This tips should I have needed!!
-
IPv6:
If you have IPv6 enabled, configure that IPv4 should be default (for outgoing requests if hosts have both) in /etc/gai.conf:precedence ::ffff:0:0/96 100
scopev4 ::ffff:169.254.0.0/112 2
scopev4 ::ffff:127.0.0.0/104 2
scopev4 ::ffff:0.0.0.0/96 14
2: “Challange URL”:
You must be able to get the “challange url” from machine itself and the solution is to add requested domain to /etc/host:
127.0.0.1 localhost yourdomain1.xxx yourdomain2.xxx
Because of the other IP’s at the outside of the firewall…
3 Stop your Nginx and temporary run the python code:
Run the “tool” with debug, verbose and textmode from “cli”
sudo ./venv/bin/letsencrypt auth -t -v --debug -m hostmaster@yourdomain1.xxx -d yourdomain1.xxx
Copy the challange python code from the output to an other terminal with root:
mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
echo -n '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "xxxxxxx.
.
.
s.serve_forever()"
4 There are no sharp certs to get yet:
I thought it was possible to get real certs allready (without full “browsersupport”) if you checked out the “client” from GIT, after I read the blogposts from Sep 14. But thats not the case, you only get a hacker fake cert until at least November 16…
Maybe the above works better, when released…