Can not obtain certificates: context cancelled

Thanks to whomever reads this - I know its tedious.

I'm using lego to obtain my LetsEncrypt certs. I'm really doing something really basic and just trying it through the command line. Here is my code:

CLOUDFLARE_EMAIL=xxxx@gmail.com CLOUDFLARE_API_KEY=xxxx /usr/bin/lego --email "xxxx@gmail.com" --accept-tos --dns cloudflare --dns.resolvers "9.9.9.9:53" --csr httpd-csr.der run --preferred-chain "DST Root CA X3" --run-hook install.sh

When running this command I'm getting the following:
024/05/05 12:29:29 [INFO] [ipa-quincy.domain.com] acme: Obtaining bundled SAN certificate given a CSR
2024/05/05 12:29:29 Could not obtain certificates:
	context canceled

For context here is my CSR:

Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: CN = ipa-quincy.domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a2:72:f5:4f:11:fe:41:3b:f2:0a:ee:a9:97:92:
                    3d:7e:3f:5d:7f:71:e7:a1:e2:e3:e3:79:ba:66:63:
                    b3:4d:ed:9b:86:ad:92:b2:27:76:6c:db:b5:20:6a:
                    eb:51:ab:88:1e:94:11:5d:3d:a5:ac:2d:fb:52:cf:
                    77:7a:fb:d7:29:0d:02:1e:64:22:85:65:2d:e8:a1:
                    c7:40:f9:4a:4e:86:0c:95:1f:2e:44:88:76:fe:3a:
                    f1:24:6a:24:3d:a4:2d:f4:82:23:33:bb:0c:43:ed:
                    57:da:47:58:fa:40:a6:9b:39:da:a1:18:fe:4d:01:
                    51:53:93:20:80:1e:d5:1a:82:dd:e5:7e:51:23:c6:
                    a5:14:e5:3c:63:10:56:d0:af:a2:48:1b:90:b8:02:
                    a8:05:c7:e5:9c:ca:81:fb:81:99:25:d9:7e:16:7e:
                    c7:e1:cd:94:2d:0a:7b:c8:4e:a5:ed:84:e3:20:94:
                    8f:45:c7:71:85:f8:9f:29:fd:6e:e1:2b:da:64:24:
                    ec:95:4b:e5:62:d7:ce:9b:78:a2:53:66:40:a0:94:
                    05:70:c1:c2:4b:37:9e:3a:57:d8:e1:15:cb:b0:4f:
                    08:d2:d9:21:14:ee:04:46:32:74:95:ed:e4:22:02:
                    ef:aa:90:d6:58:9d:29:72:4f:72:e0:86:b9:bb:a0:
                    67:13
                Exponent: 65537 (0x10001)
        Attributes:
            Requested Extensions:
                X509v3 Subject Alternative Name:
                    DNS:ipa-quincy.domain.com
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        16:3d:8c:87:c1:de:ca:81:e8:04:29:de:06:33:3e:20:06:7d:
        b6:1f:46:d3:64:c8:04:49:29:2c:7b:49:c8:06:5b:2d:8e:97:
        67:ad:6d:e0:13:ba:79:63:cb:b7:4a:23:9e:22:54:b2:7c:a9:
        03:39:81:97:0b:66:86:bb:c1:7f:98:7d:a4:e8:9e:17:54:7d:
        27:88:a7:1d:8b:fa:74:21:90:70:ad:e9:62:37:ab:2b:a5:b6:
        36:ff:43:28:90:74:69:ab:37:ec:b5:30:7f:f1:ef:64:29:a9:
        25:8b:3b:4d:22:38:ae:de:88:f3:c3:07:9f:41:1a:f1:ff:99:
        a7:a0:71:1d:cb:dc:d2:5e:e9:1b:b0:6a:b0:dd:08:23:65:0d:
        00:0f:f7:52:5f:f9:72:dd:1d:73:ec:ae:f0:8b:eb:6f:51:5e:
        7e:00:d3:c0:70:41:f1:c3:8f:5a:d7:3b:4b:96:ea:08:03:6c:
        2b:fc:2f:a8:a5:ba:43:98:81:ef:3b:7b:dc:92:ff:cb:b2:5e:
        47:5c:c2:62:a3:28:75:2b:82:83:0f:f9:f3:b9:5d:e7:3a:16:
        41:b2:f4:d2:88:95:62:34:46:bd:49:42:f4:24:6b:59:e9:ce:
        ec:80:c5:95:5e:03:82:16:ea:c2:7b:2b:1e:37:9a:37:e1:09:
        b4:58:a1:58
-----BEGIN CERTIFICATE REQUEST-----
MIICnDCCAYQCAQAwIjEgMB4GA1UEAwwXaXBhLXF1aW5jeS5nb2hpbHRvbi5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCicvVPEf5BO/IK7qmXkj1+
P11/ceeh4uPjebpmY7NN7ZuGrZKyJ3Zs27UgautRq4gelBFdPaWsLftSz3d6+9cp
DQIeZCKFZS3oocdA+UpOhgyVHy5EiHb+OvEkaiQ9pC30giMzuwxD7VfaR1j6QKab
OdqhGP5NAVFTkyCAHtUagt3lflEjxqUU5TxjEFbQr6JIG5C4AqgFx+WcyoH7gZkl
2X4WfsfhzZQtCnvITqXthOMglI9Fx3GF+J8p/W7hK9pkJOyVS+Vi186beKJTZkCg
lAVwwcJLN546V9jhFcuwTwjS2SEU7gRGMnSV7eQiAu+qkNZYnSlyT3Lghrm7oGcT
AgMBAAGgNTAzBgkqhkiG9w0BCQ4xJjAkMCIGA1UdEQQbMBmCF2lwYS1xdWluY3ku
Z29oaWx0b24uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAWPYyHwd7KgegEKd4GMz4g
Bn22H0bTZMgESSkse0nIBlstjpdnrW3gE7p5Y8u3SiOeIlSyfKkDOYGXC2aGu8F/
mH2k6J4XVH0niKcdi/p0IZBwreliN6srpbY2/0MokHRpqzfstTB/8e9kKakliztN
Ijiu3ojzwwefQRrx/5mnoHEdy9zSXukbsGqw3QgjZQ0AD/dSX/ly3R1z7K7wi+tv
UV5+ANPAcEHxw49a1ztLluoIA2wr/C+opbpDmIHvO3vckv/Lsl5HXMJioyh1K4KD
D/nzuV3nOhZBsvTSiJViNEa9SUL0JGtZ6c7sgMWVXgOCFurCeyseN5o34Qm0WKFY
-----END CERTIFICATE REQUEST-----

I'm not exactly sure how to debug context cancelled....

Thanks for any help

Im not wed to using lego, however I'd like the option to pass a CSR if possible

Maybe there's a way to get more verbose debugging info from lego? I did not find any --verbose option when reading Options :: Let’s Encrypt client and ACME library written in Go., but looking at the code there seems to be a LEGO_DEBUG_CLIENT_VERBOSE_ERROR environment variable which is checked in the code a few times. Maybe if you run lego with LEGO_DEBUG_CLIENT_VERBOSE_ERROR=1 added in the front you get more info?

Also, any specific reason to use a CSR? It usually makes any ACME client work rather cumbersome.

Not a particular reason however I'm trying to get a certificate to run on my FreeIPA installation. There are a bunch of nuances with FreeIPA and it seems to want to have control of the keys -- I'm sure there might be a workaround however messing with FreeIPA is kind of painful.

I ran with the LEGO_DEBUG_CLIENT_VERBOSE_ERROR=1 and no additional output which is annoying.

Maybe ask what the "context canceled" is all about on the lego support channel(s)?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.