error getting first cert - acme-client: File exists

Joris Vanhecke Tue, 04 Dec 2018 14:27:03 -0800

Hi misc,

I'm having trouble getting a new certificate on my server.
Using 6.4 stable. Same setup worked fine for me in the past.


Thanks

openbsd# cat /etc/httpd.conf
# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

server "vid.jorisvanhecke.be" {
        listen on * port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI";
        }
}

#server "vid.jorisvanhecke.be" {
#       listen on * tls port 443
#       tls {
#               certificate "/etc/ssl/vid.jorisvanhecke.be.fullchain.pem"
#               key "/etc/ssl/private/vid.jorisvanhecke.be.key"
#       }
#       location "/pub/*" {
#               directory auto index
#       }
#       location "/.well-known/acme-challenge/*" {
#               root "/acme"
#               request strip 2
#       }
#}
openbsd# httpd -n
configuration OK
openbsd# rcctl restart httpd
httpd(ok)
httpd(ok)
openbsd# cat /etc/acme-client.conf
#
# $OpenBSD: acme-client.conf,v 1.7 2018/04/13 08:24:38 ajacoutot Exp $
#
authority letsencrypt {
        api url "https://acme-v01.api.letsencrypt.org/directory";
        account key "/etc/acme/letsencrypt-privkey.pem"
}

authority letsencrypt-staging {
        api url "https://acme-staging.api.letsencrypt.org/directory";
        account key "/etc/acme/letsencrypt-staging-privkey.pem"
}

domain vid.jorisvanhecke.be {
        alternative names { vid.jorisvanhecke.be }
        domain key "/etc/ssl/private/vid.jorisvanhecke.be.key"
        domain certificate "/etc/ssl/vid.jorisvanhecke.be.crt"
        domain full chain certificate 
"/etc/ssl/vid.jorisvanhecke.be.fullchain.pem"
        sign with letsencrypt-staging
}
openbsd# acme-client -vvAD vid.jorisvanhecke.be
acme-client: /etc/ssl/private/vid.jorisvanhecke.be.key: domain key exists (not 
creating)
acme-client: /etc/acme/letsencrypt-staging-privkey.pem: account key exists (not 
creating)
acme-client: /etc/ssl/private/vid.jorisvanhecke.be.key: loaded RSA domain 
keyacme-client:
/etc/acme/letsencrypt-staging-privkey.pem: loaded RSA account key
acme-client: https://acme-staging.api.letsencrypt.org/directory: directories
acme-client: acme-staging.api.letsencrypt.org: DNS: 2.19.78.54
acme-client: transfer buffer: [{ "LrXBVtAcr4A": 
"https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417";,
 "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change";, 
"meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": 
"https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";, "website": 
"https://letsencrypt.org/docs/staging-environment/"; }, "new-authz": 
"https://acme-staging.api.letsencrypt.org/acme/new-authz";, "new-cert": 
"https://acme-staging.api.letsencrypt.org/acme/new-cert";, "new-reg": 
"https://acme-staging.api.letsencrypt.org/acme/new-reg";, "revoke-cert": 
"https://acme-staging.api.letsencrypt.org/acme/revoke-cert"; }] (704 bytes)
acme-client: https://acme-staging.api.letsencrypt.org/acme/new-authz: req-auth: 
vid.jorisvanhecke.be
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": 
"vid.jorisvanhecke.be" }, "status": "pending", "expires": 
"2018-12-11T22:06:21Z", "challenges": [ { "type": "http-01", "status": 
"pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180367";,
 "token": "ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo" }, { "type": 
"tls-alpn-01", "status": "pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180368";,
 "token": "pq9tcipfoJC2nP_WQT5R3RQWhmsZYgMjVDekUUlr6t0" }, { "type": "dns-01", 
"status": "pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180369";,
 "token": "Dbr75pDwnt07kob-lADrWyz9kof_m1KUpj5EXNVAh3E" } ], "combinations": [ 
[ 1 ], [ 0 ], [ 2 ] ] }] (1008 bytes)
acme-client: https://acme-staging.api.letsencrypt.org/acme/new-authz: req-auth: 
vid.jorisvanhecke.be
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": 
"vid.jorisvanhecke.be" }, "status": "pending", "expires": 
"2018-12-11T22:06:21Z", "challenges": [ { "type": "http-01", "status": 
"pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180367";,
 "token": "ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo" }, { "type": 
"tls-alpn-01", "status": "pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180368";,
 "token": "pq9tcipfoJC2nP_WQT5R3RQWhmsZYgMjVDekUUlr6t0" }, { "type": "dns-01", 
"status": "pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180369";,
 "token": "Dbr75pDwnt07kob-lADrWyz9kof_m1KUpj5EXNVAh3E" } ], "combinations": [ 
[ 1 ], [ 0 ], [ 2 ] ] }] (1008 bytes)
acme-client: /var/www/acme/ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo: created
acme-client: 
https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180367:
 challenge
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: acme-staging.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", "uri": 
"https://acme-staging.api.letsencrypt.org/acme/challenge/_LBGkpu1T1Rj8huNUdcnsDozK0gOf8WInplXjUgu-7Q/205180367";,
 "token": "ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo", "keyAuthorization": 
"ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo.iLk_8K131g9ylG_zX9BjwEI_Ut4JMRZZ0f5J8tggb4A"
 }] (339 bytes)
acme-client: ucLkCbxSCkxcDxrtX5KWJ9AKWHnq50HSh-sQR22mwxo: File exists
acme-client: bad exit: netproc(49663): 1
acme-client: bad exit: challengeproc(49905): 1
openbsd# dig vid.jorisvanhecke.be @8.8.8.8

; <<>> DiG 9.4.2-P2 <<>> vid.jorisvanhecke.be @8.8.8.8
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28976
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;vid.jorisvanhecke.be.          IN      A

;; ANSWER SECTION:
vid.jorisvanhecke.be.   3599    IN      A       159.100.243.188

;; Query time: 129 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec  4 23:10:15 2018
;; MSG SIZE  rcvd: 54

openbsd# curl ifconfig.io
159.100.243.188
openbsd#
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]

error getting first cert - acme-client: File exists

Reply via email to