-
Notifications
You must be signed in to change notification settings - Fork 499
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let's Encrypt: Unable to get staging certificates #701
Comments
I'm sure Ylian will have a better response, but you may want to include what https://letsdebug.net/ has to say about the site as well for more info. |
Yes, forgot to add that. Letsdebug shows no errors |
Interesting, you did everything correctly here. I was exactly going to suggest https://letsdebug.net/, so very nice that you did that. By the way, "rsaKeySize" is now ignored and always 2048 in this version, so that has no impact. Your settings look good. Even if you used "production":true, this new MeshCentral will always first start by getting a staging certificate. So, you need to pass that test anyway regardless. It looks like it's failing after almost exactly 1 second. First, make sure the "meshcentral-data" folder is writable. GreenLock3 will need to create and write new files to that folder. If you already have "letencrypt3" and "letencrypt3-staging" folders in meshcentral-data, remove them and try again. These folders should be auto-recreated. One thing you could try is running MeshCentral like this:
You will now see all the web requests coming into the server on both ports 80 and 443. Then, you can try https://letsdebug.net/ again and make sure that you see the request from the letsdebug server or get requests from the Let's Encrypt staging server. If by chance, let's debug and let's encrypt try to access your server on port 80 and hit a different server, Let's Debug may say ok, but Let's Encrypt will not like that. Are you running a reverse proxy in front of MeshCentral? If you can try the two things above and report back, that would be great. - Thanks. |
As far as I can tell, the folders should be writable, is there something about the specific folder permissions maybe? I'm noticing that the log.txt file in meshcentral-data is being generated without read permission, i'm not sure if that's a clue or a red herring. The folders for letsencrypt have "drwxrwxr-x" The system is running on a fresh Azure VM Here is the log file with the extra debug flags as well as trying letsdebug-test (still reporting "OK")
|
This is interesting. It's as if GreenLock3 is timing out after exactly 1 second, but you are getting the challenge requests from the Let's Encrypt server perfectly... Thanks for posting the logs, let me work on this a bit. |
Just posted an issue on GreenLock here on this topic because I would like better error messages from GreenLock. |
Looking at the GreenLock3 code, I did find that it seems like the domain of your email address will get DNS resolved and there is a exact 1 second timeout for that. So, it could be that your email address domain name does not resolve and causes the fail. Can you revise your email address and try again? - If that is not the problem, let me know. |
Just published MeshCentral v0.4.5-f that will now display the error strings when running manually. So, it's possible that with this new version, a GreenLock3 problem will now show up. |
Ah ha! A single trailing whitespace character in the config.js for my email. Certificate issues just fine now. Thanks for all your help! |
I'm having trouble getting a certificate from the staging step, here is the log:
My Config has the following:
Currently running:
Edit: letsdebug shows "All OK!"
The text was updated successfully, but these errors were encountered: