Hook commands return error code 5

Hello,

I am trying the following:

Domain: michaeljimmylu.online

Command: certbot-3.6 certonly --manual --manual-public-ip-logging-ok --manual-auth-hook /usr/local/etc/letsencrypt/renewal-hooks/custom/authenticator.sh --manual-cleanup-hook /usr/local/etc/letsencrypt/renewal-hooks/custom/cleanup.sh -d “*.michaeljimmylu.online”

Errors:
Hook command “/usr/local/etc/letsencrypt/renewal-hooks/custom/authenticator.sh” returned error code 5
Hook command “/usr/local/etc/letsencrypt/renewal-hooks/custom/cleanup.sh” returned error code 5

Web server: Apache 2.4
OS: FreeNAS 11.3
Hosting provider: DreamHost
Certbot version: 3.6

The hook script I am trying to run is a simple API call to DreamHost (key obviously omitted):

#!/usr/bin/env bash
wget -q “https://api.dreamhost.com/?key=X&cmd=dns-add_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION&comment=Certbot

I believe the culprit to be the scripts themselves - any ideas on what the error code 5 is?

Thank you,
Mike

wget(1) says that an exit code of 5 means “SSL verification failure.”

If you run a similar wget command in a terminal – like wget https://api.dreamhost.com/ – does it successfully make an HTTP request? If not, why not?

Alternatively, what if you remove -q from the hook?

Thanks! Turns out the problem was the lack of --no-check-certificate flag which caused it to fail.

That’s insecure, but sure.

Does FreeNAS have documentation about making certificate validation work for wget? Do other servers work?

Turns out FreeNAS jails don’t have the ability to do SSL certificate validation out of the box - it’s as simple as running “pkg install ca_root_nss”.

I don’t have to use the --no-check-certificate now to get it working.

1 Like