Unable to generate a certificate


#1

Hi,

I have generate certificates with letsencrypt before. I deleted by error the /etc/letsencrypt folder and now I cant generate a cert.

I have reinstalled the project for a cleaning installation and when i try to generate with this command (like other times):

./letsencrypt-auto certonly --manual -d [domain]

letsencrypt console show me the box to enter mail for notifications, then press ok and then nothing…

I have doing something wrong? Have i need to delete some folder more??

Thanks


#2

I have try to run this:

./letsencrypt-auto --email xxxxx@xxxx.com certonly --manual -d [domain]

Checking for new version…
Requesting root privileges to run letsencrypt…
sudo /Users/guillermo/.local/share/letsencrypt/bin/letsencrypt --email ssss@xxxxxx.com certonly --manual -d XXXXXXXX.com

With the same result… Nothing


#3

Hi,

If it could help to get a solution, in logs show this:

2016-04-04 08:23:33,957:DEBUG:root:Requesting fresh nonce
2016-04-04 08:23:33,957:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {}
2016-04-04 08:23:33,961:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-04 08:23:34,232:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-reg HTTP/1.1” 405 0
2016-04-04 08:23:34,239:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘78’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘Mon, 04 Apr 2016 08:23:34 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Mon, 04 Apr 2016 08:23:34 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘UtakBtK_IoRrrAJlqjEXqWID_HcTcyc-K0LzcOyyqb8’}. Content: ''
2016-04-04 08:23:34,240:DEBUG:acme.client:Storing nonce: ‘R\xd6\xa4\x06\xd2\xbf"\x84k\xac\x02e\xaa1\x17\xa9b\x03\xfcw\x13s’>+B\xf3p\xec\xb2\xa9\xbf’
2016-04-04 08:23:34,241:DEBUG:acme.jose.json_util:Omitted empty fields: authorizations=None, agreement=None, key=None, certificates=None
2016-04-04 08:23:34,241:DEBUG:acme.client:Serialized JSON: {“contact”: [“mailto:xxxxx@xxxx.com”], “resource”: “new-reg”}
2016-04-04 08:23:34,243:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), jwk=None, alg=None, typ=None, x5t=None, jku=None, x5tS256=None, cty=None, kid=None, x5u=None

I have a 405 error code when try to send head request to https://acme-v01.api.letsencrypt.org/acme/new-reg

Anybody knows why?

Thanks!


#4

You are using the same e-mail address like before?

Try to run the command with -tvvvvvvvvvv and post the output


#5

Hi,

Yes, i am using the same email.

I try with -t and this is the ouput:

./letsencrypt-auto -t certonly --manual -d [domain]
Checking for new version…
Requesting root privileges to run letsencrypt…
sudo /Users/guillermo/.local/share/letsencrypt/bin/letsencrypt -t certonly --manual -d www.xxxxxx.es
Password:
Enter email address (used for urgent notices and lost key recovery) (Enter 'c’
to cancel):xxxx@xxxxx.com

Thats all…


#6

now add some -vvvvvvv to get verbose output…


#7
./letsencrypt-auto -t -vvvvvvvv certonly --manual -d www.xxxxxxx.es
Checking for new version...
Requesting root privileges to run letsencrypt...
   sudo /Users/guillermo/.local/share/letsencrypt/bin/letsencrypt -t -vvvvvvvv certonly --manual -d www.xxxxxxx.es
Password:
2016-04-05 15:58:27,645:DEBUG:letsencrypt.cli:Root logging level set at -50
2016-04-05 15:58:27,647:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-04-05 15:58:27,648:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.2
2016-04-05 15:58:27,648:DEBUG:letsencrypt.cli:Arguments: ['-t', '-vvvvvvvv', '--manual', '-d', 'www.xxxxxxx.es']
2016-04-05 15:58:27,649:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-04-05 15:58:27,650:DEBUG:letsencrypt.cli:Requested authenticator manual and installer None
2016-04-05 15:58:27,657:DEBUG:letsencrypt.display.ops:Single candidate plugin: * manual
Description: Manually configure an HTTP server
Interfaces: IAuthenticator, IPlugin
Entry point: manual = letsencrypt.plugins.manual:Authenticator
Initialized: <letsencrypt.plugins.manual.Authenticator object at 0x10c39c550>
Prep: True
2016-04-05 15:58:27,658:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.manual.Authenticator object at 0x10c39c550> and installer None
Enter email address (used for urgent notices and lost key recovery) (Enter 'c'
to cancel):xxxxxx@xxxxxx.com
2016-04-05 15:58:38,983:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-04-05 15:58:39,045:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-05 15:58:39,735:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2016-04-05 15:58:39,742:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Tue, 05 Apr 2016 13:58:39 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 05 Apr 2016 13:58:39 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'WwfwIjuz6mg7r68M3UmlcuqdCu1HFOSsW2XPjqa08aw'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-04-05 15:58:39,743:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Tue, 05 Apr 2016 13:58:39 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 05 Apr 2016 13:58:39 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'WwfwIjuz6mg7r68M3UmlcuqdCu1HFOSsW2XPjqa08aw'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2016-04-05 15:58:39,743:DEBUG:root:Requesting fresh nonce
2016-04-05 15:58:39,744:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {}
2016-04-05 15:58:39,747:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-05 15:58:40,090:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-reg HTTP/1.1" 405 0
2016-04-05 15:58:40,097:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Pragma': 'no-cache', 'Expires': 'Tue, 05 Apr 2016 13:58:40 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 05 Apr 2016 13:58:40 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'JIZHWz2WcvMzJaaLm2BN-J-QKIIpCHIAZE__G3nlRgI'}. Content: ''
2016-04-05 15:58:40,098:DEBUG:acme.client:Storing nonce: '$\x86G[=\x96r\xf33%\xa6\x8b\x9b`M\xf8\x9f\x90(\x82)\x08r\x00dO\xff\x1by\xe5F\x02'
2016-04-05 15:58:40,099:DEBUG:acme.jose.json_util:Omitted empty fields: authorizations=None, agreement=None, key=None, certificates=None

#8

Where is the rest? Can’t you run this as root aswell?


#9

sorry I left this 2 lines:

2016-04-05 15:58:40,099:DEBUG:acme.client:Serialized JSON: {"contact": ["mailto:xxxxx@xxxxxx.com"], "resource": "new-reg"}
2016-04-05 15:58:40,101:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), jwk=None, alg=None, typ=None, x5t=None, jku=None, x5tS256=None, cty=None, kid=None, x5u=None

#10

So far at this point, everything looks ok…

But i am missing the next steps in your logfile, like:

2016-04-05 16:09:02,376:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args:
2016-04-05 16:09:02,378:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-05 16:09:02,868:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-reg HTTP/1.1” 201 540

Which linux distribution are you using?


#11

I run it in OS X.

The 405 that the output show es normal??

2016-04-05 15:58:39,744:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {}
2016-04-05 15:58:39,747:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-05 15:58:40,090:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-reg HTTP/1.1" 405 0
2016-04-05 15:58:40,097:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '78', 'Pragma': 'no-cache', 'Expires': 'Tue, 05 Apr 2016 13:58:40 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 05 Apr 2016 13:58:40 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'JIZHWz2WcvMzJaaLm2BN-J-QKIIpCHIAZE__G3nlRgI'}. Content: ''

#12

Yes, thats normal. I get this response aswell on a positive test.

About OS-X i have no idea. But i am still wondering, why it cut on this step.


#13

Me too, i don’t know why, i run on it before and no problem, but suddenly doesn’t work.

Thanks for all, now im trying to run with docker in the server side…