Open Bohjan opened 7 years ago
Same here :| ./acme.sh --log --issue -d visualize.duckdns.org -w /var/www/ ..... ...... ...... [Sun 20 Aug 21:10:17 CEST 2017] writing token:U9DH4sQV6x5x9UG_1Chxrysc-NpOWvfuX7DSGXH4nhc to /var/www//.well-known/acme-challenge/U9DH4sQV6x5x9UG_1Chxrysc-NpOWvfuX7DSGXH4nhc [Sun 20 Aug 21:10:17 CEST 2017] Changing owner/group of .well-known to root:root [Sun 20 Aug 21:10:17 CEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/v6qee4_5w3ZpQhbottWbsdGLRxuS5INEdgyOWVWBRNM/1797336937' [Sun 20 Aug 21:10:17 CEST 2017] payload='{"resource": "challenge", "keyAuthorization": "U9DH4sQV6x5x9UG_1Chxrysc-NpOWvfuX7DSGXH4nhc.Vn8sxnekBFCMRvbcn1ll7vzM98V1VITTBn5F1bxO5ko"}' [Sun 20 Aug 21:10:17 CEST 2017] POST [Sun 20 Aug 21:10:17 CEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/v6qee4_5w3ZpQhbottWbsdGLRxuS5INEdgyOWVWBRNM/1797336937' [Sun 20 Aug 21:10:17 CEST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header ' [Sun 20 Aug 21:10:18 CEST 2017] _ret='0' [Sun 20 Aug 21:10:18 CEST 2017] code='202' [Sun 20 Aug 21:10:19 CEST 2017] sleep 2 secs to verify [Sun 20 Aug 21:10:21 CEST 2017] checking [Sun 20 Aug 21:10:21 CEST 2017] GET [Sun 20 Aug 21:10:21 CEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/v6qee4_5w3ZpQhbottWbsdGLRxuS5INEdgyOWVWBRNM/1797336937' [Sun 20 Aug 21:10:21 CEST 2017] timeout [Sun 20 Aug 21:10:21 CEST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header ' [Sun 20 Aug 21:10:23 CEST 2017] ret='0' [Sun 20 Aug 21:10:23 CEST 2017] visualize.duckdns.org:Verify error:Invalid response from http://visualize.duckdns.org/.well-known/acme-challenge/U9DH4sQV6x5x9UG_1Chxrysc-NpOWvfuX7DSGXH4nhc: [Sun 20 Aug 21:10:23 CEST 2017] pid [Sun 20 Aug 21:10:23 CEST 2017] No need to restore nginx, skip. [Sun 20 Aug 21:10:23 CEST 2017] _clearupdns [Sun 20 Aug 21:10:23 CEST 2017] skip dns. [Sun 20 Aug 21:10:23 CEST 2017] _on_issue_err [Sun 20 Aug 21:10:23 CEST 2017] Please check log file for more details: /root/.acme.sh/acme.sh.log [Sun 20 Aug 21:10:23 CEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/v6qee4_5w3ZpQhbottWbsdGLRxuS5INEdgyOWVWBRNM/1797336937' [Sun 20 Aug 21:10:23 CEST 2017] payload='{"resource": "challenge", "keyAuthorization": "U9DH4sQV6x5x9UG_1Chxrysc-NpOWvfuX7DSGXH4nhc.Vn8sxnekBFCMRvbcn1ll7vzM98V1VITTBn5F1bxO5ko"}' [Sun 20 Aug 21:10:23 CEST 2017] POST [Sun 20 Aug 21:10:23 CEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/v6qee4_5w3ZpQhbottWbsdGLRxuS5INEdgyOWVWBRNM/1797336937' [Sun 20 Aug 21:10:23 CEST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header ' [Sun 20 Aug 21:10:24 CEST 2017] _ret='0' [Sun 20 Aug 21:10:24 CEST 2017] code='400' root@alnitak:~/.acme.sh# cat /root/.acme.sh/http.header HTTP/1.1 100 Continue Expires: Sun, 20 Aug 2017 19:10:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache
HTTP/1.1 400 Bad Request Server: nginx Content-Type: application/problem+json Content-Length: 132 Boulder-Request-Id: 28ahyGyNsfYa8ooJ0AZ-CwcIYAn3OZ3CUNy4GJAy_SE Boulder-Requester: 20200828 Replay-Nonce: pXXzc_o9K6rqo4U0rzuXnVkaoNJDm2IzBvDedD9xDvc Expires: Sun, 20 Aug 2017 19:10:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 20 Aug 2017 19:10:24 GMT Connection: close
Can't get any valid request. Thanks, Javier R.
Get the same error in standalone mode.
Same here, acme upgraded yesterday. Neither issue or renewal working, the .well-known URL responds OK in the browser.
https://gist.github.com/finwe/4cb8c41b4682750e154704df6b5d14c3
@finwe
please try again, and just paste the output with --debug 2
Actually, the gist contains exactly the output, the redirection from the first line didn't do any good.
Updated with a current attempt, just for a good measure.
@frjaraur Can you please try again without redirection.
@frjaraur I tried on my server, it just works. from your log, I don't find any error yet.
@finwe
What is your webserver? nginx or apache ?
Can you try with --nginx
or --apache
mode ?
Nginx. But I set up the certificate to the "virtualhost" manually.
The outcome is the same with --nginx.
@finwe
--nginx
mode is only to issue a cert, it will not change your nginx conf at all. you will need to configure virtualhost by yourself.
Solved. The server was not listening on IPV6 for HTTP to HTTPS redirection (which was not an issue on initial certificate setup).
Hello, I'm trying to generate certificate with webroot and I have the issue in staging/production with. We are using CentOS Linux release 7.3.1611 (Core), curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
I don't understand the following line. Why port 8443? That is internal port of Tomcat and it is not accessible from internet. Access is through standard 443 port. We are using amother domains with the same configuration, Tomcat + port + access, without problem during generating or renewing certificate.
[Wed Jun 28 20:08:54 CEST 2017] kruk.okbase.cz:Verify error:Fetching https://kruk.okbase.cz:8443/.well-known/acme-challenge/eGb_6B7q_E8D_Wa9zENneoWeK3tke8GjT7NZvSnHzoI: Timeout
Thanks for your help Bohumil