Certificate authority doesn't allow certificate signing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: d.teste.com.br

I ran this command: ./letsencrypt.sh -c -f /var/tmp/le/config/config.sh

(I can not share my real domain here.)

It produced this output:

INFO: Using main config file /var/tmp/le/config/config.sh
INFO: Using additional config file /var/tmp/le/config/config.sh
Processing d.teste.com.br with alternative names: *.d.teste.com.br

  • Signing domains…
    ERROR: Certificate authority doesn’t allow certificate signing

The operating system my web server runs on is (include version): RedHat 7.6

My hosting provider, if applicable, is: acme-dns

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.4.0

Where does that letsencrypt.sh file come from?
Did you write it by yourself? Or it’s from GitHub?
Please at least provide the link to that script.

Looking at the error message, you might be using dehydrated, not sure what’s the real message behind that.

Thanks

1 Like

Here,

In this link, describe what I am trying to do:
https://devcentral.f5.com/s/articles/lightboard-lessons-automating-ssl-on-big-ip-with-lets-encrypt-21475

But, the error on CA is shown.

That project is very old and uses the ACME v1 Let’s Encrypt API, which is officially deprecated and no longer accepts new registrations.

You could possibly try replacing the letsencrypt.sh in that repository with an updated version of the upstream project (dehydrated, as @stevenzhu identified). Otherwise, it’s probably worth reaching out to F5 and asking how you could do this in 2020.

3 Likes

Thanks.

I will ask F5 about a new script.