Wow. I know that this is possible because Iāve done it before. But I canāt even make this work:
# certbot certonly -d quantum-equities.com,www.quantum-equities.com,mail.quantum-equities.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
[('PEM routines', 'PEM_read_bio', 'no start line')]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 309, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
An unexpected error occurred:
Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
Please see the logfiles in /var/log/letsencrypt for more details.
And no the server is not nginx, itās apache.
2018-05-22 09:44:55,416:DEBUG:certbot.main:certbot version: 0.23.0
2018-05-22 09:44:55,416:DEBUG:certbot.main:Arguments: ['-d', 'quantum-equities.com,www.quantum-equities.com,mail.quantum-equities.com']
2018-05-22 09:44:55,416:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-05-22 09:44:55,430:DEBUG:certbot.log:Root logging level set at 20
2018-05-22 09:44:55,430:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-05-22 09:44:55,430:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2018-05-22 09:44:55,605:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2018-05-22 09:44:56,002:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f691dea6210>
Prep: True
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f691dde07d0>
Prep: True
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f691dde0ad0>
Prep: True
2018-05-22 09:45:02,166:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f691dde07d0> and installer None
2018-05-22 09:45:02,166:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-05-22 09:45:02,189:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:colony.three@protonmail.ch',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f6920b02750>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/24597921', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), efe906d6eb95cf90fccee2da3cdba202, Meta(creation_host=u'quantum.darkmatter.org', creation_dt=datetime.datetime(2017, 11, 20, 20, 45, 20, tzinfo=<UTC>)))>
2018-05-22 09:45:02,194:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-05-22 09:45:02,197:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-05-22 09:45:03,251:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2018-05-22 09:45:03,252:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
expires: Tue, 22 May 2018 16:45:03 GMT
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
date: Tue, 22 May 2018 16:45:03 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: mwCgqTgLN2PZIqFTh2O_K1jMdjT1_fn8QiYEv8yTeOE
{
"ZxZM0V5LRsY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2018-05-22 09:45:03,255:ERROR:certbot.crypto_util:[('PEM routines', 'PEM_read_bio', 'no start line')]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 309, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
2018-05-22 09:45:03,255:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.23.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1266, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1150, in certonly
should_get_cert, lineage = _find_cert(config, domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 283, in _find_cert
action, lineage = _find_lineage_for_domains_and_certname(config, domains, certname)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 310, in _find_lineage_for_domains_and_certname
return _find_lineage_for_domains(config, domains)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 254, in _find_lineage_for_domains
ident_names_cert, subset_names_cert = cert_manager.find_duplicative_certs(config, domains)
File "/usr/lib/python2.7/site-packages/certbot/cert_manager.py", line 165, in find_duplicative_certs
return _search_lineages(config, update_certs_for_domain_matches, (None, None))
File "/usr/lib/python2.7/site-packages/certbot/cert_manager.py", line 380, in _search_lineages
rv = func(candidate_lineage, rv, *args)
File "/usr/lib/python2.7/site-packages/certbot/cert_manager.py", line 153, in update_certs_for_domain_matches
candidate_names = set(candidate_lineage.names())
File "/usr/lib/python2.7/site-packages/certbot/storage.py", line 851, in names
return crypto_util.get_names_from_cert(f.read())
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 357, in get_names_from_cert
csr, OpenSSL.crypto.load_certificate, typ)
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 337, in _get_names_from_cert_or_req
loaded_cert_or_req = _load_cert_or_req(cert_or_req, load_func, typ)
File "/usr/lib/python2.7/site-packages/certbot/crypto_util.py", line 309, in _load_cert_or_req
return load_func(typ, cert_or_req_str)
Error: [('PEM routines', 'PEM_read_bio', 'no start line')]
2018-05-22 09:45:03,256:ERROR:certbot.log:An unexpected error occurred:
Of course Apache isnāt running because it canāt find a cert for quantum-equities.com . Yet I canāt get a cert because Apache isnāt runningā¦