Install issue HELP

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
cshost.ge
I ran this command:
certbot certonly --standalone
It produced this output:

My web server is (include version):
apache latest version
The operating system my web server runs on is (include version):
windows server 2012 r2
My hosting provider, if applicable, is:
my hosting , i using apache latest version
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.9.0

,, hello when i try command certbot certonly --standalone , with cmd , i take this error on log

2018-02-09 11:09:03,450:DEBUG:certbot._internal.main:certbot version: 1.9.0
2018-02-09 11:09:03,450:DEBUG:certbot._internal.main:Arguments: ['--standalone']
2018-02-09 11:09:03,450:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-02-09 11:09:03,508:DEBUG:certbot._internal.log:Root logging level set at 20
2018-02-09 11:09:03,508:INFO:certbot._internal.log:Saving debug log to C:\Certbot\log\letsencrypt.log
2018-02-09 11:09:03,532:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2018-02-09 11:09:03,543:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x042DAF90>
Prep: True
2018-02-09 11:09:03,544:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x042DAF90> and installer None
2018-02-09 11:09:03,545:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-02-09 11:09:27,483:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2018-02-09 11:09:27,488:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2018-02-09 11:09:27,939:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\contrib\pyopenssl.py", line 488, in wrap_socket
cnx.do_handshake()
File "C:\Program Files (x86)\Certbot\pkgs\OpenSSL\SSL.py", line 1934, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "C:\Program Files (x86)\Certbot\pkgs\OpenSSL\SSL.py", line 1671, in _raise_ssl_error
_raise_current_error()
File "C:\Program Files (x86)\Certbot\pkgs\OpenSSL_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\connectionpool.py", line 677, in urlopen
chunked=chunked,
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\connectionpool.py", line 976, in validate_conn
conn.connect()
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\connection.py", line 370, in connect
ssl_context=context,
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\util\ssl
.py", line 377, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\contrib\pyopenssl.py", line 494, in wrap_socket
raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\requests\adapters.py", line 449, in send
timeout=timeout
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\connectionpool.py", line 725, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "C:\Program Files (x86)\Certbot\pkgs\urllib3\util\retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py", line 193, in _run_module_as_main
File "D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py", line 85, in run_code
File "C:\Program Files (x86)\Certbot\bin\certbot.exe_main
.py", line 33, in
sys.exit(main())
File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 15, in main
return internal_main.main(cli_args)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1362, in main
return config.func(config, plugins)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1226, in certonly
le_client = _init_le_client(config, auth, installer)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 604, in _init_le_client
acc, acme = _determine_account(config)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 520, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 173, in register
acme = acme_from_config_key(config, key)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 43, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "C:\Program Files (x86)\Certbot\pkgs\acme\client.py", line 831, in init
directory = messages.Directory.from_json(net.get(server).json())
File "C:\Program Files (x86)\Certbot\pkgs\acme\client.py", line 1168, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "C:\Program Files (x86)\Certbot\pkgs\acme\client.py", line 1118, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "C:\Program Files (x86)\Certbot\pkgs\requests\sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "C:\Program Files (x86)\Certbot\pkgs\requests\sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "C:\Program Files (x86)\Certbot\pkgs\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
2018-02-09 11:09:27,947:ERROR:certbot._internal.log:An unexpected error occurred:
2018-02-09 11:09:27,949:ERROR:certbot._internal.log:requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

1 Like

Is there a firewall program or proxy device inline?
If you have OpenSSL, try this:
openssl s_client -connect acme-v02.api.letsencrypt.org:443
[and show the output]
[press ctrl+c to break out]

READERS: Get involved and participate: If you read something you like, then click to like it :heart:

1 Like

For a more precise equivalent of the real client's behavior, you can add -servername acme-v02.api.letsencrypt.org (although this may not matter in most situations).

1 Like