search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.3k stars 4.97k forks source link

.well-known issue #911

Closed just-us closed 7 years ago

just-us commented 7 years ago

Steps to reproduce

I tried installing Let's Encrypt on the webfaction account as I have done with three other websites and it hasn't worked. For some reason there seems to be an issue with the .well-known folder. How is that created? Why has this suddenly become a thing when it didn't show up as an error previously?

Even more confusingly, a couple of my websites that I secured with Lets Encrypt don't appear to have .well-known folders in their root folder.

Any thoughts would be very welcome

Debug log

[Thu 29 Jun 12:29:43 UTC 2017] Lets find script dir. [Thu 29 Jun 12:29:43 UTC 2017] SCRIPT='/home/mawebfaction/.acme.sh/acme.sh' [Thu 29 Jun 12:29:43 UTC 2017] _script='/home/mawebfaction/.acme.sh/acme.sh' [Thu 29 Jun 12:29:43 UTC 2017] _script_home='/home/mawebfaction/.acme.sh' [Thu 29 Jun 12:29:43 UTC 2017] Using config home:/home/mawebfaction/.acme.sh https://github.com/Neilpang/acme.sh v2.7.3 [Thu 29 Jun 12:29:43 UTC 2017] Using config home:/home/mawebfaction/.acme.sh [Thu 29 Jun 12:29:43 UTC 2017] DOMAIN_PATH='/home/mawebfaction/.acme.sh/headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory [Thu 29 Jun 12:29:43 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Thu 29 Jun 12:29:43 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Thu 29 Jun 12:29:43 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Thu 29 Jun 12:29:43 UTC 2017] Le_NextRenewTime [Thu 29 Jun 12:29:43 UTC 2017] _on_before_issue [Thu 29 Jun 12:29:43 UTC 2017] Le_LocalAddress [Thu 29 Jun 12:29:43 UTC 2017] Check for domain='headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] _currentRoot='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:43 UTC 2017] Check for domain='www.headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] _currentRoot='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:43 UTC 2017] _saved_account_key_hash is not changed, skip register account. [Thu 29 Jun 12:29:43 UTC 2017] Read key length: [Thu 29 Jun 12:29:43 UTC 2017] _createcsr [Thu 29 Jun 12:29:43 UTC 2017] Multi domain='DNS:www.headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] Getting domain auth token for each domain [Thu 29 Jun 12:29:43 UTC 2017] Getting webroot for domain='headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] _w='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:43 UTC 2017] _currentRoot='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:43 UTC 2017] Getting new-authz for domain='headless-chef.com' [Thu 29 Jun 12:29:43 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Thu 29 Jun 12:29:43 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Thu 29 Jun 12:29:43 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Thu 29 Jun 12:29:43 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Thu 29 Jun 12:29:43 UTC 2017] Try new-authz for the 0 time. [Thu 29 Jun 12:29:43 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:43 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "headless-chef.com"}}' [Thu 29 Jun 12:29:43 UTC 2017] RSA key [Thu 29 Jun 12:29:43 UTC 2017] GET [Thu 29 Jun 12:29:43 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory' [Thu 29 Jun 12:29:43 UTC 2017] timeout [Thu 29 Jun 12:29:43 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:43 UTC 2017] ret='0' [Thu 29 Jun 12:29:43 UTC 2017] POST [Thu 29 Jun 12:29:43 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:43 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:45 UTC 2017] _ret='0' [Thu 29 Jun 12:29:45 UTC 2017] code='201' [Thu 29 Jun 12:29:45 UTC 2017] The new-authz request is ok. [Thu 29 Jun 12:29:45 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008","token":"f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0"' [Thu 29 Jun 12:29:45 UTC 2017] token='f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0' [Thu 29 Jun 12:29:45 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:45 UTC 2017] keyauthorization='f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18' [Thu 29 Jun 12:29:45 UTC 2017] dvlist='headless-chef.com#f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18#https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008#http-01#home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:45 UTC 2017] Getting webroot for domain='www.headless-chef.com' [Thu 29 Jun 12:29:45 UTC 2017] _w='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:45 UTC 2017] _currentRoot='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:45 UTC 2017] Getting new-authz for domain='www.headless-chef.com' [Thu 29 Jun 12:29:45 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Thu 29 Jun 12:29:45 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Thu 29 Jun 12:29:45 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:45 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Thu 29 Jun 12:29:45 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Thu 29 Jun 12:29:45 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Thu 29 Jun 12:29:45 UTC 2017] Try new-authz for the 0 time. [Thu 29 Jun 12:29:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:45 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.headless-chef.com"}}' [Thu 29 Jun 12:29:45 UTC 2017] POST [Thu 29 Jun 12:29:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Thu 29 Jun 12:29:45 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:50 UTC 2017] _ret='0' [Thu 29 Jun 12:29:50 UTC 2017] code='201' [Thu 29 Jun 12:29:50 UTC 2017] The new-authz request is ok. [Thu 29 Jun 12:29:50 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265","token":"SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M"' [Thu 29 Jun 12:29:50 UTC 2017] token='SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M' [Thu 29 Jun 12:29:50 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265' [Thu 29 Jun 12:29:50 UTC 2017] keyauthorization='SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18' [Thu 29 Jun 12:29:50 UTC 2017] dvlist='www.headless-chef.com#SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18#https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265#http-01#home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:50 UTC 2017] vlist='headless-chef.com#f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18#https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008#http-01#home/mawebfaction/webapps/headless-chef,www.headless-chef.com#SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18#https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265#http-01#home/mawebfaction/webapps/headless-chef,' [Thu 29 Jun 12:29:50 UTC 2017] ok, let's start to verify [Thu 29 Jun 12:29:50 UTC 2017] Verifying:headless-chef.com [Thu 29 Jun 12:29:50 UTC 2017] d='headless-chef.com' [Thu 29 Jun 12:29:50 UTC 2017] keyauthorization='f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18' [Thu 29 Jun 12:29:50 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:50 UTC 2017] _currentRoot='home/mawebfaction/webapps/headless-chef' [Thu 29 Jun 12:29:50 UTC 2017] wellknown_path='home/mawebfaction/webapps/headless-chef/.well-known/acme-challenge' [Thu 29 Jun 12:29:50 UTC 2017] writing token:f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0 to home/mawebfaction/webapps/headless-chef/.well-known/acme-challenge/f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0 [Thu 29 Jun 12:29:50 UTC 2017] Changing owner/group of .well-known to mawebfaction:mawebfaction [Thu 29 Jun 12:29:50 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:50 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18"}' [Thu 29 Jun 12:29:50 UTC 2017] POST [Thu 29 Jun 12:29:50 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:50 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:51 UTC 2017] _ret='0' [Thu 29 Jun 12:29:51 UTC 2017] code='202' [Thu 29 Jun 12:29:51 UTC 2017] sleep 2 secs to verify [Thu 29 Jun 12:29:53 UTC 2017] checking [Thu 29 Jun 12:29:53 UTC 2017] GET [Thu 29 Jun 12:29:53 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:53 UTC 2017] timeout [Thu 29 Jun 12:29:53 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:54 UTC 2017] ret='0' [Thu 29 Jun 12:29:54 UTC 2017] headless-chef.com:Verify error:Invalid response from http://headless-chef.com/.well-known/acme-challenge/f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0: [Thu 29 Jun 12:29:54 UTC 2017] Debug: get token url. [Thu 29 Jun 12:29:54 UTC 2017] GET [Thu 29 Jun 12:29:54 UTC 2017] url='http://headless-chef.com/.well-known/acme-challenge/f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0' [Thu 29 Jun 12:29:54 UTC 2017] timeout='1' [Thu 29 Jun 12:29:54 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header --connect-timeout 1' <!DOCTYPE html>

Page not found - The Headless Chef - Jonny Relf

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

[Thu 29 Jun 12:29:55 UTC 2017] ret='0' [Thu 29 Jun 12:29:55 UTC 2017] Debugging, skip removing: home/mawebfaction/webapps/headless-chef/.well-known [Thu 29 Jun 12:29:55 UTC 2017] pid [Thu 29 Jun 12:29:55 UTC 2017] No need to restore nginx, skip. [Thu 29 Jun 12:29:55 UTC 2017] _clearupdns [Thu 29 Jun 12:29:55 UTC 2017] skip dns. [Thu 29 Jun 12:29:55 UTC 2017] _on_issue_err [Thu 29 Jun 12:29:55 UTC 2017] Please add '--debug' or '--log' to check more details. [Thu 29 Jun 12:29:55 UTC 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Thu 29 Jun 12:29:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:55 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "f0vqu4wFPg-08l-QP_c1wzojTaxkOPz8FsOLTATR7I0.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18"}' [Thu 29 Jun 12:29:55 UTC 2017] POST [Thu 29 Jun 12:29:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/Ef2TGGDjD03YJYywSb4Yx7l_vn4Pmr7uce6zJ3b3UIY/1447205008' [Thu 29 Jun 12:29:55 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:56 UTC 2017] _ret='0' [Thu 29 Jun 12:29:56 UTC 2017] code='400' [Thu 29 Jun 12:29:56 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265' [Thu 29 Jun 12:29:56 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "SY39CAyqQTpvpmnzjmUFoRpZFl-T2CeJCPGQtVenr0M.TAORsl_g6ENZ0_a4UaAJ60xcJNCTfFpqOEhechHRp18"}' [Thu 29 Jun 12:29:56 UTC 2017] POST [Thu 29 Jun 12:29:56 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/zRmT1LA3dPgOi3FW1s6n83tYRQZIfBuhgG-1GzKeBUU/1447205265' [Thu 29 Jun 12:29:56 UTC 2017] _CURL='curl -L --silent --dump-header /home/mawebfaction/.acme.sh/http.header ' [Thu 29 Jun 12:29:57 UTC 2017] _ret='0' [Thu 29 Jun 12:29:57 UTC 2017] code='202' [Thu 29 Jun 12:29:57 UTC 2017] Diagnosis versions: openssl:openssl OpenSSL 1.0.1e-fips 11 Feb 2013 apache: apache doesn't exists. nginx: nginx version: nginx/1.10.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-openssl-opt=enable-ec_nistp_64_gcc_128 --add-module=/var/tmp/headers-more-nginx-module-0.30
Neilpang commented 7 years ago

the .well-known folder is auto-created, and auto-deleted after the issuance .

But if you use --debug, the .well-known folder is not deleted, just for debug purpose.

you can delete the .well-known by yourself.

just-us commented 7 years ago

ah ok, how long do I have to wait before I can try issuing the certificate as I got an error saying too many failed attempts.

Neilpang commented 7 years ago

how is the error message ?

https://letsencrypt.org/docs/rate-limits/

just-us commented 7 years ago

new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status": 429} [Thu 29 Jun 12:41:31 UTC 2017] Please add '--debug' or '--log' to check more details. [Thu 29 Jun 12:41:31 UTC 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

just-us commented 7 years ago

I'm reckoning 5 per hour so I need to wait an hour and try again right?