Ah okay. In my different situation I did mv /etc/ssl/cert /tmp
Then ran command again. I will try -D next time instead. V/r, Bryan > On May 25, 2018, at 5:51 PM, Scott Vanderbilt <li...@datagenic.com> wrote: > >> On 5/25/2018 2:41 PM, Bryan Harris wrote: >> Did you already have a cert for datagenic.com but which didn’t include the >> new name? >> I think the -A argument only makes a new cert when old one doesn’t exist. >> Otherwise tries to use found cert and failed because old cert doesn’t have >> new name. At least that’s my understanding. >> Or maybe I misunderstood the error message. >> V/r, >> Bryan > > Thanks for chipping in. > > Regrettably, I get the same error with -D flag only (i.e., no -A). > > >>> On May 25, 2018, at 4:10 PM, Scott Vanderbilt <li...@datagenic.com> wrote: >>> >>> I'm having difficulty creating a new SSL cert for a virtual host I'm just >>> standing up for the first time. I get the following error on successive >>> attempts: >>> >>> urn:acme:error:unauthorized >>> Error creating new cert :: authorizations for these names not found or >>> expired: aeneas.datagenic.com >>> >>> I've verified it's not a web server access issue, as I am able to >>> successfully retrieve a static HTML file from the challenge directory >>> >>> aeneas$ curl >>> http://aeneas.datagenic.com/.well-known/acme-challenge/test.html >>> Foo >>> aeneas$ >>> >>> Complete verbose error message, config file, and dmesg follow. >>> >>> Thanks in advance for any assistance you can lend. >>> >>> ------------------------------------------------------------------------------------ >>> >>> aeneas# acme-client -vvAD aeneas.datagenic.com >>> acme-client: /etc/ssl/acme/private/aeneas.datagenic.com/privkey.pem: domain >>> key exists (not creating) >>> acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not >>> creating) >>> acme-client: /etc/ssl/acme/private/aeneas.datagenic.com/privkey.pem: loaded >>> RSA domain key >>> acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key >>> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories >>> acme-client: acme-v01.api.letsencrypt.org: DNS: 23.75.196.250 >>> acme-client: transfer buffer: [{ "key-change": >>> "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { >>> "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": >>> "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", >>> "website": "https://letsencrypt.org" }, "new-authz": >>> "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": >>> "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": >>> "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": >>> "https://acme-v01.api.letsencrypt.org/acme/revoke-cert", "sw0ePngTU-0": >>> "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417" >>> }] (658 bytes) >>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: >>> aeneas.datagenic.com >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": >>> "aeneas.datagenic.com" }, "status": "pending", "expires": >>> "2018-06-01T19:22:23Z", "challenges": [ { "type": "tls-sni-01", "status": >>> "pending", "uri": >>> "https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114624", >>> "token": "TpW1KNEcns3ebXVxbBwYToVOjsMEzR78MWySuyKvdhI" }, { "type": >>> "dns-01", "status": "pending", "uri": >>> "https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114625", >>> "token": "Iq66R_OgKJ2VURMLyVxLD8hjnWtLqrjqSYb0L3YRqNU" }, { "type": >>> "http-01", "status": "pending", "uri": >>> "https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114626", >>> "token": "iJcmtseVVljOzlLIKYoN0-Pu5SQ4sLcqmCGgtwUj3co" } ], >>> "combinations": [ [ 1 ], [ 0 ], [ 2 ] ] }] (998 bytes) >>> acme-client: >>> /var/www/htdocs/default/acme/iJcmtseVVljOzlLIKYoN0-Pu5SQ4sLcqmCGgtwUj3co: >>> created >>> acme-client: >>> https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114626: >>> challenge >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", >>> "uri": >>> "https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114626", >>> "token": "iJcmtseVVljOzlLIKYoN0-Pu5SQ4sLcqmCGgtwUj3co", >>> "keyAuthorization": >>> "iJcmtseVVljOzlLIKYoN0-Pu5SQ4sLcqmCGgtwUj3co.oHnB0_JsMCOWBPKhfVMYsIDZr_T2Wo-Y5z0fh-cmkA4" >>> }] (336 bytes) >>> acme-client: >>> https://acme-v01.api.letsencrypt.org/acme/challenge/xFIciSX0MzV47lV98sOT6mojdXIXXfIh_2yiH-dzT6k/4809114626: >>> status >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: acme-v01.api.letsencrypt.org: cached >>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: bad HTTP: >>> 403 >>> acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", >>> "detail": "Error creating new cert :: authorizations for these names not >>> found or expired: aeneas.datagenic.com", "status": 403 }] (176 bytes) >>> acme-client: bad exit: netproc(38047): 1 >>> >>> >>> --------------------------------------------------------- >>> aeneas$ cat /etc/acme-client.conf >>> # >>> # $OpenBSD: acme-client.conf,v 1.7 2018/04/13 08:24:38 ajacoutot Exp $ >>> # >>> authority letsencrypt { >>> api url "https://acme-v01.api.letsencrypt.org/directory" >>> account key "/etc/acme/letsencrypt-privkey.pem" >>> } >>> >>> authority letsencrypt-staging { >>> api url "https://acme-staging.api.letsencrypt.org/directory" >>> account key "/etc/acme/letsencrypt-staging-privkey.pem" >>> } >>> >>> domain aeneas.datagenic.com { >>> # alternative names { secure.aeneas.datagenic.com } >>> domain key "/etc/ssl/acme/private/aeneas.datagenic.com/privkey.pem" >>> domain certificate "/etc/ssl/acme/aeneas.datagenic.com/cert.pem" >>> domain chain certificate >>> "/etc/ssl/acme/aeneas.datagenic.com/chain.pem" >>> domain full chain certificate >>> "/etc/ssl/acme/aeneas.datagenic.com/fullchain.pem" >>> sign with letsencrypt >>> challengedir "/var/www/htdocs/default/acme" >>> } >>> >>> ------------------------------------------------------------- >>> aeneas$ dmesg >>> >>> OpenBSD 6.3-current (GENERIC.MP) #45: Thu May 24 19:22:57 MDT 2018 >>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >>> real mem = 4186652672 (3992MB) >>> avail mem = 4051607552 (3863MB) >>> mpath0 at root >>> scsibus0 at mpath0: 256 targets >>> mainbus0 at root >>> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe92a0 (93 entries) >>> bios0: vendor American Megatrends Inc. version "0402" date 07/18/2011 >>> bios0: ASUSTeK Computer INC. P8H61-M LX >>> acpi0 at bios0: rev 2 >>> acpi0: sleep states S0 S1 S3 S4 S5 >>> acpi0: tables DSDT FACP APIC SSDT MCFG HPET >>> acpi0: wakeup devices UAR1(S4) PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) P0P3(S4) >>> P0P4(S4) P0P1(S4) P0P2(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) >>> PEX5(S4) PEX6(S4) [...] >>> acpitimer0 at acpi0: 3579545 Hz, 24 bits >>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat >>> cpu0 at mainbus0: apid 0 (boot processor) >>> cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.90 MHz >>> cpu0: >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN >>> cpu0: 256KB 64b/line 8-way L2 cache >>> cpu0: smt 0, core 0, package 0 >>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges >>> cpu0: apic clock running at 99MHz >>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE >>> cpu1 at mainbus0: apid 2 (application processor) >>> cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz >>> cpu1: >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN >>> cpu1: 256KB 64b/line 8-way L2 cache >>> cpu1: smt 0, core 1, package 0 >>> ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 20, 24 pins >>> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-63 >>> acpihpet0 at acpi0: 14318179 Hz >>> acpiprt0 at acpi0: bus 0 (PCI0) >>> acpiprt1 at acpi0: bus -1 (P0P3) >>> acpiprt2 at acpi0: bus -1 (P0P4) >>> acpiprt3 at acpi0: bus 1 (P0P1) >>> acpiprt4 at acpi0: bus -1 (P0P2) >>> acpiprt5 at acpi0: bus 2 (PEX0) >>> acpiprt6 at acpi0: bus 3 (PEX1) >>> acpiprt7 at acpi0: bus 4 (PEX2) >>> acpiprt8 at acpi0: bus 6 (PEX4) >>> acpicpu0 at acpi0: C3(350@104 mwait.3@0x20), C2(500@80 mwait.3@0x10), >>> C1(1000@1 halt), PSS >>> acpicpu1 at acpi0: C3(350@104 mwait.3@0x20), C2(500@80 mwait.3@0x10), >>> C1(1000@1 halt), PSS >>> acpicmos0 at acpi0 >>> "INT3F0D" at acpi0 not configured >>> acpibtn0 at acpi0: PWRB >>> "PNP0C14" at acpi0 not configured >>> acpivideo0 at acpi0: GFX0 >>> acpivout0 at acpivideo0: DD02 >>> cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 2000, >>> 1900, 1800, 1700, 1600 MHz >>> pci0 at mainbus0 bus 0 >>> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 >>> ppb0 at pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: msi >>> pci1 at ppb0 bus 1 >>> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09 >>> drm0 at inteldrm0 >>> inteldrm0: msi >>> inteldrm0: 1280x1024, 32bpp >>> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) >>> wsdisplay0: screen 1-5 added (std, vt100 emulation) >>> "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured >>> ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 0 int 23 >>> usb0 at ehci0: USB revision 2.0 >>> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev >>> 2.00/1.00 addr 1 >>> azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x05: msi >>> azalia0: codecs: Realtek/0x0887 >>> audio0 at azalia0 >>> ppb1 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb5: msi >>> pci2 at ppb1 bus 2 >>> rtwn0 at pci2 dev 0 function 0 "Realtek RTL8192CE" rev 0x01: msi >>> rtwn0: MAC/BB RTL8192CE, RF 6052 2T2R, address 14:da:e9:f0:d9:de >>> ppb2 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb5: msi >>> pci3 at ppb2 bus 3 >>> ppb3 at pci0 dev 28 function 2 "Intel 6 Series PCIE" rev 0xb5: msi >>> pci4 at ppb3 bus 4 >>> re0 at pci4 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E-VL >>> (0x2c80), msi, address 14:da:e9:b7:15:30 >>> rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5 >>> ppb4 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb5: msi >>> pci5 at ppb4 bus 5 >>> ppb5 at pci0 dev 28 function 4 "Intel 82801BA Hub-to-PCI" rev 0xb5: msi >>> pci6 at ppb5 bus 6 >>> ppb6 at pci0 dev 28 function 5 "Intel 6 Series PCIE" rev 0xb5: msi >>> pci7 at ppb6 bus 7 >>> ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x05: apic 0 int 23 >>> usb1 at ehci1: USB revision 2.0 >>> uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev >>> 2.00/1.00 addr 1 >>> pcib0 at pci0 dev 31 function 0 "Intel H61 LPC" rev 0x05 >>> pciide0 at pci0 dev 31 function 2 "Intel 6 Series SATA" rev 0x05: DMA, >>> channel 0 configured to native-PCI, channel 1 configured to native-PCI >>> pciide0: using apic 0 int 20 for native-PCI interrupt >>> wd0 at pciide0 channel 0 drive 0: <INTEL SSDSC2BW120A4> >>> wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors >>> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 >>> ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x05: apic 0 >>> int 18 >>> iic0 at ichiic0 >>> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 >>> spdmem1 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600 >>> pciide1 at pci0 dev 31 function 5 "Intel 6 Series SATA" rev 0x05: DMA, >>> channel 0 wired to native-PCI, channel 1 wired to native-PCI >>> pciide1: using apic 0 int 20 for native-PCI interrupt >>> isa0 at pcib0 >>> isadma0 at isa0 >>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo >>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12 >>> pckbd0 at pckbc0 (kbd slot) >>> wskbd0 at pckbd0: console keyboard, using wsdisplay0 >>> pms0 at pckbc0 (aux slot) >>> wsmouse0 at pms0 mux 0 >>> pcppi0 at isa0 port 0x61 >>> spkr0 at pcppi0 >>> lpt0 at isa0 port 0x378/4 irq 7 >>> wbsio0 at isa0 port 0x2e/2: NCT6776F rev 0x33 >>> lm1 at wbsio0 port 0x290/8: NCT6776F >>> uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" >>> rev 2.00/0.00 addr 2 >>> uhub3 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" >>> rev 2.00/0.00 addr 2 >>> vscsi0 at root >>> scsibus1 at vscsi0: 256 targets >>> softraid0 at root >>> scsibus2 at softraid0: 256 targets >>> root on wd0a (766cf76462667bec.a) swap on wd0b dump on wd0b >>> >>> >