Mailinglist Archive: opensuse (621 mails)

< Previous Next >
Re: [opensuse] certbot error
On 06/07/2019 04:05 PM, Dave Howorth wrote:
I just decided to see if I could set up HTTPS on the Apache server(s) on
my private LAN. I installed certbot (Leap 15.0) but I got an error when
I ran it:

# certbot --apache
Saving debug log to /var/log/certbot/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): certbot@xxxxxxxxxxxxxx

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You
must agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
An unexpected error occurred:
The server experienced an internal error :: Unable to update
registration Please see the logfiles in /var/log/certbot for more
details.

The contents of the log are just under 15000 bytes from that session!
The error seems to start at:

<snip>

I don't know what the exact error with the spaghetti spew of ....py files is,
but most likely culprits are generally:

1) your system isn't reachable over port 80 (required for writing to
/var/lib/letsencrypt/ during cert creation); or

2) your firewall is blocking port 80 leading to 1) above.

Certbot is the way to go. I was so happy to get off self-signed certs, and it
is deadbang easy to do. I had fits with one server due to a router config not
passing port 80 (which is how I found out about this problem). Double check
and make sure everything is configured as needed:

https://wiki.archlinux.org/index.php/Certbot

I can't believe I didn't do it sooner. You can also set up a service or cron
job to update the certs when needed. (but make sure you don't have 3 failures
in 24 hours, or so, or you will be blocked from getting (or updating) certs
until the next Monday)

--
David C. Rankin, J.D.,P.E.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References