Re: [CentOS] getssl was working stopped
CA="https://acme-v02.api.letsencrypt.org; This is what my file has also Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getssl was working stopped
On Fri, 14 May 2021 at 13:43, Jerry Geis wrote: > On Fri, May 14, 2021 at 11:52 AM Jerry Geis wrote: > > > Hi All - I am using getssl on CentOS 7. > > It have been working fine since Feb 17th and just stopped. > > > > My script: > > getssl -u -a -q > > getssl: for some reason could not reach > > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > - please check it manually > > > > So I did check it manually from another machine - it works fine: > > curl > > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > > > > > > lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI > > > > So it works fine. > > > > I then thought perhaps a firewall issue. So I "systemctl stop firewalld", > > redid the getssl -u -a -q command above - and I get the same error. > > > > How do I see/tell what its not liking ? > > > > Thanks, > > > > Jerry > > > > I took off the -q as requested - doesnt say much more. > > > Redirecting to /bin/systemctl stop httpd.service > Check all certificates > MY_NAME: no certificate obtained from host > Registering account > Verify each domain > Verifying MY_NAME > copying challenge token to > > /var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > getssl: for some reason could not reach > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > - please check it manually > Redirecting to /bin/systemctl start httpd.service > > > > I thought the -u does the automatic upgrade - > > getssl -v > getssl V2.36 > > I would check the getssl.cfg file and see if it is asking for version 1 acme certs. [ I do not use this software and am just going from https://github.com/srvrco/getssl where it has the certificate server it wants to use in the latest version to be CA="https://acme-v02.api.letsencrypt.org; -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on BBS... time to reboot. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getssl was working stopped
On Fri, May 14, 2021 at 11:52 AM Jerry Geis wrote: > Hi All - I am using getssl on CentOS 7. > It have been working fine since Feb 17th and just stopped. > > My script: > getssl -u -a -q > getssl: for some reason could not reach > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > - please check it manually > > So I did check it manually from another machine - it works fine: > curl > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > > lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI > > So it works fine. > > I then thought perhaps a firewall issue. So I "systemctl stop firewalld", > redid the getssl -u -a -q command above - and I get the same error. > > How do I see/tell what its not liking ? > > Thanks, > > Jerry > I took off the -q as requested - doesnt say much more. Redirecting to /bin/systemctl stop httpd.service Check all certificates MY_NAME: no certificate obtained from host Registering account Verify each domain Verifying MY_NAME copying challenge token to /var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM - please check it manually Redirecting to /bin/systemctl start httpd.service I thought the -u does the automatic upgrade - getssl -v getssl V2.36 Thanks, Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getssl was working stopped
On Fri, May 14, 2021 at 10:52 AM Jerry Geis wrote: > Hi All - I am using getssl on CentOS 7. > It have been working fine since Feb 17th and just stopped. > Are you using a recent version of getssl? Newer releases support ACMEv2 , and there is a planned brownout of ACMEv1 service in effect right now. You shouldbe migrating everything to ACMEv2 support only right now. https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/16 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getssl was working stopped
On Fri, 14 May 2021 at 11:52, Jerry Geis wrote: > Hi All - I am using getssl on CentOS 7. > which getssl are you using? I could assume https://github.com/srvrco/getssl but it could be all numbers of things. If it is that one, then it is written in bash so it should work via bash -x and removing the -q to get more data on what might be broken. It have been working fine since Feb 17th and just stopped. > > My script: > getssl -u -a -q > getssl: for some reason could not reach > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > - please check it manually > > So I did check it manually from another machine - it works fine: > curl > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > > lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI > > So it works fine. > > I then thought perhaps a firewall issue. So I "systemctl stop firewalld", > redid the getssl -u -a -q command above - and I get the same error. > > How do I see/tell what its not liking ? > > Thanks, > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on BBS... time to reboot. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] getssl was working stopped
Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped. My script: getssl -u -a -q getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM - please check it manually So I did check it manually from another machine - it works fine: curl http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI So it works fine. I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error. How do I see/tell what its not liking ? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos