Error connecting to staging server


#1

Hi,
I haven’t been able to connect to the LE staging server. Already tried:
letsencrypt certonly --manual
and
letsencrypt certonly --webroot -w DIR -d DOMAIN
but always get the same error:
SSLError: [Errno bad ca_certs: ‘/etc/ssl/certs/’] []

The /etc/ssl/certs directory is populated with links. Is that a problem?

I’ve installed the letsencrypt openSUSE package: letsencrypt-0.5.0-1.1.noarch
on OpenSUSE 13.1, and the script /usr/bin/letsencrypt seems to work fine.

The package contains no letsencrypt-auto.

Where is the problem?

The last log says:
2016-04-20 14:03:34,252:DEBUG:letsencrypt.main:Root logging level set at 30
2016-04-20 14:03:34,252:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-04-20 14:03:34,253:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-04-20 14:03:34,253:DEBUG:letsencrypt.main:Arguments: [’–manual’]
2016-04-20 14:03:34,253:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-04-20 14:03:34,255:DEBUG:letsencrypt.plugins.selection:Requested authenticator manual and installer None
2016-04-20 14:03:34,256:DEBUG:letsencrypt.plugins.selection:Single candidate plugin: * manual
Description: Manually configure an HTTP server
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:Authenticator
Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x213d310>
Prep: True
2016-04-20 14:03:34,256:DEBUG:letsencrypt.plugins.selection:Selected authenticator <letsencrypt.plugins.manual.Authenticator object at 0x213d310> and installer None
2016-04-20 14:03:43,871:DEBUG:root:Sending GET request to https://acme-staging.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-04-20 14:03:43,881:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2016-04-20 14:03:43,926:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 9, in
load_entry_point(‘letsencrypt==0.5.0’, ‘console_scripts’, ‘letsencrypt’)()
File “/usr/lib/python2.7/site-packages/letsencrypt/main.py”, line 692, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/letsencrypt/main.py”, line 504, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/site-packages/letsencrypt/main.py”, line 356, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/site-packages/letsencrypt/main.py”, line 341, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/site-packages/letsencrypt/client.py”, line 117, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/site-packages/letsencrypt/client.py”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 63, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 627, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 609, in _send_request
response = requests.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/api.py”, line 44, in request
return session.request(method=method, url=url, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 350, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 453, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/adapters.py”, line 328, in send
raise SSLError(e)
SSLError: [Errno bad ca_certs: ‘/etc/ssl/certs/’] []


#2

Problem solved:

  1. modified the path of trusted ca file in /usr/lib/python2.7/site-packages/requests/certs.py
    to /etc/ssl/ca-bundle.pem (python expects a file and not a directory)
  2. activated the productive server and deactivated the testing server in /etc/letsencrypt/cli.ini
  3. letsencrypt certonly --webroot -w DIR -d DOMAIN
    works as expected

#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.