I can't create a let's encrypt certificate/key pair in CentOS 7 with Apache!

I’ve no problem to install let’s encrypt in CentOS 7. But, with the webroot plugin or with the standalone plugin (httpd stopped in this case), I can’t create the let’s encrypt certificate/key pair :

/root/.local/share/letsencrypt/bin/letsencrypt certonly --agree-tos --email contact@dsfc.net -d dsfc.net -d www.dsfc.net --rsa-key-size 4096 --standalone-supported-challenges tls-sni-01 --server https://acme-v01.api.letsencrypt.org/directory

Here is the content of the /var/log/letsencrypt/letsencrypt.log :

2016-01-09 07:24:55,287:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):

  • File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in *
  • sys.exit(main())*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1396, in main*
  • return args.func(args, config, plugins)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 587, in obtain_cert*
  • le_client = _init_le_client(args, config, authenticator, installer)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 174, in _init_le_client*
  • acc, acme = _determine_account(args, config)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 161, in _determine_account*
  • config, account_storage, tos_cb=_tos_cb)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 116, in register*
  • acme = acme_from_config_key(config, key)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 41, in acme_from_config_key*
  • return acme_client.Client(config.server, key=key, net=net)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 62, in init*
  • self.net.get(directory).json())*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 611, in get*
  • self._send_request(‘GET’, url, *kwargs), content_type=content_type)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py”, line 593, in _send_request*
  • response = requests.request(method, url, *args, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/api.py”, line 53, in request*
  • return session.request(method=method, url=url, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 468, in request*
  • resp = self.send(prep, *send_kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py”, line 576, in send*
  • r = adapter.send(request, *kwargs)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adapters.py”, line 376, in send*
  • timeout=timeout*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 559, in urlopen*
  • body=body, headers=headers)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 345, in _make_request*
  • self._validate_conn(conn)*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py”, line 784, in _validate_conn*
  • conn.connect()*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connection.py”, line 217, in connect*
  • conn = self._new_conn()*
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/connection.py”, line 137, in _new_conn*
  • (self.host, self.port), self.timeout, *extra_kw)
  • File “/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/packages/urllib3/util/connection.py”, line 81, in create_connection*
  • sock.connect(sa)*
  • File “/usr/lib64/python2.7/socket.py”, line 224, in meth*
  • return getattr(self._sock,name)(args)

Thanks for your help !

Hello @bloginfo,

That command seems fine to me, I just miss the --standalone argument but I tested it using exactly the command you used and it is fine, letsencrypt is smart enough to see that you want to use standalone method.

Checking your log I can see a KeyboardInterrupt and that is because you cancelled the process... maybe you hit Ctrl-C in the middle of the process.

Try it again but first, update your letsencrypt-auto client. If you downloaded it using git clone go to the dir where it is installed and perform a git pull and the just a letsencrypt-auto --version to update the virtualenv (the virtualenv is /root/.local/share/letsencrypt/)

For example, if you installed it on /root/letsencrypt/:

cd /root/letsencrypt/
git pull
./letsencrypt-auto --version

Once finished you can try again the same command you posted (remember to stop your webserver before launch the standalone method).

Good luck,

You can try my bash client: [updated]Simplest pure bash letsencrypt client, support standalone server now

Thank you for your post.

I’ve update letsencrypt as you explain. But the command is always mute.

How time do you wait for to get the key/certificate pair ?

This behaviour, together with the traceback, seems to indicate some kind of network issue. One possibility would be a broken IPv6 setup.

Try running the following command and see if it succeeds (it should output something like '/dev/null' saved):

wget https://acme-v01.api.letsencrypt.org/directory -O /dev/null

If it doesn’t, and the output shows something like the following, including an IPv6 address, then your IPv6 configuration is broken:

Connecting to acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)|2a02:26f0:2d:38f::3d5|:443...

If it fails for some other reason, make sure you don’t have any firewall rules blocking traffic to the acme server.