acme client failing

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

acme client failing

Teno Deuter
I have following configuration:

OpenBSD amd64 6.7

acme-client.conf:

authority letsencrypt {
        api url "https://acme-v02.api.letsencrypt.org/directory"
        account key "/etc/acme/letsencrypt-privkey.pem"
}

authority letsencrypt-staging {
        api url "https://acme-staging-v02.api.letsencrypt.org/directory"
        account key "/etc/acme/letsencrypt-staging-privkey.pem"
}

domain myserver.com {
        alternative names { www.myserver.com, mail.myserver.com }
        domain key "/etc/ssl/private/myserver.com.key"
        domain certificate "/etc/ssl/myserver.com.crt"
        domain full chain certificate "/etc/ssl/myserver.com.fullchain.pem"
        sign with letsencrypt
}

httpd.conf:

server "myserver.com" {
        listen on * port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI"
        }
}

server "myserver.com" {
        listen on * tls port 443
        tls {
                certificate "/etc/ssl/myserver.com.fullchain.pem"
                key "/etc/ssl/private/myserver.com.key"
        }
        location "/pub/*" {
                directory auto index
        }
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
}

when running acme-client as root, I get the following:

acme-client -vF myserver.com
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: dochngreq: ...
acme-client: challenge, token: ... status: 2
acme-client: dochngreq: ....
acme-client: challenge, token: .... , status: 2
acme-client: dochngreq:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725
acme-client: challenge, token: ... , status: 0
acme-client: /var/www/acme/...: created
acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/4766326725/TzAk5w:
challenge
acme-client: order.status -1
acme-client: bad exit: netproc(62115): 1

Thank you for your kind help

Reply | Threaded
Open this post in threaded view
|

Re: acme client failing

Stuart Henderson
On 2020-05-23, Teno Deuter <[hidden email]> wrote:

> acme-client: challenge, token: .... , status: 2
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725
> acme-client: challenge, token: ... , status: 0
> acme-client: /var/www/acme/...: created
> acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/4766326725/TzAk5w:
> challenge
> acme-client: order.status -1
> acme-client: bad exit: netproc(62115): 1
>
> Thank you for your kind help
>
>

https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725 shows an
error from letsencrypt:

"DNS problem: NXDOMAIN looking up A for www.jpcode.org - check that a
DNS record exists for this domain"

Reply | Threaded
Open this post in threaded view
|

Re: acme client failing [SOLVED]

Teno Deuter
On Sat, May 23, 2020 at 8:22 PM Stuart Henderson <[hidden email]>
wrote:
>
> On 2020-05-23, Teno Deuter <[hidden email]> wrote:
> > acme-client: challenge, token: .... , status: 2
> > acme-client: dochngreq:
> > https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725
> > acme-client: challenge, token: ... , status: 0
> > acme-client: /var/www/acme/...: created
> > acme-client:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/4766326725/TzAk5w:

> > challenge
> > acme-client: order.status -1
> > acme-client: bad exit: netproc(62115): 1
> >
> > Thank you for your kind help
> >
> >
>
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725 shows an
> error from letsencrypt:
>
> "DNS problem: NXDOMAIN looking up A for www.jpcode.org - check that a
> DNS record exists for this domain"
>

Thank you for your swift response. I didn't know how to debug the
acme-client output.

Correct. I forgot to update the DNS records. Now everything works well.
Reply | Threaded
Open this post in threaded view
|

Re: acme client failing [SOLVED]

Florian Obser-2
A common problem. :(
I finally got around to improve acme-client's error reporting, it should be better in -current and 6.8

On 23 May 2020 21:28:23 CEST, Teno Deuter <[hidden email]> wrote:

>On Sat, May 23, 2020 at 8:22 PM Stuart Henderson <[hidden email]>
>wrote:
>>
>> On 2020-05-23, Teno Deuter <[hidden email]> wrote:
>> > acme-client: challenge, token: .... , status: 2
>> > acme-client: dochngreq:
>> > https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725
>> > acme-client: challenge, token: ... , status: 0
>> > acme-client: /var/www/acme/...: created
>> > acme-client:
>https://acme-v02.api.letsencrypt.org/acme/chall-v3/4766326725/TzAk5w:
>> > challenge
>> > acme-client: order.status -1
>> > acme-client: bad exit: netproc(62115): 1
>> >
>> > Thank you for your kind help
>> >
>> >
>>
>> https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725 shows
>an
>> error from letsencrypt:
>>
>> "DNS problem: NXDOMAIN looking up A for www.jpcode.org - check that a
>> DNS record exists for this domain"
>>
>
>Thank you for your swift response. I didn't know how to debug the
>acme-client output.
>
>Correct. I forgot to update the DNS records. Now everything works well.

--
Sent from a mobile device. Please excuse poor formating.