{SOLVED] Acmebot error (won’t renew) [XFINITY ISP]

[Moonwalker]

First you should know that my Mac server sat for a long time a couple of months ago NOT up and running. It’s running High Sierra and can no longer be upgraded. 2008 iMac.

As far as I know, there have been no changes to any network settings, unless Xfinity did something weird I’m unaware of. I have not made any changes to the machine either. All I know is the last time the server was up and running regularly, which was only a couple of months ago, there were no certificate issues. About five days ago I decided to start it up again and that’s when I saw the acmebot errors. They have happened before but have always worked themselves out without my having to do anything. Usually at most within a day. This time it’s been five days and it’s not correcting.

No idea if this matters but the renewal due date when it first happened this time was some time in late June. Now it says August 17. Yesterday.

Any help would be greatly appreciated. Thanks in advance!

[pkSML]

If I were you, I’d turn up the logging for acme. You’ll get better info in the acme error log. Should help you diagnose the issue.

Are you on the latest version of Abyss? I know LE required a change to the Acme 2.0 protocol awhile back. I don’t think v 1 works anymore.

Also, have you restarted the server after stopping it? (Can’t hurt to ask :)

Just a couple thoughts...
_________________
Stephen
Need a LitlURL?

http://CodeBin.yi.org

[Moonwalker]

[Moonwalker]

[redacted unnecessary log. Problem solved. See future post.}

[Moonwalker]

BTW, the too many failed requests line above was me attempting some fixes that obviously didn’t work. I’m not concerned about those. I was aware that would happen, and that it resolves on its own if you just wait. Assuming nothing else is wrong that is, which in this case something is.

EDIT:

It is not a firewall issue within the server. Shutting it off changes nothing. I have also verified I'm using Acme V2. I'm wondering if there is an issue with my LE account itself.

[Moonwalker]

SOLUTION:

Xfinity is my ISP. It's very likely anyone else using them is having the same issue.

It IS a firewall issue, and it's Xfinity's Advanced Security feature which can only be accessed in your Xfinity account settings online. They've disabled all port forwarding locally if you rent your modem/router from them. It's under "More" in the network settings of your online Xfinity account pages. Shut it off entirely.

Of course this means YOU now must ensure your local network is secure and can no longer rely on them blocking anything. That's fine by be. I've been doing this myself for a long time.

They do have an "Allowed devices" setting somewhere in there that can allow for the port forwarding to work for 30 days on devices included in the Allowed Devices group, but you'd have to reactivate the device every thirty days and that simply isn't acceptable to me so I just shut the whole stupid thing down. Withing an hour of shutting that off the cert was updated.

Hope this helps others.

[pkSML]

Gotta love your helpful ISP lol!

Glad you found the solution.
_________________
Stephen
Need a LitlURL?

http://CodeBin.yi.org

[Moonwalker]