Let's Encrypt

[krodik]

Hello,

I'm unable to obtain a certificate from let's encrypt. Everything seems normal, but I can't get to the website without Google chrome's warning of site not secured.

This is the output of my /etc/pki/realms/{domain.com}/acme/error.log

Parsing account key... Parsing CSR... Found domains: {domain.com}, {www.domain.com} Getting directory... Directory found! Registering account... Traceback (most recent call last): File "/usr/local/lib/pki/acme-tiny", line 197, in main(sys.argv[1:]) File "/usr/local/lib/pki/acme-tiny", line 193, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/usr/local/lib/pki/acme-tiny", line 111, in get_crt account, code, acct_headers = _send_signed_request(directory['newAccount'], reg_payload, "Error registering") KeyError: 'newAccount'

Thank you..

[carlalexander]

I think this might be the issue that @drybjed mentioned to me on Twitter a day ago. I need to update the debops.pki configuration to support the new ACME v2 tool.

[drybjed]

This issue should now be fixed in the DebOps monorepo via https://github.com/debops/debops/pull/250.

[krodik]

I can confirm this issue has been resolved...

[carlalexander]

Can you explain how you fixed the issue @krodik? I'm seeing the same issue as well.

[krodik]

@carlalexander After running debops-update I went and deleted the realm directory for the website under /etc/pki/realms/domain on the actual server before I ran debops wordpress (I might have re-run the sets of commands from your installation tutorial). That did the trick.

Note: Adding this pki_acme_tiny_version: '4ed13950c0' didn't work for me as suggested here

[krodik]

@carlalexander is there any way to use multisite subdomain and obtain an ssl for each one of the subdomains?

[carlalexander]

I do it this way for my blog:

wordpress__pki__default_realm_subdomains: [ 'www', 'es' ]

But I've found some weird bugs with the nginx configuration that I fixed by hand. I need to find a solution to them and migrate them to the debops repo.

[carlalexander]

Were you able to get this working @krodik?

[krodik]

I did not...

[carlalexander]

How far did you get? What's the current issue?

[krodik]

Sorry for the late response... I didn't get it to work with multiple sub-domains. For some reason it would work on one domain and not on the others. I found myself hacking away the nginx configuration to the point I gave up. I settled with sub-folders instead for the project I was working on. I'm going to close this issue for now.