Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped.
My script: getssl -u -a -q getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi... - please check it manually
So I did check it manually from another machine - it works fine: curl http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
So it works fine.
I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error.
How do I see/tell what its not liking ?
Thanks,
Jerry
On Fri, 14 May 2021 at 11:52, Jerry Geis jerry.geis@gmail.com wrote:
Hi All - I am using getssl on CentOS 7.
which getssl are you using? I could assume https://github.com/srvrco/getssl but it could be all numbers of things.
If it is that one, then it is written in bash so it should work via bash -x and removing the -q to get more data on what might be broken.
It have been working fine since Feb 17th and just stopped.
My script: getssl -u -a -q getssl: for some reason could not reach
http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
- please check it manually
So I did check it manually from another machine - it works fine: curl
http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
So it works fine.
I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error.
How do I see/tell what its not liking ?
Thanks,
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Fri, May 14, 2021 at 10:52 AM Jerry Geis jerry.geis@gmail.com wrote:
Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped.
Are you using a recent version of getssl? Newer releases support ACMEv2 , and there is a planned brownout of ACMEv1 service in effect right now. You shouldbe migrating everything to ACMEv2 support only right now.
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/16
On Fri, May 14, 2021 at 11:52 AM Jerry Geis jerry.geis@gmail.com wrote:
Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped.
My script: getssl -u -a -q getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
- please check it manually
So I did check it manually from another machine - it works fine: curl http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
So it works fine.
I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error.
How do I see/tell what its not liking ?
Thanks,
Jerry
I took off the -q as requested - doesnt say much more.
Redirecting to /bin/systemctl stop httpd.service Check all certificates MY_NAME: no certificate obtained from host Registering account Verify each domain Verifying MY_NAME copying challenge token to /var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi... - please check it manually Redirecting to /bin/systemctl start httpd.service
I thought the -u does the automatic upgrade -
getssl -v getssl V2.36
Thanks,
Jerry
On Fri, 14 May 2021 at 13:43, Jerry Geis jerry.geis@gmail.com wrote:
On Fri, May 14, 2021 at 11:52 AM Jerry Geis jerry.geis@gmail.com wrote:
Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped.
My script: getssl -u -a -q getssl: for some reason could not reach
http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
- please check it manually
So I did check it manually from another machine - it works fine: curl
http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
So it works fine.
I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error.
How do I see/tell what its not liking ?
Thanks,
Jerry
I took off the -q as requested - doesnt say much more.
Redirecting to /bin/systemctl stop httpd.service Check all certificates MY_NAME: no certificate obtained from host Registering account Verify each domain Verifying MY_NAME copying challenge token to
/var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM getssl: for some reason could not reach
http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTi...
- please check it manually
Redirecting to /bin/systemctl start httpd.service
I thought the -u does the automatic upgrade -
getssl -v getssl V2.36
I would check the getssl.cfg file and see if it is asking for version 1 acme certs. [ I do not use this software and am just going from https://github.com/srvrco/getssl where it has the certificate server it wants to use in the latest version to be
CA="https://acme-v02.api.letsencrypt.org"
-
Jerry Geis -
Jon Pruente -
Stephen John Smoogen