LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices


Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

acme-client fails with "file exists"

Posted 07-27-2019 at 05:47 AM by rocket357
Updated 07-27-2019 at 11:58 PM by rocket357

Running OpenBSD-6.5 on a machine with two internet uplinks (shared on a common local network), I noticed that acme-client would die with "file exists" over and over again.

The problem was in how acme works when using http-01. In this mode, acme-client will reach out to the Lets Encrypt endpoints (v2 at the time of this writing) and ask for a certificate. Since it's using http-01, Lets Encrypt will then reach out to the domain the certificate is for (which needs to be the machine acme-client is running on), over http port 80, and ask for the challenge info (which has been written to the appropriate place by acme-client, presumably). When Lets Encrypt can't reach the web server that's supposed to be serving that domain, it repeats the request the next time acme-client reaches out, so acme-client tries to create the challenge file again, causing the failure.

You can delete the challenge file (if your timing is good), but it will still ask again and again for the same challenge, so eventually it will fail.

The fix is to ensure your web server is up and available (sounds like common sense).

And "up and available" is trickier than it sounds, as it is possible to create scenarios where the web server works beautifully for some networks but goes braindead for others (like, uhh, having two ECMP paths to IPs on the same internal network, and have one of them down...yeah, speaking from experience).
Posted in Uncategorized
Views 3968 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 11:21 AM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration