Since client Version 0.4.0 I cant create or renew [SOLVED}


#1

~/sources/letsencrypt # ./letsencrypt-auto certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m postmaster[@]cyberguerrilla.org --webroot -w /home/cyberguerrilla/public_html -d cyberguerrilla.org -d www.cyberguerrilla.org

Errorlog: letsencrypt.txt (50.3 KB)

NginX directive: nginx-directive.txt (3.4 KB)

If u go to https://cyberguerrilla.org/.well-known/acme-challenge/ you see it can be connected to (placed a index.html)

Installation method: git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt && ./letsencrypt-auto --help
Nginx version 1.9.4
Operating system: Ubuntu Linux 14.04
Our certificates: https://cyberguerrilla.info/certificates/cgan-cert-info.php


#2

Hi,

I think this might be a DNS problem because from a few places I’m getting an NXDOMAIN for cyberguerilla.org and www.cyberguerilla.org, including from Afilias .org servers. Are you sure your DNS is valid and visible from elsewhere?

The ACME challenge also needs to be on http://cyberguerilla.org/.well-known/acme-challenge/ (not https), but I don’t think that’s likely to be the biggest problem here.


#3

Hi,

We run our own nameservers and below say that dns of cyberguerrilla.org checks out ok
http://www.dnsinspect.com/cyberguerrilla.org
http://www.intodns.com/cyberguerrilla.org
http://dnssec-debugger.verisignlabs.com/cyberguerrilla.org
http://mxtoolbox.com

Nginx setup is the same as when it was in Dec 2015 and later when we created the certificates for our domains.


#4

I could not access your www address at tcp/80. Also I noticed that your root A address is different of your www address(both are A records). If both IPs are in the same machine OK, but otherwise you may have problems. Actually what you want is that both www and domain.com go to the same .well-know. But I think you problem is in nginx, I could not get any response at port tcp/80, you have to listen at tcp/80 without SSL.


#5

That’s the load-balance all ips are on same server nginx listen to port 80 (no ssl) and there is no redirect to https only HSTS but result with domains that are not on load-balance is the same.
This is not the first certificate I done see https://cyberguerrilla.info/certificates/cgan-cert-info.php all domains hosted here use letsencrypt.


#6

Solved it is the ngx_http_spdy_module SPDY when I removed that from nginx directive client could create/renew certificates.

Ty