[BlueOnyx:23449] Re: R5210R - Let's Encrypt for a specific Site

Michael Stauber mstauber at blueonyx.it
Thu Nov 14 13:52:02 -05 2019 

Hi Dirk,

> hmm, I would suggest it is more a missing hostname:
> 
> [Thu Nov 14 07:46:46 CET 2019] _CURL='curl -L --silent --dump-header
> /usr/sausalito/acme/data/http.header  -g '
> [Thu Nov 14 07:46:46 CET 2019] Please refer to
> https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
> [Thu Nov 14 07:46:46 CET 2019] ret='6'
> 
> There is no hostname in the curl call.
> If you try manual:
> 
> curl -L --silent --dump-header /usr/sausalito/acme/data/http.header  -g
> curl: no URL specified!

Sorry, Dirk. I just did another cert request on a 5210R and checked the
logfile /var/log/letsencrypt/letsencrypt.log.

You can find that here: https://pastebin.com/ps1XXkAy

All the _CURL calls in there don't have an URL mentioned and it still
worked just fine:

[root at 5210r]# cat /var/log/letsencrypt/letsencrypt.log|grep "_CURL='curl"
[Thu Nov 14 13:39:12 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:13 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g  -I  '
[Thu Nov 14 13:39:14 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:14 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:15 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:16 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '

When you look at the log you posted in [BlueOnyx:23445] you see that
your box got as far as mine got on line 18 on https://pastebin.com/ps1XXkAy

Both boxes (yours and mine) made a call to
https://acme-v02.api.letsencrypt.org/directory

Mine got "ret='0'" and continued and yours got cURL error #6 and aborted.

Meaning: It was unable to resolve the hostname for
"acme-v02.api.letsencrypt.org".

So I still do believe you have a resolver or DNS issue. Check if you can
do a "nslookup acme-v02.api.letsencrypt.org" on the shell of that box.
If that works, then please try to request another cert and if that
doesn't work, I would appreciate if I could get a look at the logs.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list