{SOLVED] Acmebot error (won’t renew) [XFINITY ISP]

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Tue Aug 18, 2020 4:57 pm    Post subject: {SOLVED] Acmebot error (won’t renew) [XFINITY ISP] Reply with quote

First you should know that my Mac server sat for a long time a couple of months ago NOT up and running. It’s running High Sierra and can no longer be upgraded. 2008 iMac.

As far as I know, there have been no changes to any network settings, unless Xfinity did something weird I’m unaware of. I have not made any changes to the machine either. All I know is the last time the server was up and running regularly, which was only a couple of months ago, there were no certificate issues. About five days ago I decided to start it up again and that’s when I saw the acmebot errors. They have happened before but have always worked themselves out without my having to do anything. Usually at most within a day. This time it’s been five days and it’s not correcting.

No idea if this matters but the renewal due date when it first happened this time was some time in late June. Now it says August 17. Yesterday.

Any help would be greatly appreciated. Thanks in advance!


Last edited by Moonwalker on Sat Aug 22, 2020 8:34 pm; edited 2 times in total
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Thu Aug 20, 2020 5:52 am    Post subject: Reply with quote

If I were you, I’d turn up the logging for acme. You’ll get better info in the acme error log. Should help you diagnose the issue.

Are you on the latest version of Abyss? I know LE required a change to the Acme 2.0 protocol awhile back. I don’t think v 1 works anymore.

Also, have you restarted the server after stopping it? (Can’t hurt to ask :)

Just a couple thoughts...
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Thu Aug 20, 2020 7:35 pm    Post subject: Reply with quote

pkSML wrote:
If I were you, I’d turn up the logging for acme. You’ll get better info in the acme error log. Should help you diagnose the issue.


Should be able to upload that later, however it wasn’t very informative to me.

Quote:
Are you on the latest version of Abyss?


Yes. Running fine.

Quote:
I know LE required a change to the Acme 2.0 protocol awhile back. I don’t think v 1 works anymore.


I’m aware of that now, but unsure yet how to check/ensure that it is version 2.

Quote:
Also, have you restarted the server after stopping it? (Can’t hurt to ask)


LOL, yeah but the plug wasn’t in. 🤣😂
Back to top View user's profile Send private message
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Fri Aug 21, 2020 6:10 pm    Post subject: Reply with quote

[redacted unnecessary log. Problem solved. See future post.}

Last edited by Moonwalker on Sat Aug 22, 2020 8:22 pm; edited 1 time in total
Back to top View user's profile Send private message
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Fri Aug 21, 2020 6:28 pm    Post subject: Reply with quote

BTW, the too many failed requests line above was me attempting some fixes that obviously didn’t work. I’m not concerned about those. I was aware that would happen, and that it resolves on its own if you just wait. Assuming nothing else is wrong that is, which in this case something is.

EDIT:

It is not a firewall issue within the server. Shutting it off changes nothing. I have also verified I'm using Acme V2. I'm wondering if there is an issue with my LE account itself.
Back to top View user's profile Send private message
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Sat Aug 22, 2020 8:32 pm    Post subject: Reply with quote

SOLUTION:

Xfinity is my ISP. It's very likely anyone else using them is having the same issue.

It IS a firewall issue, and it's Xfinity's Advanced Security feature which can only be accessed in your Xfinity account settings online. They've disabled all port forwarding locally if you rent your modem/router from them. It's under "More" in the network settings of your online Xfinity account pages. Shut it off entirely.

Of course this means YOU now must ensure your local network is secure and can no longer rely on them blocking anything. That's fine by be. I've been doing this myself for a long time.

They do have an "Allowed devices" setting somewhere in there that can allow for the port forwarding to work for 30 days on devices included in the Allowed Devices group, but you'd have to reactivate the device every thirty days and that simply isn't acceptable to me so I just shut the whole stupid thing down. Withing an hour of shutting that off the cert was updated.

Hope this helps others.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Sun Aug 23, 2020 1:37 am    Post subject: Reply with quote

Gotta love your helpful ISP lol!

Glad you found the solution.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Moonwalker
-


Joined: 22 Sep 2019
Posts: 25

PostPosted: Sun Aug 23, 2020 2:38 am    Post subject: Reply with quote

pkSML wrote:
Gotta love your helpful ISP lol!

Glad you found the solution.


Yeah, no kidding. 'Tis
the reason back in the dark ages, I dumped AOL. ;p
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group