Hi guys,

I have run the following commando to get a SSL cert from LetsEncrypt and all works OK:

./letsencrypt-auto certonly --webroot -w /home/alarcam/web/alarcam.cl/public_html/ -d www.alarcam.cl -d alarcam.cl

Now I have ran the same command:

./letsencrypt-auto certonly --webroot -w /home/alarcam/web/alarcam.cl/public_html/ -d www.alarcam.cl -d alarcam.cl

but this time I am getting errors as below:

An unexpected error occurred:
ClientError: <Response [502]>
Please see the logfiles in /var/log/letsencrypt for more details.

The log file in /var/log/letsencrypt/letsencrypt.log has:

###############################################################################

2015-12-15 16:06:53,533:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-12-15 16:06:53,533:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-12-15 16:06:53,533:DEBUG:letsencrypt.cli:letsencrypt version: 0.1.0
2015-12-15 16:06:53,533:DEBUG:letsencrypt.cli:Arguments: [’–webroot’, ‘-w’, ‘/home/alarcam/web/alarcam.cl/public_html/’, ‘-d’, ‘www.alarcam.cl’, ‘-d’, ‘alarcam.cl’]
2015-12-15 16:06:53,534:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-12-15 16:06:53,543:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2015-12-15 16:06:53,550:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /home/alarcam/web/alarcam.cl/public_html/.well-known/acme-challenge
2015-12-15 16:06:53,551:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /home/alarcam/web/alarcam.cl/public_html/.well-known/acme-challenge
2015-12-15 16:06:53,551:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
Description: Webroot Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f7d2464fc50>
Prep: True
2015-12-15 16:06:53,551:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f7d2464fc50> and installer None
2015-12-15 16:07:04,226:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-12-15 16:07:04,235:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-12-15 16:07:05,200:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 502 1488
2015-12-15 16:07:05,203:DEBUG:root:Received <Response [502]>. Headers: {‘Content-Length’: ‘1488’, ‘Expires’: ‘Tue, 15 Dec 2015 16:07:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘ETag’: ‘“55f255cc-5d0”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 15 Dec 2015 16:07:05 GMT’, ‘Content-Type’: ‘text/html’}. Content: '\n\n\n\n \n \n <meta name=“viewport” content=\n “width=device-width, initial-scale=1”>\n\n Maintenance\n <link href=\n “//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css”\n rel=“stylesheet” type=“text/css”>\n <link href=\n “//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css”\n rel=“stylesheet” type=“text/css”>\n\n\n\n

\n\n\n\n\n’
2015-12-15 16:07:05,204:DEBUG:acme.client:Received response <Response [502]> (headers: {‘Content-Length’: ‘1488’, ‘Expires’: ‘Tue, 15 Dec 2015 16:07:05 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘ETag’: ‘“55f255cc-5d0”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Tue, 15 Dec 2015 16:07:05 GMT’, ‘Content-Type’: ‘text/html’}): '\n\n\n\n \n \n <meta name=“viewport” content=\n “width=device-width, initial-scale=1”>\n\n Maintenance\n <link href=\n “//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css”\n rel=“stylesheet” type=“text/css”>\n <link href=\n “//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css”\n rel=“stylesheet” type=“text/css”>\n\n\n\n \n\n\n\n\n’
2015-12-15 16:07:05,206:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1283, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 501, in obtain_cert
le_client = _init_le_client(args, config, authenticator, installer)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 174, in _init_le_client
acc, acme = _determine_account(args, config)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 161, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 116, in register
acme = acme_from_config_key(config, key)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 60, in init
self.net.get(directory).json())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 609, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 556, in _check_response
raise errors.ClientError(response)
ClientError: <Response [502]>

###############################################################################

Someone knows what I can do to solve this error?

If you tried that command in the last half hour, then thats probably because of the current “Service Disruption”, see https://letsencrypt.status.io/pages/55957a99e800baa4470002da. Would be nice when some LE Staff would comment what exactly is meant by an interruption at the hardware security modules.

Problem solved !! I ran the command again and get the SSL cert with no problem !!!

Analysis is ongoing, but the gist is: the HSMs caught a warning from some network blip (probably?) and the failsafes triggered to pause issuance while it got checked out.

Boulder's designed to halt new issuance under such circumstances safely. OCSP responses, for example, remain up and fresh even in the face of an HSM interruption due to how Boulder batches them.