Lets Encrypt "simple self check"
Using a domain that contains special characters, in my case an “-” in the domain name, when attempting to obtain a Let’s Encrypt certificate, the “simple self check” (line 150) in the “Lescript.php” script would fail and as a result, the cert would never attempt to get issued.
In troubleshooting, I added a Payload & URI File log entry to compare and noted that the file_get_contents
method would not return an entry. After trialling a few different changes, I commented out the check altogether and the certificate issued successfully as I could paste the URI in a browser and successfully download the file.
I found this regarding the method you are using to retrieve the $URI file to verify that the file was accessible externally,
If you're opening a URI with special characters, such as spaces, you need to encode the URI with urlencode().
https://www.php.net/manual/en/function.file-get-contents.php
I have not attempted to use this function to confirm if it resolved my issue, as the certificate did successfully issue once I removed the self-check.
Note:
- A_PAYLOAD in the log file is a redacted entry of my payload, as is mail.my-domain.com.
-
Modification to simple self check to generate log file output
// simple self check if ($payload !== trim(@file_get_contents($uri))) { $this->log("Skipping self verification"); $this->log("Payload: $payload"); $urifile = trim(file_get_contents($uri)); $this->log("URI File: $urifile"); throw new RuntimeException("Please check $uri - token not available"); }
As this certificate needs to be re-validated in ~3 months can this please be looked in to?
Thanks
Grant
I found that the self-check fails when you’re behind a reverse proxy. Our domain name doesn’t have any special characters in it. I had to comment out the self-check in order to be able to renew LE certificates. I’d like to request an option for disabling the self-check altogether.
I created a separate issue:
https://bitbucket.org/analogic/mailserver/issues/835/lets-encrypt-simple-self-check-fails