Not able to create fullchain.pem file

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:10.3.152.133

I ran this command:/etc/periodic/weekly/acme-client

It produced this output:acme-client: /etc/acme/localhost/privkey.pem: account key exists (not creating)
acme-client: /etc/ssl/acme/private/localhost/privkey.pem: domain key exists (not creating)
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 23.34.65.90
acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:1408:2000:1a0::3a8e
acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:1408:2000:196::3a8e
acme-client: 23.34.65.90: connect: Operation timed out
acme-client: 2600:1408:2000:1a0::3a8e: connect: Address not available
acme-client: 2600:1408:2000:196::3a8e: connect: Address not available
acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm
acme-client: bad exit: netproc(53): 1

My web server is (include version): nginx/1.14.0

The operating system my web server runs on is (include version):ubuntu/18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I donā€™t know):I donā€™t know

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):

LE does not provide certs for IP "names".

If you are using a panel of any sort, start there - using panels and command line clients tends to make more problems than they solve.

provide for ā€˜localhostā€™ ?? and we are using docker container i

LE will only provide certs for fully qualified domain names.
You need a real domain name.

How do you expect to use the cert?:
https://some-real-name/ ?
https://your-ip/ ?

If the answer is not obvious:
If A, then get a cert for that real name.
If B, then use a self-signed cert or try another CA.

1 Like

itā€™s option B. What exactly another CA means?

LE is a CA.
CA = Certificate Authority.
LE = Letā€™s Encrypt.
Another CA, would be any other CA that does offer certs with IPs in the ā€œnameā€.

NOTE: 10.3.152.133 is NOT an Internet routable IP (RFC 1918).
Before you get a (paid) cert for such an IP, be sure it is the one (IP) you really need.
Be sure your clients can reach your site/IP first.

https://10.3.152.133:40400/ like this i am tring to accessā€¦

10.3.152.133 is NOT an Internet routable IP.
That IP wonā€™t get you very far.
Nowhere outside your local LAN/ISP.

Try this on your system:
[it should show you a real Internet IP]
curl ifconfig.co
or in browser:
https://ifconfig.co/

Or perhaps try talking with your ISP/HSP about access to that system from the Internet.
[if you really do need it to be accessed from the Internet - my assumption thus far (since you want a real cert from a real CA)]

Ip : 158.48.6.140 tried in my system

If that is always the same IP, then that is probably the ā€œreal IPā€ of that system.
Again, speak with your ISP/HSP about that before you get a cert.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.