[BlueOnyx:23450] Re: R5210R - Let's Encrypt for a specific Site

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Fri Nov 15 06:29:34 -05 2019 

Hallo Michael,

No, there are no resolving issues on the server.

I have a strange feeling about it. I simply describe to you what I have done
and what came out of it.
I went back to SSL -> LE and sent the same request as yesterday. Neither no
error message, SSL was no longer displayed with the (/), but now the
checkbox was there (unchecked). However, under it stood that no SSL
certificate is present. Now I have executed exactly the same LE procedure
again (all in all now 3rd time) and now (again no error message; but this
would be ok now) the checkbox is activated and the LE certificate is
displayed and the website is reachable with https with its LE certificate.
So the bottom line is that it worked now. But only at the 3rd identical
pass. That's weird.

Best regards,
Dirk
 

 
blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel 

-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
Stauber
Gesendet: Donnerstag, 14. November 2019 19:52
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:23449] Re: R5210R - Let's Encrypt for a specific Site

Hi Dirk,

> hmm, I would suggest it is more a missing hostname:
> 
> [Thu Nov 14 07:46:46 CET 2019] _CURL='curl -L --silent --dump-header 
> /usr/sausalito/acme/data/http.header  -g '
> [Thu Nov 14 07:46:46 CET 2019] Please refer to 
> https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6 
> [Thu Nov 14 07:46:46 CET 2019] ret='6'
> 
> There is no hostname in the curl call.
> If you try manual:
> 
> curl -L --silent --dump-header /usr/sausalito/acme/data/http.header  
> -g
> curl: no URL specified!

Sorry, Dirk. I just did another cert request on a 5210R and checked the
logfile /var/log/letsencrypt/letsencrypt.log.

You can find that here: https://pastebin.com/ps1XXkAy

All the _CURL calls in there don't have an URL mentioned and it still worked
just fine:

[root at 5210r]# cat /var/log/letsencrypt/letsencrypt.log|grep "_CURL='curl"
[Thu Nov 14 13:39:12 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:13 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g  -I  '
[Thu Nov 14 13:39:14 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:14 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:15 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '
[Thu Nov 14 13:39:16 -05 2019] _CURL='curl -L --silent --dump-header
/usr/sausalito/acme/data/http.header  -g '

When you look at the log you posted in [BlueOnyx:23445] you see that your
box got as far as mine got on line 18 on https://pastebin.com/ps1XXkAy

Both boxes (yours and mine) made a call to
https://acme-v02.api.letsencrypt.org/directory

Mine got "ret='0'" and continued and yours got cURL error #6 and aborted.

Meaning: It was unable to resolve the hostname for
"acme-v02.api.letsencrypt.org".

So I still do believe you have a resolver or DNS issue. Check if you can do
a "nslookup acme-v02.api.letsencrypt.org" on the shell of that box.
If that works, then please try to request another cert and if that doesn't
work, I would appreciate if I could get a look at the logs.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5526 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20191115/7600e404/attachment.p7s>

More information about the Blueonyx mailing list