Initial setup and issue certificate


#1

Please fill out the fields below so we can help you better.

Let’s say my domain is api.mydomain.com

My domain is:
api.mydomain.com

I ran this command:
acme.sh --issue -d api.mydomain.com --standalone --httpport 9000

It produced this output:
[Wed Aug 24 16:34:47 EDT 2016] Standalone mode.
[Wed Aug 24 16:34:47 EDT 2016] Creating account key
[Wed Aug 24 16:34:47 EDT 2016] Use default length 2048
[Wed Aug 24 16:34:47 EDT 2016] Use length 2048
[Wed Aug 24 16:34:47 EDT 2016] Using RSA: 2048
[Wed Aug 24 16:34:47 EDT 2016] Registering account
[Wed Aug 24 16:34:48 EDT 2016] Registered
[Wed Aug 24 16:34:48 EDT 2016] Creating domain key
[Wed Aug 24 16:34:48 EDT 2016] Use length 2048
[Wed Aug 24 16:34:48 EDT 2016] Using RSA: 2048
[Wed Aug 24 16:34:49 EDT 2016] Single domain=‘api.mydomain.com
[Wed Aug 24 16:34:49 EDT 2016] Verify each domain
[Wed Aug 24 16:34:49 EDT 2016] Getting webroot for domain=‘api.mydomain.com
[Wed Aug 24 16:34:49 EDT 2016] Getting token for domain=‘api.mydomain.com
[Wed Aug 24 16:34:50 EDT 2016] Verifying:api.mydomain.com
[Wed Aug 24 16:34:50 EDT 2016] Standalone mode server
[Wed Aug 24 16:34:58 EDT 2016] api.mydomain.com:Verify error:Invalid response from http://api.mydomain.com/.well-known/acme-challenge/BKGR3QQ5RZqf0YPEd48QX3Ns4tNwaEhrzoDlTjsONYA: \

My operating system is (include version):
Red Hat Enterprise Linux Server release 6.7 (Santiago)

My web server is (include version):
grunt

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Can you provide a little more info please, otherwise it’s virtually possible to help.

Your edit, and additional info helps, thanks.


#3

In particular, you have set http port to 9000. This will only work if in fact you have a firewall, load balancer or similar which maps internal port 9000 to external port 80. Let’s Encrypt is not permitted to validate your control of this name by connecting over the Internet on port 9000.

In fact Mozilla is currently deciding whether to impose sanctions on a CA that mistakenly allowed people to use arbitrary port numbers to get certificates & as a result mis-issued a certificate then failed to report it.


#4

Thank you, Tialaramex.


#5

Thanks @tialaramex

Yes, you should remove --httpport 9000


#6

My problem is solved by removed the --httpport 9000 and executed the acme.sh with sudo privilege.

Command I executed is:

sudo ~/.acme.sh/acme.sh --issue -d api.mydomain.com --standalone

Thank you, Neilpang

PhienAn


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.