惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
WordPress大学
WordPress大学
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
美团技术团队
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
Recorded Future
Recorded Future
H
Help Net Security
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
博客园_首页
A
About on SuperTechFans
MongoDB | Blog
MongoDB | Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
B
Blog
The Register - Security
The Register - Security
I
InfoQ
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
Last Week in AI
Last Week in AI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
Stack Overflow Blog
Stack Overflow Blog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Latest news
Latest news
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Let's Encrypt Community Support - Latest topics

New Certificate Fails with Unauthorized 403 Seeking Clarity and Consistency on Configuring HTTP-01 challenge for multiple domains Certifiate failing renewal Letsencrypt blocked in Iran Problem with http verification Cyber-attacks from the secondary verification source addresses Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: How will clients handle X2 by X1 cross certificate revocation HTTPS Certificate Renewal and Mixed Content Issues Affecting My Real-Time Morse Code Website Using Let’s Encrypt .conf Files and Nginx along with Certbot Forbidden by policy error generating the let’s encrypt certificate SSL Certificate installed for 1 of 2 domains Certificate apparently not working Certbot 5.6.0 Release Would signing the key authorization with the ACME private key increase security? Lego 5.0.0 Release Certificate renewal incomplete: missing domains beeandlunetrading.com We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved Is using preferred-chain "ISRG Root X2" still a good idea? Crypt::LE --delayed not being honored Expressway certificate renewal error even after upgrading to the latest version Yocto Bitbake install of Certbot luadns fails with 'NoneType' object is not callable Intended audience for "tlsserver" profile Trouble finding Charter Communications as Web Hoster 2026.05.08 Gen Y Cross-Certified Subordinate CAs missing serverAuth EKU Certbot deploy-hook Obtaining account ID from xmox.nl email server SSL Certificate Expired - pwgroup.plabcapy.com More cultural recognition of HTTPS adoption Certificado certbot Upcoming Let’s Encrypt Profile Changes On May 13 Lets encrypt certificate issued website scam Issues getting certificates for .de zone Certbot-dns-multi for dns-lego fails with request for two domains Will tlssever profile switch to 45 days next week? Certbot script searching Expired certs shut done websites Automatic renewal across multiple systems serving the same domain Account paused – Request to unpause domain exodus.digitalmansa.com Certificate for web theft phucnha.com DNS-PERSIST without spending an Order Certificate Expired, now I can't create a new one Account paused Invalid unpause URL I need to revoke a cert, how do i do this Recommended Certbot Config for 2 certs with same FQDN with different acme servers The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot Cannot load certificate "/etc/letsencrypt/live/laurexplore.fr/fullchain.pem" A small static ACME server to distribute certs Certferry - easy distribution of wildcard LE certificates Permission errors on Let's ENcrypt certificate requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer')) The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot LetsEncrypt Consultation SSL/TLS certificate Issue ISRG may have received a National Security Letter or FISA Court Order? Deactivating pending authorization Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side Certificate renewal error Azuracast letsencrypt error Certbot change provider from Sectigo to CertiNext Privacy policy still mentions disabled services Letsencrypt[.]top is squatting on the LE name and acting as a web client Cert renews not working anymore Root Cert Protection and Signing Process for e.g. Intermediates or Cross-Signs of new Roots DNS Challenge failed incorrect TXT value FreeCert: a lightweight ACME management module for shared hosting and cPanel Certbot is rejecting its own specified _acme-challenge value Not able to renew certificates Issue of SSL Certificate fails Today instantly SSL certificate problems CNAME and CAA clarification Issue an SSL certificate Wacs Domain cert generation - test successful but real fails 400 Safari won't trust Let's Encrypt certs Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01? Win-Acme Renewal Failing Suddenly with DNS-01 (Dreamhost) My certicate is obsokete Certbot failed to authenticate some domains Possible deliberate publicly admitted violation of subscriber policy by Tom Murphy VII in the form of HTTPV ARI renewal-info Rate Limit Changes? Missing accounturi field in LE dns-persist-01 challenges Problem obtaining a certificate One cert failing to renew - don't know why Dns-persist-01 deployment status and timeline Issue (apparently) after upgrading certbot/ubuntu [nginx] IPv4 OK, IPv6 NOK Expressway ACME Certificate Renewal failing Certbot nginx challenge times out Certbot 5.5.0 Release Error unmarshaling request Try t Self-Host BitWarden - Having Issues Getting a Cert Various problems with three domains cme_registration.reg: Creating... ╷ │ Error: acme: error: 403 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:unauthorized :: An account with the provided public key exists but is deactivated Iran's internet outage and challenges for renewing letsencrypt certs Running multiple Certbot renewals in parallel — how to bypass the global lock file? Nginx ipv64.net Fritzbox Dietpi DNS-PERSIST-01 and _validation-persist CNAME Just a small certbot script check An easy way to publish dns-persist-01 records Problem finding dns-persist-01 in staging GoDaddy API access policy update
Posh-acme db_error submitting renewal
joe.roberts · 2026-04-16 · via Let's Encrypt Community Support - Latest topics

April 15, 2026, 10:45pm 1

We have run this command with PowerShell with the url matched to the server on several servers for the past 5+ years with no issues. Now it fails and am unable to determine the cause.

My domain is:
https://agdev05.esmsportal.com

I ran this command:
Submit-Renewal agdev05.esmsportal.com

It produced this output:

Submit-ChallengeValidation : {"error": "db_error"}
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.31.0\Public\New-PACertificate.ps1:275 char:9

  •     Submit-ChallengeValidation
    
  •     ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Submit-ChallengeValidation
      ], WebException
    • FullyQualifiedErrorId : WebCmdletWebResponseException,Submit-ChallengeValidation

Here is the result when executing Submit-ChallengeValidation -verbose

image

dextercd April 15, 2026, 11:17pm 3

The {"error": "db_error"} string in the error message there is probably coming from acme-dns.

When I try to invoke the /register endpoint I get the following error back from auth.acme-dns.io:

{"error": "database or disk is full"}

You could try opening an issue on their issue tracker, but note that they actually recommend hosting your own instance of acme-dns instead of relying on auth.acme-dns.io. Clarification on usage of https://auth.acme-dns.io · Issue #120 · acme-dns/acme-dns · GitHub

3 Likes

Do you have a link to information on hosting our own instance of acme-dns?

dextercd April 15, 2026, 11:42pm 5

There's the installation section in the README: GitHub - acme-dns/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. · GitHub

The Docker (compose) instructions seem pretty easy. You also have to setup the DNS as per the 'DNS Records' instructions.

I've never hosted this software myself so I can't help more with this.

I would recommend making sure you actually need acme-dns. If your DNS provider has an API then you might be able to use that. If you don't need wildcard certs then you can instead use the HTTP-01 challenge.

1 Like

MikeMcQ April 16, 2026, 1:36am 6

@joe.roberts Looks like you have GoDaddy as your DNS provider. Their API was restricted but recently opened up again. @rmbolger posted about this here: GoDaddy API access policy update As Dexter noted this may be a better option than acme-dns.

Looks like Ryan could update his docs here :slight_smile: GoDaddy - Posh-ACME

2 Likes

I appreciate the info! I am also looking for other CNAME redirect providers. I found Certify DNS as a possible option. As that post pointed out GoDaddy's pricing are rising while the service and support are dropping. We have several servers that prepaid for another year so we are working to move away from them. 10+ years ago, I thought they were going to be a great partner that offered many of the products that we needed, I was WRONG. I need to just find a alternative to "auth.acme-dns.io" for redirection since we have a lot of automation built around Posh-ACME. If you know of other options, I'd be grateful for any insights.

1 Like

MikeMcQ April 16, 2026, 3:15am 8

There is a new challenge type called dns-persist-01 in the works. It is currently in Let's Encrypt Staging system with plans for production this quarter.

I am very sure posh-acme will support that as soon as LE production is ready (as will Certify).

The idea is you create a TXT record once and that persists for as long you like to satisfy cert renewals. That avoids needing a DNS API, acme-dns, and similar.

See: DNS-PERSIST-01: A New Model for DNS-based Challenge Validation - Let's Encrypt

Perhaps the dreaded manual DNS Challenge to get a fresh cert now to carry you until LE has production dns-persist ready? I say dreaded b/c automation is far better but perhaps to avoid having to setup a very temporary new DNS infrastructure it is worth it?

1 Like

Yes, that would provide some better options. DNS management can be a challenge when the provider doesn't provide the necessary tools!

Thanks again for information

1 Like

Certify DNS (which I develop, and which can be cheaply licensed month-to-month via Azure marketplace) is an option but as @MikeMcQ mentioned the upcoming dns-persist-01 looks like it's going to be a simpler overall option for DNS based validation.

[Edit: I see we have support ticket from you, will investigate that myself]

You do also have the option of self-hosting acme-dns (many people do) but that's an administrative/maintenance/hosting overhead.

The GoDaddy API would be theoretically ideal but it's had a checkered history and it's confusing to know if you do or don't have access. Note that your domain registrar does not need to be your DNS host and there are many good large scale DNS hosts that are low cost or free (e.g. AWS Route 53, Cloudflare). Cloudflare in particular offers a lot of features in their free tier.

2 Likes

rmbolger April 16, 2026, 4:53am 11

Docs are updated in the dev branch already :wink: along with a GoDaddy plugin update to support corporate accounts. Just waiting for the next module release to push the doc updates live.

3 Likes

@rmbolger btw with Posh-ACME, if a user opts for a new acme-dns service and has previously completed an order using a different service I don't think it has a way to switch to the new acme-dns registration details (without passing them in manually). Perhaps it needs an option to clear existing reg for an order. Certify also has this issue,

2 Likes