Having another go at a wildcard certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

baxtersnet.com

"[Sun Nov 18 18:32:05 GMT 2018] ACME_DIRECTORY=‘https://acme-v01.api.letsencrypt.org/directory
[Sun Nov 18 18:32:05 GMT 2018] DOMAIN_PATH=’/var/etc/acme-client/home/baxtersnet.com’
[Sun Nov 18 18:32:05 GMT 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sun Nov 18 18:32:05 GMT 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sun Nov 18 18:32:05 GMT 2018] GET
[Sun Nov 18 18:32:05 GMT 2018] url=‘https://acme-v01.api.letsencrypt.org/directory
[Sun Nov 18 18:32:05 GMT 2018] timeout=
[Sun Nov 18 18:32:05 GMT 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g ’
[Sun Nov 18 18:33:20 GMT 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Sun Nov 18 18:33:20 GMT 2018] ret=‘7’
[Sun Nov 18 18:33:20 GMT 2018] Can not init api.
[Sun Nov 18 18:33:20 GMT 2018] Le_NextRenewTime
[Sun Nov 18 18:33:20 GMT 2018] _on_before_issue
[Sun Nov 18 18:33:20 GMT 2018] _chk_main_domain=‘baxtersnet.com
[Sun Nov 18 18:33:20 GMT 2018] _chk_alt_domains
[Sun Nov 18 18:33:20 GMT 2018] Le_LocalAddress
[Sun Nov 18 18:33:20 GMT 2018] d=‘baxtersnet.com
[Sun Nov 18 18:33:20 GMT 2018] Check for domain=‘baxtersnet.com
[Sun Nov 18 18:33:20 GMT 2018] _currentRoot=‘dns_cf’
[Sun Nov 18 18:33:20 GMT 2018] d
[Sun Nov 18 18:33:20 GMT 2018] _saved_account_key_hash is not changed, skip register account.
[Sun Nov 18 18:33:20 GMT 2018] Read key length:4096
[Sun Nov 18 18:33:20 GMT 2018] Creating domain key
[Sun Nov 18 18:33:20 GMT 2018] Using config home:/var/etc/acme-client/home
[Sun Nov 18 18:33:20 GMT 2018] ACME_DIRECTORY=‘https://acme-v01.api.letsencrypt.org/directory
[Sun Nov 18 18:33:20 GMT 2018] Use length 2048
[Sun Nov 18 18:33:20 GMT 2018] Using RSA: 2048
[Sun Nov 18 18:33:21 GMT 2018] The domain key is here: /var/etc/acme-client/home/baxtersnet.com/baxtersnet.com.key
[Sun Nov 18 18:33:21 GMT 2018] Create domain key error.
[Sun Nov 18 18:33:21 GMT 2018] pid
[Sun Nov 18 18:33:21 GMT 2018] No need to restore nginx, skip.
[Sun Nov 18 18:33:21 GMT 2018] _clearupdns
[Sun Nov 18 18:33:21 GMT 2018] skip dns.
[Sun Nov 18 18:33:21 GMT 2018] _on_issue_err
[Sun Nov 18 18:33:21 GMT 2018] Please check log file for more details: /var/log/acme.sh.log
"

I can login to a root shell on my machine: Yes

This one is an attempt using baxtersnet.com as the CName. I’ve tried with *.baxtersnet.com and this is the same result.

I’m using DNS-01 validation. I have defined a _acme_challenge TXT entry in my DNS however it has not content (I think it is supposed to be filled out for me?) Or could this be the issue I have to put something into this and I just don’t know what it is?


#2

What command did you run?

It’s acme.sh, right? What does it say if you run it with --debug to get more debugging information?

What does “curl -v https://acme-v01.api.letsencrypt.org/directory” show?


#3

a) Is that computer connected to the internet?
b) Did you run it as root?


#4

Hi @tre4b

I can’t find this entry.

D:\temp>nslookup -type=txt _acme-challenge.baxtersnet.com.

baxtersnet.com
primary name server = lila.ns.cloudflare.com
responsible mail addr = dns.cloudflare.com
serial = 2029388864
refresh = 10000 (2 hours 46 mins 40 secs)
retry = 2400 (40 mins)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)

Did you delete this entry? _acme-challenge.baxtersnet.com.baxtersnet.com doesn’t have a dns entry too (sometimes a mistake).


#5

_acme_challenge.baxtersnet.com – with an underscore instead of a hyphen – does exist, with a test value.

_acme_challenge.baxtersnet.com. 300 IN  TXT     "v"

#6

Shouldn’t that second underscore be a hyphen?:
_acme-challenge.baxtersnet.com