I am not sure why LetsEncrypt can't create a SSL certificate for this domain. I have run through the same steps multiple times in AWS and also Google Cloud without ever having an issue.
My domain is: wp.hackensackmeridianhealth.org
I ran this command: sudo /opt/bitnami/letsencrypt/lego --tls --email="email@example.com" --domains="wp.hackensackmeridianhealth.org" --path="/opt/bitnami/letsencrypt" run;
It produced this output:
2022/12/29 23:30:40 No key found for account firstname.lastname@example.org. Generating a P256 key.
2022/12/29 23:30:40 Saved key to /email@example.comfirstname.lastname@example.org
2022/12/29 23:30:44 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you accept the TOS? Y/n
2022/12/29 23:30:54 [INFO] acme: Registering account for email@example.com
!!!! HEADS UP !!!!
Your account credentials have been saved in your Let's Encrypt
configuration directory at "/opt/bitnami/letsencrypt/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2022/12/29 23:30:55 [INFO] [wp.hackensackmeridianhealth.org] acme: Obtaining bundled SAN certificate
2022/12/29 23:30:55 [INFO] [wp.hackensackmeridianhealth.org] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/191003067577
2022/12/29 23:30:55 [INFO] [wp.hackensackmeridianhealth.org] acme: use tls-alpn-01 solver
2022/12/29 23:30:55 [INFO] [wp.hackensackmeridianhealth.org] acme: Trying to solve TLS-ALPN-01
2022/12/29 23:30:59 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/191003067577
2022/12/29 23:30:59 Could not obtain certificates:
error: one or more domains had a problem:
[wp.hackensackmeridianhealth.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 220.127.116.11: Error getting validation data
My web server is (include version): nginx/1.23.2
The operating system my web server runs on is (include version): linux 5.10.0-19-cloud-amd64
My hosting provider, if applicable, is: Google Cloud
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): not using Certbot
Hi @Dusza, and welcome to the LE community forum
I see from the cert issued history that you have not been able to automate the renewals.
I see from the "account registration" [in your output above] that you are now using something other than what had obtained the previous certs OR this is a new server with that same name.
I also see "
Bitnami" and, in this forum, that has always been a red flag [when not following their instructions].
So... Step #1: Have you read through those instructions?:
Using Bitnami? Please see Bitnami's documentation! - Help - Let's Encrypt Community Support (letsencrypt.org)
Hi @rg305 and thank you for replying. This domain used to be hosted in AWS and now is hosted in Google Cloud. In both environments, a Bitnami marketplace image was used to setup Nginx. The online documentation is what has been followed too. On a personal Google Cloud account I've been able to install LetsEncrypt SSL without any problems for other domains, using the same exact steps however for this domain, it's a corporate Google Cloud account where the firewall has been opened to ports 80, 443 and only allowing *.letsencrypt.org when generating the certificate.
I believe this is a config issue with the corporate Google Cloud environment but I don't know how to troubleshoot with the errors LetsEncrypt has provided. I would need more information to relay to the IT department.
These entries seem relevant:
Unfortunately, I don't know much about the
lego client [and how to troubleshoot it].
That said, some very basic connection tests return rather unusual responses:
curl -Ii http://wp.hackensackmeridianhealth.org/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 502 Bad Gateway
Date: Fri, 30 Dec 2022 01:31:38 GMT
curl -Ii https://wp.hackensackmeridianhealth.org/.well-known/acme-challenge/Test_File-1234
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to wp.hackensackmeridianhealth.org:443
Yeah, no, that's not going to work. The remote validations can come from any arbitrary IP address from anywhere in the world and are not necessarily related to the
We are investigating our load balancer within Google Cloud based on eliminating firewall rules.
We decided to let Google Cloud manage the SSL since we had the site behind a load balancer.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.