|Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange|
Hi, On Thu, Dec 22, 2022 at 4:15 PM Info <info@xxxxxxxxxx> wrote: > 2022-12-22T15:11:04,639 | INFO | AcmeQuartzScheduler_Worker-1 | > JobRunShell | 190 - org.quartz-scheduler.quartz - > 2.3.2 | Job acme.action.job.group.ACMERenewJob threw a > JobExecutionException: > org.quartz.JobExecutionException: Challenge has failed due to Failed to > connect to [::1]:8444 for the tls-alpn-01 challenge > > The pebble Certificate and Key-Pair are stored in the key-store and > Jetty picks it up by hot reloading, then I trigger the challenge the SNI > gets matched and I close the connection because the handshake should be > all it needs transferring the challenge certificate. > > But I get a failed challenge due to connection failure. Should I not > close the connection? The log says you failed to connect. Where do you connect to? I ask because I don't think the server needs to connect anywhere. Once the acme client has successfully downloaded the acme certificate, it will contact the CA, download the renewed certificate in the place you configured. You repackage it into a keystore, overwrite the old keystore, and the new keystore should be hot-reloaded by Jetty. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts.
Back to the top