Not able to create fullchain.pem file

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:/etc/periodic/weekly/acme-client

It produced this output:acme-client: /etc/acme/localhost/privkey.pem: account key exists (not creating)
acme-client: /etc/ssl/acme/private/localhost/privkey.pem: domain key exists (not creating)
acme-client: directories
acme-client: DNS:
acme-client: DNS: 2600:1408:2000:1a0::3a8e
acme-client: DNS: 2600:1408:2000:196::3a8e
acme-client: connect: Operation timed out
acme-client: 2600:1408:2000:1a0::3a8e: connect: Address not available
acme-client: 2600:1408:2000:196::3a8e: connect: Address not available
acme-client: bad comm
acme-client: bad exit: netproc(53): 1

My web server is (include version): nginx/1.14.0

The operating system my web server runs on is (include version):ubuntu/18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

LE does not provide certs for IP "names".

If you are using a panel of any sort, start there - using panels and command line clients tends to make more problems than they solve.

provide for ‘localhost’ ?? and we are using docker container i

LE will only provide certs for fully qualified domain names.
You need a real domain name.

How do you expect to use the cert?:
https://some-real-name/ ?
https://your-ip/ ?

If the answer is not obvious:
If A, then get a cert for that real name.
If B, then use a self-signed cert or try another CA.

1 Like

it’s option B. What exactly another CA means?

LE is a CA.
CA = Certificate Authority.
LE = Let’s Encrypt.
Another CA, would be any other CA that does offer certs with IPs in the “name”.

NOTE: is NOT an Internet routable IP (RFC 1918).
Before you get a (paid) cert for such an IP, be sure it is the one (IP) you really need.
Be sure your clients can reach your site/IP first. like this i am tring to access… is NOT an Internet routable IP.
That IP won’t get you very far.
Nowhere outside your local LAN/ISP.

Try this on your system:
[it should show you a real Internet IP]
or in browser:

Or perhaps try talking with your ISP/HSP about access to that system from the Internet.
[if you really do need it to be accessed from the Internet - my assumption thus far (since you want a real cert from a real CA)]

Ip : tried in my system

If that is always the same IP, then that is probably the “real IP” of that system.
Again, speak with your ISP/HSP about that before you get a cert.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.