DaemonForums - View Single Post - acme-client fail

toprank · #3 **(View Single Post)** 15th February 2018

Quote:

Originally Posted by TronDD

Check the example httpd.conf config in the acme-client man page again. "root" within a location block is relative to the chroot of the server.

Thanks for your help, but that was one of the many configurations I tried. It, too, exits with a fail. See:

Code:

# cat /etc/httpd.conf
ext_addr="*"

server "domain.tld" {
    listen on $ext_addr port 80

location "/.well-known/acme-challenge/*" {
        root "/acme"
        root strip 2
    }
}
# /etc/rc.d/httpd restart
httpd(ok)
httpd(ok)
# httpd -f /etc/httpd.conf
# acme-client -DAvv www.domain.tld
acme-client: /etc/ssl/private/domain.tld.key: generated RSA domain key
acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 104.116.104.206
acme-client: transfer buffer: [{ "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "oxn-Dj-ipKg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" }] (562 bytes)
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-client: acme-v01.api.letsencrypt.org: cached
acme-client: acme-v01.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ "id": 29529464, "key": { "kty": "RSA", "n": "vhwZ9lexJbtG8FzfYRC5EXQ9pCMXZ8ZKOomsnixhgaDC7DvS-rXKFUWzoSnHkpiSbfDEBLA__6x_MOKmSg8KW_QC0gtGPJq3izlNF42ksyZuX_YZjSXEugBe1TInektmEB3kLS9gvVEz1epWbdMZhiQ0frVaKiMwqnlQ7jnwQ515PJmCEI_CzGNMJnJwQkgoLFgnZyNod9NHHw1LqZzK9u6worgPnp__xoS6MNhjpFj5IcM9Aqa09St_YFDmEOx7Hrk758Hl319vH05bwgyOhSqZ2Th5E69j7g_DJMSHOUQKO_8Z1W32MZk35nxDDi66KQ7VSVjeZJgvxR1cVsWegB6L4diI76CAg__D-06_hiVAtq2OtZewoO4Ga2HEJcox1nL9Djvo4mjZazel8SFvw2N76qsH2oBWFpY-pzRJMz2TN8ZKFkTE1yUIDAnVmdKLJSkGoyfSmy34K3exaAtbddtv_tmAoFhRjsA5n5r7Bmc6bksvR322WMcHwdnbRwby_i3mZso490sqyFwhcDapQQbp4xK_i8477dCxZrT1_2-J4IScryUn86ALRkqTSKHRGNA-NBKkBAfMOVMqJkgoWvAAcE3IFUcl2fRKSMstyeQo5Krj3WjxGxo8Ad3MskwBcd7qZmxxVmztOB0MGcFT-4dlCUlDs1BbbpmFi0SSl-M", "e": "AQAB" }, "contact": [], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "initialIp": "101.161.18.12", "createdAt": "2018-02-15T15:51:08.053191059Z", "status": "valid" }] (969 bytes)
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: 

< snip >

acme-client: acme-v01.api.letsencrypt.org: cached
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/59nXX7IzvBAtcDM3qhypx9hYOc6Ohj0ZKdfiOg-jshQ/3471455313: bad response
acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://domain.tld/.well-known/acme-challenge/N7-U9RBiMaq93mLpb5B8RUiYV-6C8ChyZ8UE79Gxllg: \"\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/59nXX7IzvBAtcDM3qhypx9hYOc6Ohj0ZKdfiOg-jshQ/3471455313", "token": "N7-U9RBiMaq93mLpb5B8RUiYV-6C8ChyZ8UE79Gxllg", "keyAuthorization": "N7-U9RBiMaq93mLpb5B8RUiYV-6C8ChyZ8UE79Gxllg.PS2AzgPLXmuBMFt3sF5INiI_FAT47DSspN_5mFO0wkE", "validationRecord": [ { "url": "http://www.domain.tld/.well-known/acme-challenge/N7-U9RBiMaq93mLpb5B8RUiYV-6C8ChyZ8UE79Gxllg", "hostname": "domain.tld", "port": "80", "addressesResolved": [ "101.161.18.12" ], "addressUsed": "101.161.18.12" } ] }] (1055 bytes)
acme-client: bad exit: netproc(36359): 1
#