Getssl Was Working Stopped
Hi All – I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped.
My script:
getssl -u -a -q getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
– please check it manually
So I did check it manually from another machine – it works fine:
curl http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
So it works fine.
I then thought perhaps a firewall issue. So I “systemctl stop firewalld”, redid the getssl -u -a -q command above – and I get the same error.
How do I see/tell what its not liking ?
Thanks,
Jerry
4 thoughts on - Getssl Was Working Stopped
which getssl are you using? I could assume https://github.com/srvrco/getssl but it could be all numbers of things.
If it is that one, then it is written in bash so it should work via bash -x and removing the -q to get more data on what might be broken.
It have been working fine since Feb 17th and just stopped.
Are you using a recent version of getssl? Newer releases support ACMEv2 , and there is a planned brownout of ACMEv1 service in effect right now. You shouldbe migrating everything to ACMEv2 support only right now.
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/16
I took off the -q as requested – doesnt say much more.
Redirecting to /bin/systemctl stop httpd.service Check all certificates MY_NAME: no certificate obtained from host Registering account Verify each domain Verifying MY_NAME
copying challenge token to
/var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
– please check it manually Redirecting to /bin/systemctl start httpd.service
I thought the -u does the automatic upgrade –
getssl -v getssl V2.36
Thanks,
Jerry
I would check the getssl.cfg file and see if it is asking for version 1
acme certs. [ I do not use this software and am just going from https://github.com/srvrco/getssl where it has the certificate server it wants to use in the latest version to be
CA=”https://acme-v02.api.letsencrypt.org”
CA=”https://acme-v02.api.letsencrypt.org”
This is what my file has also
Jerry