Instructions are in a foreign language

My domain is:
*.tommytamsen.dk
I ran this command:
? Want use ssh. Looked at acme.sh
It produced this output:

My web server is (include version):
Apache
The operating system my web server runs on is (include version):
QNap
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I've no clue how to go about it. Instruction are??? I'm missing some more step by step instructions.

...and neither do we, since you've given only random words and phrases above. What exactly are you trying to do? What have you tried so far in order to accomplish that? And what, if any, instructions are you following?

1 Like

You're right, sorry about me lashing out. Was a bit miffed, been trying for hours, googling in circles. But anyways:;
Using a Qnap. Have succesfully installed latest GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol to home directory.
Then in a SSH terminal:
acme.sh --set-default-ca --server letsencrypt
Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
So far so good. Next step:
/root/.acme.sh/acme.sh --issue -d tommytamsen.dk -d '*.tommytamsen.dk' --dns dns_cf
Then I get this:
[Sat Dec 4 23:47:14 CET 2021] Please refer to libcurl - Error Codes for error code: 60
[Sat Dec 4 23:47:16 CET 2021] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
[Sat Dec 4 23:47:16 CET 2021] Sleep 10 and retry.
[Sat Dec 4 23:47:48 CET 2021] Please refer to libcurl - Error Codes for error code: 60
[Sat Dec 4 23:47:50 CET 2021] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
[Sat Dec 4 23:47:50 CET 2021] Sleep 10 and retry.

Then I'm stuck...

[~] # acme.sh --version

v3.0.2

Been looking at acme.sh github for docs and googling...

This looks like your problem--have you checked what error code 60 means? Here's what the error code page says:

curl couldn't validate the security certificate for the Let's Encrypt server, which is likely a result of the root expiration that happened a couple of months ago and (probably) your Qnap system using an outdated version of OpenSSL. You can probably work around this using the --insecure option to acme.sh: acme-sh --issue --insecure -d ....

I get a slightly different text for 60:
[curl --manual]

60     Peer certificate cannot be authenticated with known CA certificates.

Which implies that the system ca-certificates is outdated.

2 Likes

Perhaps you aren't running the most current version of curl? I suggest that because presumably whatever's on their website (which is what I posted) would be for the most current version. In any event, I think the messages are roughly equivalent--both are saying that the remote server's certificate couldn't be validated. And while there are many reasons that could be the case, I'm thinking the CA cert expiration issue is a pretty likely candidate. Whether that's best addressed by updating OpenSSL or the ca-certificates bundle (or if either is possible on OP's machine) I couldn't say.

1 Like

Thank you very much danb35. --insecure solved my curl problem :grinning:

acme.sh  --issue --server letsencrypt_test --insecure -d tommytamsen.dk -d "*.tommytamsen.dk" --webroot /share/Web --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

You made my day!

1 Like

I'm pretty sure that is not the solution and makes your setup less secure.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.