Custom DDNS Letsencrypt stuck on Authorizing

vacemiw265

New Around Here
Firmware version: 386.5_2

Any working around?
Even with the firewall disabled, the router is unable to pull the cert.

Code:
May 25 12:05:00 rc_service: service 2829:notify_rc restart_letsencrypt
May 25 12:05:05 kernel: [Wed May 25 12:05:05 DST 2022] Standalone mode.
May 25 12:05:07 kernel: [Wed May 25 12:05:07 DST 2022] Registering account
May 25 12:05:09 kernel: [Wed May 25 12:05:09 DST 2022] Already registered
May 25 12:05:09 kernel: [Wed May 25 12:05:09 DST 2022] ACCOUNT_THUMBPRINT='C8xxxHhbtFKVtcd76gQnGamqQZtO9XqLkJIidjeygn'
May 25 12:05:09 kernel: [Wed May 25 12:05:09 DST 2022] Creating domain key
May 25 12:05:11 kernel: [Wed May 25 12:05:11 DST 2022] The domain key is here: /jffs/.le/myname.duckdns.org/myname.duckdns.org.key
May 25 12:05:11 kernel: [Wed May 25 12:05:11 DST 2022] Single domain='myname.duckdns.org'
May 25 12:05:12 kernel: [Wed May 25 12:05:12 DST 2022] Getting domain auth token for each domain
May 25 12:05:15 kernel: [Wed May 25 12:05:15 DST 2022] Getting webroot for domain='myname.duckdns.org'
May 25 12:05:16 kernel: [Wed May 25 12:05:16 DST 2022] Verifying: myname.duckdns.org
May 25 12:05:16 kernel: [Wed May 25 12:05:16 DST 2022] Standalone mode server
May 25 12:05:22 kernel: [Wed May 25 12:05:22 DST 2022] Pending
May 25 12:05:25 kernel: [Wed May 25 12:05:25 DST 2022] Pending
May 25 12:05:28 kernel: [Wed May 25 12:05:28 DST 2022] Pending
May 25 12:05:32 kernel: [Wed May 25 12:05:32 DST 2022] myname.duckdns.org:Verify error:xx.xx.xxx.xxx: Fetching http://myname.duckdns.org/.well-known/acme-challenge/C8xxxHhbtFKVtcd76gQnGamqQZtO9XqLkJIidjeygn Timeout during connect (likely firewall problem)
May 25 12:05:32 kernel: [Wed May 25 12:05:32 DST 2022] Please add '--debug' or '--log' to check more details.
May 25 12:05:32 kernel: [Wed May 25 12:05:32 DST 2022] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
 

Martinski

Regular Contributor
Firmware version: 386.5_2

Any working around?
Without knowing the exact cause of your problem, the following would be a shot in the dark: Have you tried deleting the entire "Let's Encrypt" (LE) directory from the jffs partition, and then restarting the LE service?

About a year & a half ago or thereabouts, I ran into the "LE stuck on Authorizing" problem, and eventually found a thread on this forum that recommended doing the "folder deletion + service restart" steps. This method was reported to work well by many people (the issue was happening a lot at some point). So I manually typed the commands on the router, and the problem was resolved for me as well. Around the same time, some family & friends with ASUS routers started having the same issue so I wrote a script to do the steps programmatically to prevent them from making mistakes since most of them are not tech-savvy. So far, the solution has worked in the rare occasions that the same problem has resurfaced again.

If you want to try my script (CheckLetsEncrypt.sh) it's available here on Pastebin. But again, this would be a shot in the dark because the actual cause is unknown, and you provided very little info about your setup.

When you run the script without arguments, it outputs some help. I think the help messages are self-explanatory (so that my non-technical folks could easily run it without much trouble).

Best of Luck.
 

vacemiw265

New Around Here
Without knowing the exact cause of your problem, the following would be a shot in the dark: Have you tried deleting the entire "Let's Encrypt" (LE) directory from the jffs partition, and then restarting the LE service?

About a year & a half ago or thereabouts, I ran into the "LE stuck on Authorizing" problem, and eventually found a thread on this forum that recommended doing the "folder deletion + service restart" steps. This method was reported to work well by many people (the issue was happening a lot at some point). So I manually typed the commands on the router, and the problem was resolved for me as well. Around the same time, some family & friends with ASUS routers started having the same issue so I wrote a script to do the steps programmatically to prevent them from making mistakes since most of them are not tech-savvy. So far, the solution has worked in the rare occasions that the same problem has resurfaced again.

If you want to try my script (CheckLetsEncrypt.sh) it's available here on Pastebin. But again, this would be a shot in the dark because the actual cause is unknown, and you provided very little info about your setup.

When you run the script without arguments, it outputs some help. I think the help messages are self-explanatory (so that my non-technical folks could easily run it without much trouble).

Best of Luck.
Thank you for your feedback.
- I have attempted several things, including disabling the firewall and deleting files inside jffs/.le
- I have also letsdebug.net site and received the below message
"myname.duckdns.org has an A (IPv4) record (xx.xx.xx.xx) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with myname.duckdns.org/xx.xx.xx.xx: Get "http://myname.duckdns.org/.well-known/acme-challenge/letsdebug-test": context deadline exceeded"

I do not believe my isp is blocking port 80, in the past, I was able to get a certificate when I used asuscomm dns service. However, I had to stop using it since it was too unreliable in registering my ddns name.
 

Martinski

Regular Contributor
Thank you for your feedback.
- I have attempted several things, including disabling the firewall and deleting files inside jffs/.le
- I have also letsdebug.net site and received the below message
"myname.duckdns.org has an A (IPv4) record (xx.xx.xx.xx) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with myname.duckdns.org/xx.xx.xx.xx: Get "http://myname.duckdns.org/.well-known/acme-challenge/letsdebug-test": context deadline exceeded"

I do not believe my isp is blocking port 80, in the past, I was able to get a certificate when I used asuscomm dns service. However, I had to stop using it since it was too unreliable in registering my ddns name.
I don't know exactly what you mean by "deleting files inside jffs/.le" Did you mean "deleting SOME files..." or "deleting ALL files..."? Did you mean "deleting files AT RANDOM..."? I can't tell because it's an ambiguous phrase so it's not crystal clear to me what you deleted and what you did after that.

I believe one thing to do would be to verify that your Duck DDNS service is actually working well and that your "myname.duckdns.org" domain is indeed pointing to your current public WAN IP address. You must be 100% certain that your DDNS service *is* working before proceeding with Let's Encrypt. Since Duck DNS is not included in the firmware's built-in list of supported DDNS services, you must have a "Custom" setup. Make sure this is configured correctly and any change in your public WAN IP address is handled & updated as expected.

I don't use Duck DNS service so I can't really help in that regard.

Good Luck.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top