Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange


On Thu, Dec 22, 2022 at 4:15 PM Info <info@xxxxxxxxxx> wrote:
> 2022-12-22T15:11:04,639 | INFO  | AcmeQuartzScheduler_Worker-1 |
> JobRunShell                      | 190 - org.quartz-scheduler.quartz -
> 2.3.2 | Job threw a
> JobExecutionException:
> org.quartz.JobExecutionException: Challenge has failed due to Failed to
> connect to [::1]:8444 for the tls-alpn-01 challenge
> The pebble Certificate and Key-Pair are stored in the key-store and
> Jetty picks it up by hot reloading, then I trigger the challenge the SNI
> gets matched and I close the connection because the handshake should be
> all it needs transferring the challenge certificate.
> But I get a failed challenge due to connection failure. Should I not
> close the connection?

The log says you failed to connect.
Where do you connect to?
I ask because I don't think the server needs to connect anywhere.
Once the acme client has successfully downloaded the acme certificate,
it will contact the CA, download the renewed certificate in the place
you configured.
You repackage it into a keystore, overwrite the old keystore, and the
new keystore should be hot-reloaded by Jetty.

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top