Error signing certificate: 400 bound method

[jlbooker]

I'm trying to create a certificate for my site, but after verification, I get this error:

Verifying www.example.com...
www.example.com verified!
Signing certificate...
Error signing certificate: 400 <bound method _fileobject.read of <socket._fileobject object at 0x8c657d0>>

Any ideas on what might be causing this, or how I could work around it?

[neurobin]

I ran a test run (not with the staging api). It went smoothly and no error was reported. So, it is sure that the API hasn't gone through any un-supported changes.

That leaves with only options to check your environment.

First check python and openssl version (Though I don't think it's the problem):

python --version
openssl version

There's another possibility that the network connection was disrupted during the signing stage. Try running it a few more times

[jlbooker]

Try not to laugh, I know these versions are old... Python 2.6.8, and OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. It's a RedHat Enterprise 5 box (upgrading isn't an option right now).

Was using your project at the suggestion of this issue.

Could that 400 be an HTTP status code?

Also, is there any way to point it at the staging environment, so as to avoid hitting the rate limits?

[neurobin]

My test env:

$ python --version
Python 2.6.6
$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Could that 400 be an HTTP status code?

Yes, 400 is the returned HTTP error code during the signing stage. It means the request was malformed i.e the request was not complying to the API.

My test proves that, it's not because of API change, otherwise it wouldn't be able to get the certs... That leaves with the option: your environment was responsible for that malformed request.

OpenSSL is a mandatory tool in this respect. If it is too outdated and produces some outdated unsupported (by letsencrypt API) output that may be the cause of this problem.

is there any way to point it at the staging environment, so as to avoid hitting the rate limits?

Yes, use --test option:

python letsacme.py --test ...

(Or: within JSON file it is defined as "Test":"False", make it True)

[nicorellius]

I wish there was more to this in this issue. I'm having this problem, and the documentation is slim as to the exact problem. I'm on shared hosting, so updating Python and OpenSSL is less easy. If I knew one way or another what the problem is exactly, I could take better steps to resolve it. @jlbooker did you ever get y ours working?

[neurobin]

If you have got no other way, you can try the lcget script to get the certificate on your local machine.

[jlbooker]

@nicorellius I ended up using the letsencryptshell project. It run under python 2.6, which is available on the RedHat Enterprise Linux 5 system I was using. (But RHEL 5 is totally outdated, and you should really be looking at upgrading. Letsencryptshell should work as a temporary solution, though.)

[nicorellius]

Thanks for the tips. I will look into that tool... My problems might be related to the fact that I'm on a shared host (with old tooling). In theory, everything should work fine, but I've so much success in other contexts (my own servers, DO, etc), that the only real variable is the shared hosting environment.