Got an email from LE saying my certs are about to expire. I went to check why Caddy had not renewed, got this:
2017/06/13 17:27:41 [ERROR] Renewing: Error presenting token: Failed to determine Route 53 hosted zone ID: SignatureDoesNotMatch: Signature expired: 20170613T172741Z is now earlier than 20170613T172839Z (20170613T173339Z - 5 min.)
status code: 403, request id: 701c250a-505e-11e7-b3e9-55ec37340ae4; trying again in 10s
I am unable to find any documentation on this. My Caddy version may be admittedly a bit old. Is this a known issue? I assume it’s w/ the AWS SDK communication by the underlying impl (lego?). Correct?
The issue was due to > 5 min clock skew on my server (I did not have NTP syncing). This goes for the entire AWS SDK, hope it helps someone in the future.