Ghost SSL Fails on CA order process

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
coaltocloud.info

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
18.04.5 LTS
My hosting provider, if applicable, is:
Oracle Cloud VM

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.27.0

I ran this command:
/bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain coaltocloud.info --webroot /var/www/coaltocloud/system/nginx-root --reloadcmd "nginx -s reload" --accountemail "Account email"
It produced this output:

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain coaltocloud.info --webroot /var/www/coaltocloud/system/nginx-root --reloadcmd "nginx -s reload" --accountemail "ADMIN email"
[Sat Aug 14 08:13:44 UTC 2021] coaltocloud.info:Timeout
[Sat Aug 14 08:13:44 UTC 2021] Please add '--debug' or '--log' to check more details.
[Sat Aug 14 08:13:44 UTC 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

[Sat Aug 14 08:12:27 UTC 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Aug 14 08:12:27 UTC 2021] Single domain='coaltocloud.info'
[Sat Aug 14 08:12:27 UTC 2021] Getting domain auth token for each domain
[Sat Aug 14 08:12:30 UTC 2021] Getting webroot for domain='coaltocloud.info'
[Sat Aug 14 08:12:30 UTC 2021] Verifying: coaltocloud.info
[Sat Aug 14 08:12:30 UTC 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Sat Aug 14 08:12:33 UTC 2021] Processing, The CA is processing your order, please just wait. (2/30)

:heavy_multiplication_x: Setting up SSL
One or more errors occurred.

  1. ProcessError

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain coaltocloud.info --webroot /var/www/coaltocloud/system/nginx-root --reloadcmd "nginx -s reload" --accountemail email
[Sat Aug 14 16:14:39 UTC 2021] coaltocloud.info:Verify error:504 Gateway Time-out

504 Gateway Time-out


nginx
[Sat Aug 14 16:14:39 UTC 2021] Please add '--debug' or '--log' to check more details.
[Sat Aug 14 16:14:39 UTC 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

[Sat Aug 14 16:13:35 UTC 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Aug 14 16:13:35 UTC 2021] Single domain='coaltocloud.info'
[Sat Aug 14 16:13:35 UTC 2021] Getting domain auth token for each domain
[Sat Aug 14 16:13:37 UTC 2021] Getting webroot for domain='coaltocloud.info'
[Sat Aug 14 16:13:37 UTC 2021] Verifying: coaltocloud.info
[Sat Aug 14 16:13:37 UTC 2021] Processing, The CA is processing your order, please just wait. (1/30)

@PleaseCycle Your domain name is not setup in a DNS - or at least not setup properly. For example:

If I try 'curl coaltocloud.info' it issues a message saying it could not resolve that host name. Using https://letsdebug.net/ says pretty much the same.

You will have to sort that out to proceed further.

2 Likes

You seem to be trying to issue a certificate from ZeroSSL and not from Let's Encrypt. If that's intended, please refer to the support of ZeroSSL instead of this Community. If that's not intended, please refer to the acme.sh documentation on how to change the acme.sh setting back to Let's Encrypt. Thank you.

Also, it seems you actually did manage to get a Let's Encrypt certificate issued today: crt.sh | 5039975120 However, your current acme.sh command line doesn't seem to be including the wildcard which is included in the aformentioned certificate? How did you get the wildcard certificate? And why can't you juse use that?

2 Likes

I think manually using the certbot command was the part that let me get the wildcard certificate:

sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: coaltocloud.info

However, I still seem to get an error about the DNS name resolution:

Failed authorization procedure. coaltocloud.info (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://coaltocloud.info/.well-known/acme-challenge/q8xzZ3TDxrKWlpGAYzDK7heTRsN5EQSPEn6nxrUDooE: Error getting validation data

Error getting validation data

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

I'll also try to reach out on the ghost forums. Thank you!

1 Like

If certbot has a certificate in storage, you can use that one. Please check the command certbot certificates to check if you have a working certificate.

With regard to your other error "Error getting validation data": your domain seems to be resolving to 129.146.133.146 but that IP address is unreachable.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.