On Sat, May 26, 2018 at 09:14:35AM -0700, Scott Vanderbilt wrote:
> On 5/26/2018 4:54 AM, Stuart Henderson wrote:
>
> > aeneas.datagenic.com doesn't respond on port 80. (And if I can't
> > fetch it, letsencrypt's checkers are also unlikely to be able to).
> >
> > Firewall issue?
>
> Oh, FFS.
>
> Yes. A silly pf rule blocking incoming traffic from outside my LAN that I
> overlooked when I first considered that idea, but then discarded on account
> of the error message. Which, to me, at least, does not in any reasonable way
> point to a connection problem.
>
> So, thanks very much for applying the clue stick. And, to whom may I suggest
> that the misleading error message from acme-client be changed to something
> actually resembling the problem it has encountered?
The error message is coming from letsencrypt, from your original mail:
acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
"detail": "Error creating new cert :: authorizations for these names not found
or expired: aeneas.datagenic.com", "status": 403 }] (176 bytes)
transfer buffer is the json we got back from letsencrypt. I seem to
recall that this used to be different and they did tell us that the
connection was refused. Oh but that might be if they are getting an
icmp port unreachable, I guess you where just dropping the request in
pf?
--
I'm not entirely sure you are real.
