My application continues to get requests for /.well-known/acme-challenge/NS_***.
I have an issued wildcard certificate and a CNAME record for domain ownership _acme-challenge.
Why is my app getting these requests? It is causing lots of 404 noise.
Those probably aren’t us (unless you’re using our very old Javascript platform). We do ALPN and DNS challenges, those don’t make HTTP requests to your app (on purpose). I’ll see if I can find anything weird on your account, though, just in case.
I don’t see a wildcard certificate on an app you have access to, so it’s possible I’m looking in the wrong place (feel free to DM me the app or hostname). But here are the challenges we attempted for your app:
2021-07-14 15:10:15 UTC: invalid: rsa
2021-07-14 15:16:09 UTC: invalid: rsa
2021-07-14 15:21:10 UTC: valid: rsa
2021-07-14 15:21:29 UTC: valid: ecdsa
2021-07-14 16:53:43 UTC: valid: rsa
2021-07-14 16:53:59 UTC: valid: ecdsa
We don’t use HTTP challenges, and I don’t think Lets Encrypt will make HTTP requests by itself, but if they do you would have seen maybe 2 requests per challenge listed.
@kurt my app doesn’t have a wildcard cert anymore because I destroyed and redeployed the app to see if something got in a weird state. This time I didn’t do a wildcard cert. Just one see a specific subdomain. I did add the CNAME for acme-challenge but the UI still says the domain is not verified. I am still getting the same GET requests to GET /.well-known/acme-challenge/NS_ZxVxxx. I think it must be Let Encrypt since that is one way that they verify domains.
Do you know what hostname those requests are coming in for? Is it possible you have that domain configured through a different hosting company and it’s trying to renew?
YES. I was using Gigalixir and had a custom domain for the same subdomain. They did use Let’s Encrypt to create certs and must have been handling that route before it hit my app. Thanks for the quick response and patience.
Oooooh that’s a relief. I do not like certificate weirdness. 