Re: acme-client issues

[Ricardo Mestre]

Hi Nils,

By any chance does your acme-client.conf contains "agreement url"
lines? If yes please remove them and run acme-client again.

/mestre

On 10:57 Tue 03 Apr     , Nils Gillmann wrote:
> Hi,
> 
> what's the deal with acme-client? back on 6.2 and now on 6.3 I never managed 
> to
> make it run with positive results.
> 
> my httpd has this in the server definition:
> 
>         location "/.well-known/acme-challenge/*" {
>                 root { "/acme", strip 2 }
>         }
> 
> the server listens on port 80.
> 
> acme-client.conf contains this in addition to the 6.3 defaults:
> 
> domain git.infotropique.org {
>        alternative names { c.n0.is code.crash.cx }
>        domain key "/etc/ssl/private/git.infotropique.org.key"
>        domain certificate "/etc/ssl/git.infotropique.org.crt"
>        domain full chain certificate 
> "/etc/ssl/git.infotropique.org.fullchain.pem"
>        sign with letsencrypt
> }
> 
> Yet running acme-client -vvAD git.infotropique.org results in:
> 
> acme-client: /etc/ssl/private/git.infotropique.org.key: domain key exists 
> (not creating)
> acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not 
> creating)
> acme-client: /etc/ssl/private/git.infotropique.org.key: loaded RSA domain key
> acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key
> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
> acme-client: acme-v01.api.letsencrypt.org: DNS: 23.43.120.29
> acme-client: transfer buffer: [{ "key-change": 
> "https://acme-v01.api.letsencrypt.org/acme/key-change";, "meta": { 
> "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": 
> "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";, 
> "website": "https://letsencrypt.org"; }, "new-authz": 
> "https://acme-v01.api.letsencrypt.org/acme/new-authz";, "new-cert": 
> "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "new-reg": 
> "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert": 
> "https://acme-v01.api.letsencrypt.org/acme/revoke-cert";, "rkQQNutMuUA": 
> "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417";
>  }] (658 bytes)
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: 
> git.infotropique.org
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: acme-v01.api.letsencrypt.org: cached
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 
> 403
> acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", 
> "detail": "No registration exists matching provided key", "status": 403 }] 
> (120 bytes)
> acme-client: bad exit: netproc(35077): 1
> 
> 
> Obviously httpd is running.
> 
> Is there something I'm missing?
>