> Am 11.03.2021 um 09:41 schrieb Clausen, Jörn <joern.clausen@xxxxxxxxxxxxxxxx>: > > "detail": "Starting challenges for domains" > "detail": "Setting up challenge 'dns-01' for domain foo" > "detail": "Setting up challenge 'dns-01' for domain bar" > "detail": "Monitoring challenge status for foo" > "detail": "Monitoring challenge status for foo: domain authorization for foo is valid" > "detail": "Monitoring challenge status for foo: domain authorization for bar failed with state 3" > "detail": "domain authorization for bar failed with state 3" This says that the dns-01 setup worked for domain 'foo', but Let's Encrypt could not verify the dns challenge for 'bar'. This tells me: a) your script was run for domain 'foo' and did the right thing, LE saw the DNS entry and was satisfied. b) your script, when called immediately afterwards 'foo' for 'bar', did not achieve the same In mod_md, when executing the MDChallengeDns01 command, two things will be logged at level ERROR: when the script was unable to be executed, which will probably not be resolved by retrying INFO: when the script returned != 0 and the setup failed, which is retried as a failure might depend on external services that can be unavailable temporarily That nothing was logged indicates to me that the script run and returned exit code 0. I would advise the following: - configure 'LogLevel md:trace2' to see all the details the module does until you have analyzed it - remove the "staging/foo+bar" folder with the failed attempt - reload your server mod_md will pick up that foo+bar needs renewal and you will see in the log when your script is called and what it returned. Hope this helps, Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|