I can't create a let's encrypt certificate/key pair in CentOS 7 with Apache!


#1

I’ve no problem to install let’s encrypt in CentOS 7. But, with the webroot plugin or with the standalone plugin (httpd stopped in this case), I can’t create the let’s encrypt certificate/key pair :

/root/.local/share/letsencrypt/bin/letsencrypt certonly --agree-tos --email contact@dsfc.net -d dsfc.net -d www.dsfc.net --rsa-key-size 4096 --standalone-supported-challenges tls-sni-01 --server https://acme-v01.api.letsencrypt.org/directory

Here is the content of the /var/log/letsencrypt/letsencrypt.log :

2016-01-09 07:24:55,287:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):

  • File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in *
  • sys.exit(main())*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1396, in main*
  • return args.func(args, config, plugins)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 587, in obtain_cert*
  • le_client = _init_le_client(args, config, authenticator, installer)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 174, in _init_le_client*
  • acc, acme = _determine_account(args, config)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 161, in _determine_account*
  • config, account_storage, tos_cb=_tos_cb)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 116, in register*
  • acme = acme_from_config_key(config, key)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 41, in acme_from_config_key*
  • return acme_client.Client(config.server, key=key, net=net)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 62, in init*
  • self.net.get(directory).json())*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 611, in get*
  • self._send_request(‘GET’, url, *kwargs), content_type=content_type)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 593, in _send_request*
  • response = requests.request(method, url, *args, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/api.py”, line 53, in request*
  • return session.request(method=method, url=url, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 468, in request*
  • resp = self.send(prep, *send_kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 576, in send*
  • r = adapter.send(request, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adapters.py”, line 376, in send*
  • timeout=timeout*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 559, in urlopen*
  • body=body, headers=headers)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 345, in _make_request*
  • self._validate_conn(conn)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 784, in _validate_conn*
  • conn.connect()*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connection.py”, line 217, in connect*
  • conn = self._new_conn()*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connection.py”, line 137, in _new_conn*
  • (self.host, self.port), self.timeout, *extra_kw)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/util/connection.py”, line 81, in create_connection*
  • sock.connect(sa)*
  • File “/usr/lib64/python2.7/socket.py”, line 224, in meth*
  • return getattr(self._sock,name)(args)
    KeyboardInterrupt

Thanks for your help !


#2

Hello @bloginfo,

That command seems fine to me, I just miss the --standalone argument but I tested it using exactly the command you used and it is fine, letsencrypt is smart enough to see that you want to use standalone method.

Checking your log I can see a KeyboardInterrupt and that is because you cancelled the process… maybe you hit Ctrl-C in the middle of the process.

Try it again but first, update your letsencrypt-auto client. If you downloaded it using git clone go to the dir where it is installed and perform a git pull and the just a letsencrypt-auto --version to update the virtualenv (the virtualenv is /root/.local/share/letsencrypt/)

For example, if you installed it on /root/letsencrypt/:

cd /root/letsencrypt/
git pull
./letsencrypt-auto --version

Once finished you can try again the same command you posted (remember to stop your webserver before launch the standalone method).

Good luck,
sahsanu


#3

You can try my bash client: [updated]Simplest pure bash letsencrypt client, support standalone server now


#4

Thank you for your post.

I’ve update letsencrypt as you explain. But the command is always mute.

How time do you wait for to get the key/certificate pair ?


#5

This behaviour, together with the traceback, seems to indicate some kind of network issue. One possibility would be a broken IPv6 setup.

Try running the following command and see if it succeeds (it should output something like '/dev/null' saved):

wget https://acme-v01.api.letsencrypt.org/directory -O /dev/null

If it doesn’t, and the output shows something like the following, including an IPv6 address, then your IPv6 configuration is broken:

Connecting to acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)|2a02:26f0:2d:38f::3d5|:443...

If it fails for some other reason, make sure you don’t have any firewall rules blocking traffic to the acme server.