The ACME java client is not working properly

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:
java com.jblur.acme_client.Application --command register -u -a d:\ajitsaha\account.key --email --with-agreement-update --log-dir d:\ajitsaha\acme.log

It produced this output:
PKIX path building failed:
ption: unable to find valid certification path to requested target
org.shredzone.acme4j.exception.AcmeNetworkException: Network error

My web server is (include version):
The operating system my web server runs on is (include version):
Red Hat Linux 6.0
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @ajitsaha,

Is the machine you are running this on able to access the internet without error?

@shred - Do you have any ideas about what might be causing this exception? At face value the network error makes me wonder if the client is unable to contact some portion of the API (or perhaps an AIA url it's chasing?).

Java support for the IdenTrust certificate that is used by Let’s Encrypt servers was added to Java 8u101 in July 2016. For this reason, acme4j does not need to use a hardcoded local truststore anymore. It has been disabled in acme4j v0.12.

@ajitsaha I recommend to update Java on your machine. It seems to be pretty old. If there is no way for you to update Java, you can re-enable the local truststore by adding -Dacme4j.le.certfix=true to your java command. However, the local copy of the certificate will expire in June 2018, so this should only be considered as a temporary fix.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.