An error occurs when trying to create a certificate

Apxukoc · April 26, 2017, 6:53am

Hello
I ask for help.
An error occurs when trying to create a certificate. Part of the logs below.
2017-04-26 09:48:33,395:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#nginx,PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-04-26 09:48:33,396:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2017-04-26 09:48:33,915:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x3c89050>
Prep: True
2017-04-26 09:48:33,916:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x3c89050> and installer None
2017-04-26 09:48:45,780:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-04-26 09:48:45,792:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-26 09:48:46,143:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 755, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 666, in certonly
le_client = _init_le_client(config, auth, installer)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 382, in _init_le_client
acc, acme = _determine_account(config)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py”, line 367, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 129, in register
acme = acme_from_config_key(config, key)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py”, line 43, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 71, in init
self.net.get(directory).json())
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 642, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 615, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 488, in request
resp = self.send(prep, **send_kwargs)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 609, in send
r = adapter.send(request, **kwargs)
File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adapters.py”, line 497, in send
raise SSLError(e, request=request)
SSLError: (‘bad handshake: Error([],)’,)

Linux localhost 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12 15:04:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

[root@localhost letsencrypt]# openssl version
OpenSSL 1.1.0e 16 Feb 2017

[root@localhost letsencrypt]# python -V
Python 2.7.5

What can be done ?

Sm3rT · April 26, 2017, 11:27am

Hi @Apxukoc,

can you share more details?

What command you are running?
Is your DNS correct? (Domainname to IP)
Have your Server a public IP?
Checked your Firewall if it accepts request to HTTP?
Is your Webserver running?

greetz Sm3rT

Apxukoc · April 26, 2017, 11:47am

./letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d mydomain.net
Yes, the domain is registered and has already received a certificate for it.
Yes, the server has a public address.
1. Yes, telnet goes to ports 80 and 443. Before I receive the certificate, I stop the server.

I suspect that the problem occurred after the update on OpenSSL 1.1.0
By default, CentOS 7 is running 1.0.1
While I’m trying to find a solution.

Sm3rT · April 26, 2017, 12:44pm

Hmm, you tried to give a webroot aswell in your command?

For Example:

./letsencrypt-auto certonly --rsa-key-size 4096 --webroot /path/to/documentroot --standalone -d mydomain.net

Greetz Sm3rT

Apxukoc · April 26, 2017, 1:28pm

The problem is due to the update of OpenSSL to version 1.1.0
On the standby machine, where the OpenSSL update is not installed, the subdomain is updated regularly by any means.

schoen · April 26, 2017, 5:53pm

Hi @Sm3rT, --webroot doesn't make sense with --standalone because they are alternatives. If you do need to specify a webroot directory, it should be done with -w (= --webroot-path), not --webroot.

Sm3rT · April 27, 2017, 8:19am

@schoen

Thanks i use it right in my script, but typed it false here

system · May 27, 2017, 8:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.