Can´t get certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: (for now I just have an IP (194.25.45.15) and the FW only allows me to connect)

I ran this command:
cd /root/letsencrypt
./letsencrypt-auto certonly -c /etc/letsencrypt/cli.ini

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
An unexpected error occurred:
SSLError: (“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’,
‘certificate verify failed’)],)”,)
Please see the logfiles in /var/log/letsencrypt for more details.

logfile:
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 718,
in init
directory = messages.Directory.from_json(net.get(server).json())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 1041,
in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 990,
in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line
488, in request
resp = self.send(prep, **send_kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line
609, in send
r = adapter.send(request, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/adapters.py”, line
497, in send
raise SSLError(e, request=request)
SSLError: (“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’,
‘certificate verify failed’)],)”,)
2018-03-28 07:07:29,530:ERROR:certbot.log:An unexpected error occurred:
~
“/var/log/letsencrypt/letsencrypt.log” 46L, 3779C 46,71 Bot

My web server is (include version): (Apache2.4)

The operating system my web server runs on is (include version): (SLES 12 SP3)

My hosting provider, if applicable, is: (I´m hosting it by myself on a VM)

I can login to a root shell on my machine: (yes)

I’m using a control panel to manage my site: (no)


#2

Let’s Encrypt only issues certificates for domain names, not for IP addresses.


#3

So how do I get a domain name? I have an public IP but somehow the DNS-Server need to get to know the domain name for my IP.


#4

You need to buy a domain name. There are no natural domain names that automatically point to IP addresses. Everybody who has a domain name paid for it (such as letsencrypt.org, that was purchased from enom.com).

Freenom can provide you with a free domain name (.tk, .ml, .ga, .cf, .gq extensions) if you do not want to pay any money.


#5

You can also take a look at dynamic DNS providers which may provide free subdomains (although you’ll have less control than if you bought one yourself). Some of these have rate limit exceptions from Let’s Encrypt due to listing on the Public Suffix List, which confirms that their domains are shared by many independent users and therefore Let’s Encrypt is willing to issue a much large volume of certificates to those users.


#6

ok now I have a domain but still get enough errors

thats the log file:

2018-03-29 12:54:25,164:DEBUG:certbot.main:certbot version: 0.22.2
2018-03-29 12:54:25,165:DEBUG:certbot.main:Arguments: [’-c’, ‘/etc/letsencrypt/cli.ini’]
2018-03-29 12:54:25,165:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-03-29 12:54:25,203:DEBUG:certbot.log:Root logging level set at 20
2018-03-29 12:54:25,204:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-29 12:54:25,205:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-03-29 12:54:25,213:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f7c77a95290>
Prep: True
2018-03-29 12:54:25,214:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f7c77a95290> and installer None
2018-03-29 12:54:25,214:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2018-03-29 12:54:25,762:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-03-29 12:54:25,773:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-03-29 12:54:25,848:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 1141, in certonly
le_client = _init_le_client(config, auth, installer)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 635, in _init_le_client
acc, acme = _determine_account(config)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 514, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py”, line 164, in register
acme = acme_from_config_key(config, key)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py”, line 46, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 718, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 1041, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/acme/client.py”, line 990, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line 488, in request
resp = self.send(prep, **send_kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line 609, in send
r = adapter.send(request, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/adapters.py”, line 497, in send
raise SSLError(e, request=request)
SSLError: (“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,)
2018-03-29 12:54:25,851:ERROR:certbot.log:An unexpected error occurred:
~
~
~
~
~
~
~
~
~
~
~
~
~


#7

It looks like your error was unrelated to your desire to get a certificate without a domain name (although it’s still true that you did need a domain name).

Can you run this command on the same server?

curl -v https://acme-v01.api.letsencrypt.org/directory


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.