Caddy Fail to Renew Route 53

Got an email from LE saying my certs are about to expire. I went to check why Caddy had not renewed, got this:

    2017/06/13 17:27:41 [ERROR] Renewing: Error presenting token: Failed to determine Route 53 hosted zone ID: SignatureDoesNotMatch: Signature expired: 20170613T172741Z is now earlier than 20170613T172839Z (20170613T173339Z - 5 min.)
        status code: 403, request id: 701c250a-505e-11e7-b3e9-55ec37340ae4; trying again in 10s

I am unable to find any documentation on this. My Caddy version may be admittedly a bit old. Is this a known issue? I assume it’s w/ the AWS SDK communication by the underlying impl (lego?). Correct?

Yeah, this looks like an issue in either lego or its underlying Route53 library. I’d check the GitHub - go-acme/lego: Let's Encrypt client and ACME library written in Go repo for issues related to this, but upgrade Caddy to the latest first. (Always stay up to date!)

The issue was due to > 5 min clock skew on my server (I did not have NTP syncing). This goes for the entire AWS SDK, hope it helps someone in the future.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.