Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I am testing with LetsEncrypt with acme4j client , in my tomcat webapp whose the IP is internal .
I ran this command:
i am using org.shredzone.acme4j package in Java program to create session like this below.
Session session = new Session("https://acme-staging-v02.api.letsencrypt.org/directory");
It produced this output:
Session MetaData null.
My web server is (include version):
apache-tomcat-9.0.41
The operating system my web server runs on is (include version):
Red Hat Enterprise Linux release 8.2 (Ootpa)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
acme4j-utils-2.11.jar acme4j-client-2.11.jar
Sorry I don't know that much about Tomcat, I presume the browser you are using is on your (Windows?) desktop and not Redhat. Try using curl https://acme-staging-v02.api.letsencrypt.org/directory on the linux server to see if you can fetch from the Let's Encrypt API, if not then that would be the problem. If outgoing https requires a proxy then you'd have to tell acme4j that.
I presume you are trying to write an app which automatically maintains it's own certificate rather than just using Certbot or some other linux ACME client?
Thank you for responding.I am using Redhat OS . I can access the Staging URL in browser in Redhat , but not in java client with linux ACME4j.jar client (org.shredzone.acme4j). With this client , i am trying to register the account and accept Terms of Service and getting metadata null using below call
Session session = new Session("https://acme-staging-v02.api.letsencrypt.org/directory");
I notice their example code doesn't use the real API url at all and instead it seems to want you to use Session session = new Session("acme://letsencrypt.org/staging");
Actually Session.getMetadata() never returns null, even if there is no metadata in the directory resource. There must be another reason for it. However it is hard to find the cause without looking at the source code.
You can enable debug logging by setting slf4j's log level of org.shredzone.acme4j to DEBUG. acme4j will then also log the full client/server communication. It should give a good hint about the cause of the problem.
BTW, for new Session() you can use both the https:// and acme:// style URI. However acme: URIs should be preferred.
Thanks for the responses.
I figured out the problem to be with firewall issue. I had added proxy to session to get through the creation process. But now ended up with this error while HTTPS validation.
Challenge has failed, reason: DNS problem: NXDOMAIN looking up A for <<myhost.domain.com>> check that a DNS record exists for this domain.
I am trying to get cert downloaded for my application in VM , which is not in public domain, i get above error.
How do we use LetsEncrypt for Private IP's for testing purpose .
The cert is for the domain (e.g. dev-01.yourdomain.com), not the IP. If you have access to administer the DNS for your domain you can use DNS validation instead of http validation. If you don't then you need to use http validation, so you can only get certificates for publicly visible servers.