Comments (13)
I have set my local user (shawn) as the owner of /etc/acme and everything beneath it.
I also own the /PATH/TO/web path (except for /opt, where it starts).
I get this for acme-client status:
[shawn@web opt]$ /usr/local/bin/acme-client status
[ ? ] Registered on https://acme-v01.api.letsencrypt.org/directory
[ ? ] admin.complimateapp.com (the ? on this line is RED, the others are all green)
[ ? ] admin.tolidano.com
[ ? ] admin.complimateapp.com, complimateapp.com, www.complimateapp.com
[ ? ] go.tolidano.com, tolidano.com, www.tolidano.com
I also attempted to use auto to make it happen - same error (I added the path and domain to acme-client.yml).
from acme-client.
Turns out it was my vhost config - I had just assigned an elastic IP and was waiting for it to take effect in Route 53. Once I updated the config and restarted apache, it worked perfectly for this domain.
from acme-client.
However, I tried to run it against one of the domains you see listed above and it failed:
[shawn@web web]$ /usr/local/bin/acme-client issue -d www.tolidano.com -p /opt/web/tolidano/frontend/web
Providing payload at http://www.tolidano.com/.well-known/acme-challenge/rDcztll0rbdN1k_EynsW86WeUkWSul52haMAyDRegdI
selfVerify failed, please check http://www.tolidano.com/.well-known/acme-challenge/rDcztll0rbdN1k_EynsW86WeUkWSul52haMAyDRegdI.
Kelunik\Acme\AcmeException: Issuance failed, not all challenges could be solved. in phar:///usr/local/bin/acme-client/src/Commands/Issue.php:104
from acme-client.
Even running as sudo doesn't work:
[shawn@web web]$ sudo /usr/local/bin/acme-client issue -d www.tolidano.com -p /opt/web/tolidano/frontend/web
Providing payload at http://www.tolidano.com/.well-known/acme-challenge/1upfTgZiqsavyHluxOQ91EtHDtZywc2Zg1K0j2JX_a8
selfVerify failed, please check http://www.tolidano.com/.well-known/acme-challenge/1upfTgZiqsavyHluxOQ91EtHDtZywc2Zg1K0j2JX_a8.
Kelunik\Acme\AcmeException: Issuance failed, not all challenges could be solved. in phar:///usr/local/bin/acme-client/src/Commands/Issue.php:104
from acme-client.
Another issue is that the domain above (tolidano.com) has only a single folder:
[shawn@web web]$ stat /etc/acme/certs/acme-v01.api.letsencrypt.org.directory/tolidano.com/
cert.pem chain.pem fullchain.pem key.pem
But my new domain, which I called issue on twice, has 2 folders (one with www and one without).
When I set the cert in the Apache config to a particular cert, it automatically redirects to the domain from the folder (so, if I point at the www.DOMAIN.com folder, it redirects to https://www.DOMAIN.com, but if I point at DOMAIN.com folder, it redirects to https://DOMAIN.com).
from acme-client.
@tolidano what's difference between www.domain.tld and domain.tld? Maybe you need just set up ServerAlias in Apache config and use one folder for same site!?
from acme-client.
So, the path is right because it makes a .well-known folder in the webroot, and in it is an acme-challenge folder. But I cannot catch it while the file is there before the solving fails.
If you create some random file manually within that folder, can you access it via the web server?
But my new domain, which I called issue on twice, has 2 folders (one with www and one without).
The client always takes the first name as common name, so you either tried both separately or tried it twice with mixed orders.
from acme-client.
from acme-client.
@tolidano What's your DNS provider?
from acme-client.
from acme-client.
Do you have an options timeout:n
defined in your /etc/resolv.conf
?
from acme-client.
No I do not.
from acme-client.
I'm closing this. I need a reproducible case so I can debug it.
from acme-client.
Related Issues (20)
- Additional cert information like OU, Country etc. HOT 2
- Support for acme v2? HOT 7
- 0.3.0 Beta 2: Could not obtain directory: Crypto negotiation failed: Connection reset by peer HOT 15
- Auto command use single time only or need to fire cron every day? HOT 2
- Change email account HOT 8
- Error Delete folder acmet-client HOT 1
- syntax error with bin/acme HOT 9
- PHP Parse error: syntax error, unexpected '$command' (T_VARIABLE) in /path/to/bin/acme on line 160 HOT 4
- Update with installation composer. HOT 1
- Kelunik\Acme\AcmeException: Verification failed, please check the response body for HOT 7
- PHP Fatal error on any command except help and version. HOT 2
- not working anymore: Kelunik\Acme\AcmeException: Couldn't resolve the following domains to an IPv4 nor IPv6 record: HOT 1
- No response for 'domain.org' (MX) from any nameserver after 2 attempts HOT 10
- Amp\Dns\TimeoutException: No response for 'gmail.com' (MX) from any nameserver after 2 attempts, HOT 8
- Latest Let's Encrypt support HOT 1
- Cannot issue certificate by exception HOT 2
- Error in issuing certificates: "Failed to change owner" "Operation not permitted" HOT 5
- Support for wildcard certificates
- sends GET request to an account URL
- AcmeService Exception handling: Can't buffer() a payload more than once HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-client.