[SAC] [OSGeo] #3001: docs.geotools.org SSL certificate renewal failed (letsencrypt)

OSGeoTrac · October 16, 2023, 1:22pm

#3001: docs.geotools.org SSL certificate renewal failed (letsencrypt)
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
Something wrong was reported upon letsencrypt cert renewal for
docs.geotools.org (still needed?):

{{{
Processing /etc/letsencrypt/renewal/docs.geotools.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 158 seconds
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for docs.geotools.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (docs.geotools.org) from
/etc/letsencrypt/renewal/docs.geotools.org.conf produced an unexpected
error: Failed
authorization procedure. docs.geotools.org (http-01):
urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient
authorization :: 140.211.15.6: Invalid response from
https://docs.geotools.org/.well-known/acme-
challenge/Xeu03iLu0Mv7QrxIV4lhGrfd0OzfJokvUepDF3CjmUk: 404. Skipping.
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3001>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · October 16, 2023, 1:24pm

#3001: geotools.org SSL certificate renewal failed (letsencrypt)
---------------------------+----------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2023-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Changes (by strk):

* summary: docs.geotools.org SSL certificate renewal failed (letsencrypt)
=> geotools.org SSL certificate renewal failed (letsencrypt)

Old description:

Something wrong was reported upon letsencrypt cert renewal for
docs.geotools.org (still needed?):

{{{
Processing /etc/letsencrypt/renewal/docs.geotools.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 158 seconds
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for docs.geotools.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (docs.geotools.org) from
/etc/letsencrypt/renewal/docs.geotools.org.conf produced an unexpected
error: Failed
authorization procedure. docs.geotools.org (http-01):
urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient
authorization :: 140.211.15.6: Invalid response from
https://docs.geotools.org/.well-known/acme-
challenge/Xeu03iLu0Mv7QrxIV4lhGrfd0OzfJokvUepDF3CjmUk: 404. Skipping.
}}}

New description:

Something wrong was reported upon letsencrypt cert renewal for
docs.geotools.org and geotools.org (still needed?):

{{{
- The following errors were reported by the server:

    Domain: docs.geotools.org
    Type: unauthorized
    Detail: 140.211.15.6: Invalid response from
    https://docs.geotools.org/.well-known/acme-
challenge/Xeu03iLu0Mv7QrxIV4lhGrfd0OzfJokvUepDF3CjmUk:
    404

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
  - The following errors were reported by the server:

    Domain: www.geotools.org
    Type: unauthorized
    Detail: 140.211.15.6: Invalid response from
    http://www.geotools.org/.well-known/acme-
challenge/SBaEF5syGR0AgPBjr3BI7VsiQrXqrXgFWhi10JqWQUo:
    404

    Domain: geotools.org
    Type: unauthorized
    Detail: 140.211.15.6: Invalid response from
    http://geotools.org/.well-known/acme-
challenge/DKElh5cEHfZ7ygGm0KStuvz2_3pWnJCdRJ994kyICLQ:
    404

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

}}}

--
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3001#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · December 28, 2023, 1:11am

#3001: geotools.org SSL certificate renewal failed (letsencrypt)
----------------------+----------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2023-II
Component: SysAdmin | Resolution: fixed
Keywords: |
----------------------+----------------------------------------
Changes (by cvvergara):

* status: new => closed
* resolution: => fixed

Comment:

Also updated certificates on other systems
--
Ticket URL: <#3001 (geotools.org SSL certificate renewal failed (letsencrypt)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.