Caddy Fail to Renew Route 53

cretz · June 13, 2017, 5:40pm

Got an email from LE saying my certs are about to expire. I went to check why Caddy had not renewed, got this:

    2017/06/13 17:27:41 [ERROR] Renewing: Error presenting token: Failed to determine Route 53 hosted zone ID: SignatureDoesNotMatch: Signature expired: 20170613T172741Z is now earlier than 20170613T172839Z (20170613T173339Z - 5 min.)
        status code: 403, request id: 701c250a-505e-11e7-b3e9-55ec37340ae4; trying again in 10s

I am unable to find any documentation on this. My Caddy version may be admittedly a bit old. Is this a known issue? I assume it’s w/ the AWS SDK communication by the underlying impl (lego?). Correct?

matt · June 13, 2017, 5:49pm

Yeah, this looks like an issue in either lego or its underlying Route53 library. I’d check the GitHub - go-acme/lego: Let's Encrypt client and ACME library written in Go repo for issues related to this, but upgrade Caddy to the latest first. (Always stay up to date!)

cretz · June 22, 2017, 8:34pm

The issue was due to > 5 min clock skew on my server (I did not have NTP syncing). This goes for the entire AWS SDK, hope it helps someone in the future.

system · September 20, 2017, 8:34pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.