So today I decided to replace my free openVPN-AS with Pritunl as I got tired of the two device limit and I still wanted a web UI. Most of Pritunl’s setup went smoothly until I tried to input my domain.
I have opened port 80 for both TCP and UDP traffic on my router but I am still getting this error (Log is printed bellow, domain and IP have been altered for security reasons)
[evening-refuge-4957][2020-02-23 16:56:05,755][INFO] Parsing account key…
[evening-refuge-4957][2020-02-23 16:56:05,778][INFO] Parsing CSR…
[evening-refuge-4957][2020-02-23 16:56:05,801][INFO] Found domains: mydomain.com
[evening-refuge-4957][2020-02-23 16:56:05,802][INFO] Getting directory…
[evening-refuge-4957][2020-02-23 16:56:06,085][INFO] Directory found!
[evening-refuge-4957][2020-02-23 16:56:06,085][INFO] Registering account…
[evening-refuge-4957][2020-02-23 16:56:06,629][INFO] Registered!
[evening-refuge-4957][2020-02-23 16:56:06,630][INFO] Creating new order…
[evening-refuge-4957][2020-02-23 16:56:07,274][INFO] Order created!
[evening-refuge-4957][2020-02-23 16:56:07,532][INFO] Verifying mydomain.com…
[evening-refuge-4957][2020-02-23 16:56:19,693][ERROR] Failed to get LetsEncrypt cert
Traceback (most recent call last):
File “/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/handlers/settings.py”, line 905, in settings_put
acme.update_acme_cert()
File “/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/acme.py”, line 68, in update_acme_cert
cert = get_acme_cert(settings.app.acme_key, csr)
File “/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/acme.py”, line 43, in get_acme_cert
set_acme,
File “/usr/lib/pritunl/local/lib/python2.7/site-packages/pritunl/acme_tiny.py”, line 138, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for mydomain.com: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://mydomain.com/.well-known/acme-challenge/iVMvALXoZpSNO8gvlc_H6RipjX5wMat0O4075Gljz6Y’, u’hostname’: u’mydomain.com’, u’addressUsed’: u’34.178.162.129’, u’port’: u’80’, u’addressesResolved’: [u’34.178.172.159’]}], u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/2976113148/eBvxOQ’, u’token’: u’iVMvALXoZpSNO8gvlc_H6RipjX5wMat0O4075Gljz6Y’, u’error’: {u’status’: 400, u’type’: u’urn:ietf:params:acme:error:connection’, u’detail’: u’Fetching http://mydomain.com/.well-known/acme-challenge/iVMvALXoZpSNO8gvlc_H6RipjX5wMat0O4075Gljz6Y: Timeout during connect (likely firewall problem)’}, u’type’: u’http-01’}], u’identifier’: {u’type’: u’dns’, u’value’: u’mydomain.com’}, u’expires’: u’2020-03-01T21:56:07Z’}
acme_domain = “mydomain.com”
additionally
If I try to visit http://mydomain.com/.well-known/acme-challenge/iVMvALXoZpSNO8gvlc_H6RipjX5wMat0O4075Gljz6Y in my browser I get
404: Not Found
This leads me to believe that this is an issue with Pritunl failing to generate the key file. This seems to be supported by the traceback errors, maybe that is caused by some sort of unmet dependency (I have installed this directly on my proxmox box (yes I know that is not ideal but I don’t really care) and that is a pretty weird version of debian that doesn’t have some basic stuff installed) or maybe it is an issue with Pritunl on debian 10.
Either way any assistance that can be offered would be much appreciated