My System: UCS 4.4-8 errata1173
I did run into two problems yesterday, as I wanted to renew my Letsencrypt certificates.
So I have two qustions:
1.
Starting these days the renewal of Letsencryp did not work anymore, even before installing the latest errata.
i got the message:
ValueError: Challenge did not pass for ucs.kmvw-io.de: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'hostname': u'ucs.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'80', u'addressesResolved': [u'84.153.195.198']}, {u'url': u'https://ucs.kmvw-io.de/[https:/ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'hostname': u'ucs.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'443', u'addressesResolved': [u'84.153.195.198']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/75460827640/cEDLYQ', u'token': u'3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from https://ucs.kmvw-io.de/[https:/ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg [84.153.195.198]: "\n\n404 Not Found\n\n
please note the URIs starting with “https://ucs” - you will find a " /%5b" there.
a
root@ucs:/etc/univention/letsencrypt# curl -I http://web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Feb 2022 20:15:03 GMT
Server: Apache/2.4.25 (Univention)
Location: https://web.kmvw-io.de/%5bhttps:/web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
Content-Type: text/html; charset=iso-8859-1
showed the same in the output starting with “Location”.
In the knowledgebase I found the guide, how to redirect http to https where you will find the section:
Then create /var/www/.htaccess with the following content:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) [https://%{HTTP_HOST}%{REQUEST_URI}
The RewiteRule contains a [ - so I did remove the RewriteRule - line, restarted Apache and executed
root@ucs:/etc/univention/letsencrypt# sudo -u letsencrypt /usr/share/univention-letsencrypt/refresh-cert
So 6. Feb 09:04:35 CET 2022
Refreshing certificate for following domains:
kmvw-io.de autodiscover.kmvw-io.de autoconfig.kmvw-io.de ucs.kmvw-io.de web.kmvw-io.de smtp.kmvw-io.de mail.kmvw-io.de
Parsing account key...
Parsing CSR...
Found domains: web.kmvw-io.de, ucs.kmvw-io.de, mail.kmvw-io.de, autoconfig.kmvw-io.de, smtp.kmvw-io.de, autodiscover.kmvw-io.de, kmvw-io.de
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying autodiscover.kmvw-io.de...
...
Signing certificate...
Certificate signed!
Certificate refreshed at So 6. Feb 09:05:17 CET 2022
Now it worked.
My question is, why the RewriteRule suddenly generates such a garbage.
Before I tried to renew the certificates manually, I did try it with the letsenrypt app.
After click on “Execute changes” in Letsencrypt App the /etc/univention/letsencrypt/domain.csr file has 0 Bytes size and the Letsencrypt App displayed:
ValueError: Challenge did not pass for autoconfig.kmvw-io.de: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://autoconfig.kmvw-io.de/.well-known/acme-challenge/nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k', u'hostname': u'autoconfig.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'80', u'addressesResolved': [u'84.153.195.198']}, {u'url': u'https://autoconfig.kmvw-io.de/%5bhttps:/autoconfig.kmvw-io.de/.well-known/acme-challenge/nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k', u'hostname': u'autoconfig.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'443', u'addressesResolved': [u'84.153.195.198']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/75575670660/uQ96Cg', u'token': u'nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from https://autoconfig.kmvw-io.de/%5bhttps:/autoconfig.kmvw-io.de/.well-known/acme-challenge/nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k [84.153.195.198]: "\\n\\n\\n\\n
Not Found
\\n
So my second question is, whether there is a bug in the Letsencrypt App.