Error while creating ssl certificate

sh0tgun · January 2, 2018, 6:07am

Hello,
I am trying to add lets encrypt ssl to shared linux hosting.I’m using linux mint.Everything works fine until i run this command letsencrypt certonly --manual --email admin@example.com -d example.com -d www.example.com.
I’m getting this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None.

An unexpected error occurred:

ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.
Also i tried view log files but they are not acessible.
Any ideas what should i do?

schoen · January 2, 2018, 6:15am

Hi @sh0tgun,

Do you know of any reason that the host would prevent you from making outbound HTTPS connections? That’s what Certbot is trying to do that’s failing here.

Can you try running something like this?

curl -v https://acme-v01.api.letsencrypt.org/directory

sh0tgun · January 3, 2018, 11:03am

You were right that was IP problem.This problem is fixed now.Now im facing acme verification problem.
I created folders in root .well-known/acme-challenge/
and added challenge string there.I visited http://www.exapmle.com/.well-known/acme-challenge/aFstjBRBDZoldLNhkVPZqZyvp5ZnXtNWgEGUABjLgQI: but im getting 404 there.

Im getting this error:

Cleaning up challenges

Failed authorization procedure. www.example (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.exapmle.com/.well-known/acme-challenge/aFstjBRBDZoldLNhkVPZqZyvp5ZnXtNWgEGUABjLgQI: "

Osiris · January 3, 2018, 11:07am

Perhaps the root isn't correct.

Why are you using the manual plugin? What webserver software are you using?

sh0tgun · January 3, 2018, 11:11am

Im using cpanel wth hostagator shared hosting.I tried public_html,that is also not working

Osiris · January 3, 2018, 1:36pm

Shared hosting… So you’re running certbot from some other computer?

schoen · January 3, 2018, 8:36pm

My impression is that Hostgator will charge you a fee to install your certificates and that this fee will end up costing more than paying for a longer-lived certificate from a paid CA; have you looked into that?

For the webroot problem, you could try a step-by-step test.

Can you make a file appear at http://example.com/test.txt?

How about http://example.com/.well-known/test2.txt?

How about http://example.com/.well-known/acme-challenge/test3.txt?

How about http://example.com/.well-known/acme-challenge/test4 (without a file extension)?

system · February 2, 2018, 8:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.