Easyengine and Letsencrypt setup

Found the solution here,

https://github.com/certbot/certbot/issues/2883

i updating wordpress site with letsencrypt

Please make sure that your site is pointed to same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically.

and i tail -50 /var/log/ee/ee.log

Command Error: Saving debug log to /var/log/letsencrypt/letsencrypt.log An unexpected error occurred: ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45) Please see the logfiles in /var/log/letsencrypt for more details.

it oki now. thanks

I AM GETTING AND THE SAME ERROR

FOLLOW THE LINK BELOW FOR ERROR LOG

https://pastebin.com/PhUXNS5m

2017-07-17 21:59:43,675:DEBUG:certbot.main:certbot version: 0.16.0 2017-07-17 21:59:43,677:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/gardensdubai.com/htdocs/’, ‘-d’, ‘gardensdubai.com’, ‘-d’, ‘www.gardensdubai.com’, ‘–email’, ‘[email protected]’, ‘–text’, ‘–agree-tos’] 2017-07-17 21:59:43,677:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2017-07-17 21:59:43,691:DEBUG:certbot.log:Root logging level set at 20 2017-07-17 21:59:43,692:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-07-17 21:59:43,693:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2017-07-17 21:59:43,696:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f29d427fe10> Prep: True 2017-07-17 21:59:43,697:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f29d427fe10> and installer None 2017-07-17 21:59:43,701:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u’mailto:[email protected]’,), agreement=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f29d428c3d0>)>)), uri=u’https://acme-v01.api.letsencrypt.org/acme/reg/18052914’, new_authzr_uri=u’https://acme-v01.api.letsencrypt.org/acme/new-authz’, terms_of_service=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’), 70c8c8f771fb90ad9805bccd03933dcc, Meta(creation_host=u’easyengine-1.c.spherical-jetty-172018.internal’, creation_dt=datetime.datetime(2017, 6, 27, 21, 11, 25, tzinfo=)))> 2017-07-17 21:59:43,702:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-07-17 21:59:43,706:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-07-17 21:59:43,841:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 352 2017-07-17 21:59:43,842:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 352 Boulder-Request-Id: kNritl_AloV6S3NahZMH1v1gtMX3EKSU_Cfyr3gTJ78 Replay-Nonce: 0GvdC43x1hVE35OQY6n66WLOqYcmzSzNnDiNB60bP6A X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Mon, 17 Jul 2017 21:59:43 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 17 Jul 2017 21:59:43 GMT Connection: keep-alive { “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”, “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”, “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”, “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”, “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert” } 2017-07-17 21:59:43,844:INFO:certbot.main:Obtaining a new certificate 2017-07-17 21:59:43,844:DEBUG:acme.client:Requesting fresh nonce 2017-07-17 21:59:43,844:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. 2017-07-17 21:59:43,903:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0 2017-07-17 21:59:43,904:DEBUG:acme.client:Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Boulder-Request-Id: Dp-9v_TDPYB_Ft8vATVNKE65G2robltmTAXMX0EoR9I Replay-Nonce: xoS28wJhxIiPA3fEf5_8krAyD1B2AyF_LB7Wj8unefI Expires: Mon, 17 Jul 2017 21:59:43 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 17 Jul 2017 21:59:43 GMT Connection: keep-alive 2017-07-17 21:59:43,904:DEBUG:acme.client:Storing nonce: xoS28wJhxIiPA3fEf5_8krAyD1B2AyF_LB7Wj8unefI 2017-07-17 21:59:43,905:DEBUG:acme.client:JWS payload: { “identifier”: { “type”: “dns”, “value”: “gardensdubai.com” }, “resource”: “new-authz” } 2017-07-17 21:59:43,907:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { “protected”: “eyJub25jZSI6ICJ4b1MyOHdKaHhJaVBBM2ZFZjVfOGtyQXlEMUIyQXlGX0xCN1dqOHVuZWZJIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAib3FOS2JVRHdTV2t0YXhUaWFBTmlVaGxTLWFaTW5OQU1faUpELXJPMFE1Q081MUFuekQ3NGdrUXFaNEVYb1ZIbENrelRiZU1kdERzQ1drTTRsaVhQVmxkZUlRbUtEenZNN3FaYjBXNGlLUmUxem9PMzh0ZHZsQ19TTV8tc1FrLWc3WUdOdllyMnNLbHpHeEM2YkgwZFU0dTlFdV9KVEU3cmNVdnF1WGtKUjZjTjRVbXlHX0tYVEtPd2NFSS1rWGZjRVRXRmNvZmhJSl9xbk9fX2R2SmtuX1ZjZGItVzdQVVh2Z0JFZHZvMmZtOGdtaEtzRnRCMGd5cEJ2aHVCb1RYQkVlWTJRUmhZbDM5UjBzV2I2WFptZGYyRHBLbkthRHZtcmZpSkowUDh3QUZYRXF6Q1FtSUJZUXpBZUlzdGs4NFc2OUlaZ3NhTWQ5M2ZBc3NJVG1Qc0FRIn19”, “payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiZ2FyZGVuc2R1YmFpLmNvbSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”, “signature”: “TEC0_3iLZkE1AzXoDEebmSB_OgmkJdTIQKBaRzb-3tIPULnCFCVt4Wb9Ft-9oA2a-wFm74KKhZhzGy-6JLbzHTtzpDTLhTrhJATJarCLOCr2XW2r2tr_X5bq7E2EJKW1omPqPTL0MICKtQRxWIlLYBDexnejCk1WlN61HaV3k75a1TQCKCbtbKuHHDZpw1sSNyxbVF_lTOpR5FeKArGH6UtiXNXwpuHk1Zujr8WNxEkNY1f6uAEtW2umsBlwIHBC098szEksQUSssJNmvOjBwyqSXvu8PT1QR67mmTGSFP67WrO39i3rq7rpmsI7n_SO_6dO8pKMvbpCvAkLzqyAeg” } 2017-07-17 21:59:48,962:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 500 111 2017-07-17 21:59:48,963:DEBUG:acme.client:Received response: HTTP 500 Server: nginx Content-Type: application/problem+json Content-Length: 111 Boulder-Request-Id: 4Q4or3gwAADB3HMU2-PiTJ4tgGPxujPIiO5-8jdTG88 Replay-Nonce: 2uDNNZEBV8PXTaT8vO3DLVeRIUUdyDdg4Ya49RzzDdA Expires: Mon, 17 Jul 2017 21:59:48 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 17 Jul 2017 21:59:48 GMT Connection: close { “type”: “urn:acme:error:serverInternal”, “detail”: “Failed to get registration by key”, “status”: 500 } 2017-07-17 21:59:48,963:DEBUG:acme.client:Storing nonce: 2uDNNZEBV8PXTaT8vO3DLVeRIUUdyDdg4Ya49RzzDdA 2017-07-17 21:59:48,964:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in sys.exit(main()) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 743, in main return config.func(config, plugins) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 683, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 82, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 356, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 317, in obtain_certificate self.config.allow_subset_of_names) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 66, in get_authorizations self.authzr[domain] = self.acme.request_domain_challenges(domain) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 212, in request_domain_challenges typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 191, in request_challenges response = self.net.post(self.directory.new_authz, new_authz) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 682, in post return self._post_once(*args, **kwargs) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 695, in _post_once return self._check_response(response, content_type=content_type) File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 582, in _check_response raise messages.Error.from_json(jobj) Error: urn:acme:error:serverInternal :: The server experienced an internal error :: Failed to get registration by key

fixed and working thanks

Just adding for reference in case anyone else gets this problem…

I just came across a similar issue bamajr referred to above with a missing PTR record. This was a linode VPS, and linode don’t create any PTR record by default - you have to manually add it.

This alone did not fix the issue though.

Linodes DNS manager can helpfully auto-create A records for IPV6. These were not being handled by the server at all. Simplest solution was to remove them, allow the changes to propogate and finally LetsEncrypt worked.

Short version - if dnscheck.pingdom.com reports ANY problem with your DNS, that is most likely what is preventing the letsencrypt certificate from being installed. The best I could get from the certbot logs was that it was getting a 404 error trying to access the verification URLs for the site - it wasn’t at all clear what the real problem was.

Exactly the same issue for me. bamajr made me think what else could be wrong with the domain records. Well it was an AAAA Record probably from a previous setup and after deleting it the job was done!

I got it solved!

Solution to the error is to create records for both the domain/subdomain you’re trying to verify as well as with www. in front of it. So if I were trying to get a certificate in EasyEngine with Let’s Encrypt for hello.example.com, I’d create records for both hello.example.com as well as www.hello.example.com pointing to my origin.

This will allow Let’s Encrypt to verify your site when EasyEngine makes the request, allowing it to get and install your certificate.

Ref: https://www.requark.com/easyengine-unable-setup-lets-encrypt-solution/

1 Like

I was using Route53 and my subdomain was not pointing to my server. After pointing the main site and www. All is well now.

add DNS records

Type / hostname / value / TTL

A / * / you-ip-number / 3600

OK