Can't get certificate (Debian)

shintekova · December 25, 2015, 4:32pm

I’ve tried different ways to generate certificate and key but always get these directories and files
ls -lA /etc/letsencrypt/ total 16K drwx------ 3 root root 4.0K Dec 25 19:13 accounts drwxr-xr-x 2 root root 4.0K Dec 25 19:13 csr drwx------ 2 root root 4.0K Dec 25 19:13 keys drwxr-xr-x 2 root root 4.0K Dec 25 19:13 renewal

ls -lA /etc/letsencrypt/csr/
total 4.0K
-rw-r–r-- 1 root root 944 Dec 25 19:13 0000_csr-letsencrypt.pem

ls -lA /etc/letsencrypt/keys/
total 4.0K
-rw------- 1 root root 1.7K Dec 25 19:13 0000_key-letsencrypt.pem

I guess that there’s not right certificate and key.
I’ve tried to use it with nginx but got error:
Reloading nginx configuration: nginx: [emerg] SSL_CTX_use_certificate_chain_file("/usr/local/ssl/0000_csr-letsencrypt.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib) nginx: configuration file /etc/nginx/nginx.conf test failed
File /usr/local/ssl/0000_csr-letsencrypt.pem exists and have strings like "-----BEGIN CERTIFICATE REQUEST-----"
What is wrong?

serverco · December 25, 2015, 5:14pm

What version of debian are you using ? and are you using nginx ? (I’m assuming so, rather than apache, as you refer to nginx).

Looking at the folders you have, there is no “live” or “archive” folder, so you haven’t got any certificates yet. Are you trying to use the manual method ? standalone ? or auto ?

shintekova · December 25, 2015, 5:51pm

I’m using Debian 7 (wheezy).
Yes, I’m using nginx as you mentioned)
I’v tried manual
./letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory -a manual auth
and standalone
/etc/init.d/nginx stop ./letsencrypt-auto certonly --standalone --email myemail@gmail.com -d replyme.ru
Both times I haven’t got any errors and got message that I should make secure backup of “/etc/letsencrypt”

serverco · December 25, 2015, 6:00pm

It's probably worth taking a backup of the /etc/letsencrypt folder anyway.

doing

./letsencrypt-auto -a manual auth

I get

Updating letsencrypt and virtual environment dependencies......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -a manual auth

followed by a request for the domain names.

do you get that ? or do you get something different ?

shintekova · December 25, 2015, 6:13pm

I ran as a root:
root@replyme /usr/local/letsencrypt # ./letsencrypt-auto -a manual auth Updating letsencrypt and virtual environment dependencies… Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -a manual auth
I’m not sure is it that error above but then I ran this:
/root/.local/share/letsencrypt/bin/letsencrypt -a manual auth
And it works! I’ve got all the .pem files. Thank you so much Andy!