 common frames omitted

from letsencrypt-helper.

valb3r avatar valb3r commented on June 19, 2024

@bhoeferlin I've released 0.2.1 with better logging - it provides LetsEncrypt URLs with order/authorization status in logs, that would describe an error better

from letsencrypt-helper.

valb3r avatar valb3r commented on June 19, 2024

@bhoeferlin Incorporated your feedback for Thymeleaf in 0.2.2

from letsencrypt-helper.

Related Issues (16)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.