Error while creating ssl certificate


#1

Hello,
I am trying to add lets encrypt ssl to shared linux hosting.I’m using linux mint.Everything works fine until i run this command letsencrypt certonly --manual --email admin@example.com -d example.com -d www.example.com.
I’m getting this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None.

An unexpected error occurred:

ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.
Also i tried view log files but they are not acessible.
Any ideas what should i do?


#2

Hi @sh0tgun,

Do you know of any reason that the host would prevent you from making outbound HTTPS connections? That’s what Certbot is trying to do that’s failing here.

Can you try running something like this?

curl -v https://acme-v01.api.letsencrypt.org/directory


#4

You were right that was IP problem.This problem is fixed now.Now im facing acme verification problem.
I created folders in root .well-known/acme-challenge/
and added challenge string there.I visited http://www.exapmle.com/.well-known/acme-challenge/aFstjBRBDZoldLNhkVPZqZyvp5ZnXtNWgEGUABjLgQI: but im getting 404 there.

Im getting this error:

Cleaning up challenges

Failed authorization procedure. www.example (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.exapmle.com/.well-known/acme-challenge/aFstjBRBDZoldLNhkVPZqZyvp5ZnXtNWgEGUABjLgQI: "


#5

Perhaps the root isn’t correct.

Why are you using the manual plugin? What webserver software are you using?


#7

Im using cpanel wth hostagator shared hosting.I tried public_html,that is also not working


#8

Shared hosting… So you’re running certbot from some other computer?


#9

My impression is that Hostgator will charge you a fee to install your certificates and that this fee will end up costing more than paying for a longer-lived certificate from a paid CA; have you looked into that?

For the webroot problem, you could try a step-by-step test.

Can you make a file appear at http://example.com/test.txt?

How about http://example.com/.well-known/test2.txt?

How about http://example.com/.well-known/acme-challenge/test3.txt?

How about http://example.com/.well-known/acme-challenge/test4 (without a file extension)?


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.