Not getting cert using acmetool

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
obstoclades.biz
I ran this command:
acmetool --xlog.severity=debug
It produced this output:
20210815150755 [DEBUG] acmetool.storageops: Target(obstoclades.biz;https://acme-v02.api.letsencrypt.org/directory;0): best certificate satisfying is , err=Target(obstoclades.biz;https://acme-v02.api.letsencrypt.org/directory;0): no certificate satisfies this target
20210815150755 [DEBUG] acmetool.storageops: Target(obstoclades.biz;https://acme-v02.api.letsencrypt.org/directory;0): requesting certificate
20210815150755 [DEBUG] fdb: enforce permissions: keys/pldseoi4dudgjqrccz6sewd3aj3x6doxgduptj5shle4itiphkaq/privkey 0/0 0/0
20210815150755 [DEBUG] acmetool.storageops: Target(obstoclades.biz;https://acme-v02.api.letsencrypt.org/directory;0): ordering certificate
20210815150756 [DEBUG] acmetool.reshttp: acquire port "[::]:80" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: failed to listen on [::]:80: listen tcp 0.0.0.0:80: bind: address already in use
20210815150756 [DEBUG] acmetool.reshttp: acquire port ":80" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: failed to listen on :80: listen tcp :80: bind: address already in use
20210815150756 [DEBUG] acmetool.reshttp: acquire port "[::1]:402" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: listening on [::1]:402
20210815150756 [DEBUG] acmetool.reshttp: acquire port "127.0.0.1:402" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: listening on 127.0.0.1:402
20210815150756 [DEBUG] acmetool.reshttp: acquire port "[::1]:4402" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: listening on [::1]:4402
20210815150756 [DEBUG] acmetool.reshttp: acquire port "127.0.0.1:4402" "dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k"
20210815150756 [DEBUG] acmetool.reshttp: listening on 127.0.0.1:4402
20210815150756 [DEBUG] acme.responder: writing 1 webroot challenge files
20210815150756 [DEBUG] acme.responder: writing webroot file /var/run/acme/acme-challenge/dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k
20210815150756 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/haproxy
20210815150756 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/reload
20210815150756 [DEBUG] acme.responder: http-01 self test for "obstoclades.biz"
20210815150801 [INFO] acme.responder: http-01 self test failed: obstoclades.biz: Get "http://obstoclades.biz/.well-known/acme-challenge/dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
20210815150801 [DEBUG] acme.responder: removing webroot file /var/run/acme/acme-challenge/dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k
20210815150801 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/haproxy
20210815150801 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/reload
20210815150801 [DEBUG] acmetool.solver: challenge start failed: Get "http://obstoclades.biz/.well-known/acme-challenge/dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
20210815150801 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/haproxy
20210815150801 [DEBUG] acme.hooks: calling hook script: /usr/local/libexec/acme/hooks/reload
20210815150801 [DEBUG] acmetool.solver: challenge start failed: could not install DNS challenge, no hooks succeeded
20210815150801 [DEBUG] acmetool.solver: challenge instantiation failed: challenge type not supported
20210815150801 [ERROR] acmetool.storageops: Target(obstoclades.biz;https://acme-v02.api.letsencrypt.org/directory;0): failed to request certificate: the following errors occurred:
exhausted all possible challenges in authorization "https://acme-v02.api.letsencrypt.org/acme/authz-v3/22122960280" [due to inner error: the following errors occurred:
Get "http://obstoclades.biz/.well-known/acme-challenge/dT6w6ZCAQGpcS8vxriK6rTp1nqSwwdfhIGPBflsee5k": context deadline exceeded (Client.Timeout exceeded while awaiting headers);
could not install DNS challenge, no hooks succeeded;
challenge type not supported]

My web server is (include version):
nginx 1.18.0
The operating system my web server runs on is (include version):
FreeBSD 13.0-RELEASE
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
acmetool-v0.2.1-freebsd-ports

Hi @dls welcome to the community....
OK so acmetool is not in my repertoire. Although I am a freebsd fan.
Have you looked at:
https://wiki.freebsd.org/BernardSpil/LetsEncrypt#Install_Letsencrypt.sh
It might help.

2 Likes

If, as appears to be the case, your server can't connect to itself using its public IP address (maybe due to not having hairpin NAT on your home network), then I can suggest either:

I would note also that I'm pretty sure that acmetool is abandonware. Although it seems that some distros have chosen to package the ACMEv2 beta, I don't think the author has responded to any issues in a long time. Unfortunate - I was a happy user too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.