Skip to content

ACME: renewal fails #823

Answered by tashian
dwaldmannDE asked this question in Q&A
Feb 10, 2022 · 2 comments · 7 replies
Discussion options

You must be logged in to vote

It's strange that you can curl from both machines to each other, and that the initial enrollment works.
My hunch is that it's not a DNS issue.

Do you get any errors or anything on the Caddy side?
I'm pretty sure the TLS-APLN-01 challenge type requires the ACME server to connect to the target on port 443. So, if your Caddy server for any reason is unable to listen on that port (eg lacking permissions, or a firewall, or another service using 443), it will not be able to renew the certificate.

You could also try configuring Caddy with a different challenge type and see if that works better.

Replies: 2 comments 7 replies

Comment options

You must be logged in to vote
7 replies
@tashian
Comment options

tashian Feb 12, 2022
Collaborator

@hslatman
Comment options

@hslatman
Comment options

@dwaldmannDE
Comment options

@tashian
Comment options

tashian Feb 14, 2022
Collaborator

Answer selected by tashian
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
4 participants