"404 Expired authorization" when run in Cron #444

New Issue

adam · 2025-12-29T01:25:25+01:00

adam commented

2025-12-29 01:25:25 +01:00

Originally created by @joachimtingvold on GitHub (Oct 24, 2019).

Hi,

Trying to run dehydrated in cron, yields the following error;

Wed Oct 23 02:19:01 CEST 2019: running dehydrated...
# INFO: Using main config file /srv/letsencrypt/scripts/dehydrated.conf
13348 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
13351 > Wed Oct 23 02:19:02 CEST 2019: Hook: startup_hook
Processing foobar.com with alternative names: www.foobar.com kek.foobar.com lol.foobar.com
13375 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Nov 14 23:21:29 2019 GMT Certificate will expire
(Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 4 authorizations URLs from the CA
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/<snip> (Status 404)

Details:
HTTP/1.1 200 Connection established

HTTP/2 404
server: nginx
date: Wed, 23 Oct 2019 00:19:04 GMT
content-type: application/problem+json
content-length: 106
boulder-requester: 2680473
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: <snip>

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Expired authorization",
  "status": 404
}

...skipping...

Running the same command manually, works just fine;

[…]
 + Requesting new certificate order from CA...
 + Received 4 authorizations URLs from the CA
 + Handling authorization for foobar.com
 + Handling authorization for www.foobar.com
 + Handling authorization for lol.foobar.com
 + Handling authorization for kek.foobar.com
 + 4 pending challenge(s)
 + Deploying challenge tokens...
[…]

The "error" it receives in cron, happens every time (since I have it once per 24h, and the certificates are almost 10 days past the "30 day renewal" that I've set).

Some of these domains where signed by v1 of the LE API, while I'm now using v2. Could this be the culprit? If so, it's strange that it works when I ran the crontab-command manually.

Any pointers?

Originally created by @joachimtingvold on GitHub (Oct 24, 2019). Hi, Trying to run dehydrated in cron, yields the following error; ``` Wed Oct 23 02:19:01 CEST 2019: running dehydrated... # INFO: Using main config file /srv/letsencrypt/scripts/dehydrated.conf 13348 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script 13351 > Wed Oct 23 02:19:02 CEST 2019: Hook: startup_hook Processing foobar.com with alternative names: www.foobar.com kek.foobar.com lol.foobar.com 13375 > Wed Oct 23 02:19:02 CEST 2019: Hook: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... + Valid till Nov 14 23:21:29 2019 GMT Certificate will expire (Less than 30 days). Renewing! + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 4 authorizations URLs from the CA + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/<snip> (Status 404) Details: HTTP/1.1 200 Connection established HTTP/2 404 server: nginx date: Wed, 23 Oct 2019 00:19:04 GMT content-type: application/problem+json content-length: 106 boulder-requester: 2680473 cache-control: public, max-age=0, no-cache link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" replay-nonce: <snip> { "type": "urn:ietf:params:acme:error:malformed", "detail": "Expired authorization", "status": 404 } ...skipping... ``` Running the same command manually, works just fine; ``` […] + Requesting new certificate order from CA... + Received 4 authorizations URLs from the CA + Handling authorization for foobar.com + Handling authorization for www.foobar.com + Handling authorization for lol.foobar.com + Handling authorization for kek.foobar.com + 4 pending challenge(s) + Deploying challenge tokens... […] ``` The "error" it receives in cron, happens every time (since I have it once per 24h, and the certificates are almost 10 days past the "30 day renewal" that I've set). Some of these domains where signed by v1 of the LE API, while I'm now using v2. Could this be the culprit? If so, it's strange that it works when I ran the crontab-command manually. Any pointers?

adam closed this issue

2025-12-29 01:25:25 +01:00

adam commented

2025-12-29 01:25:26 +01:00

@lukas2511 commented on GitHub (Dec 10, 2020):

This is really weird. May have been a weird side-effect of b0rked json parsing which shouldn't be an issue anymore. Closing this for now. If this still occurs for somebody please feel free to open a new ticket with as much information as possible.

@lukas2511 commented on GitHub (Dec 10, 2020): This is really weird. May have been a weird side-effect of b0rked json parsing which shouldn't be an issue anymore. Closing this for now. If this still occurs for somebody please feel free to open a new ticket with as much information as possible.

adam referenced this issue

2025-12-29 01:29:35 +01:00

[PR #444] [CLOSED] fix ocsp.der symlink #837

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#444