Error when create Certificate LetsEncrypt


#1

i used commands from https://blockoperations.com/how-to-build-and-operate-a-zencash-secure-node/3 to Install a free certificate from LetsEncrypt on a new VPS on linode, however I keep getting the error shown connection refused.


Is anything wrong ?


#2


#3

You do not own the domain blockoperations.io.

You need to register your own domain and set the DNS A record to point to the IP address of your node


#4

Hi psyrax, thanks for your advice. Now i register for my own domain. Have another issue as the SS below.


#5

Hello!
i used CLI acme to generate cert LetsEncrypt . it showing timeout error all the time, have anyway to fix this issue ? Please give advice.

[email protected]:~$ sudo ~/.acme.sh/acme.sh --issue --standalone -d $FQDN
[Wed Dec 6 06:05:28 EST 2017] Standalone mode.
[Wed Dec 6 06:05:28 EST 2017] Single domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:28 EST 2017] Getting domain auth token for each domain
[Wed Dec 6 06:05:28 EST 2017] Getting webroot for domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:28 EST 2017] Getting new-authz for domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:30 EST 2017] The new-authz request is ok.
[Wed Dec 6 06:05:30 EST 2017] Verifying:zen.harrisvan.tk
[Wed Dec 6 06:05:30 EST 2017] Standalone mode server
[Wed Dec 6 06:05:34 EST 2017] Pending
[Wed Dec 6 06:05:37 EST 2017] Pending
[Wed Dec 6 06:05:39 EST 2017] zen.harrisvan.tk:Verify error:Fetching http://zen .harrisvan.tk/.well-known/acme-challenge/RMWX2kv1m9Ashj_c7Hp8Z3cqTdtZlSFlvBuyBmP jKbA: Timeout
[Wed Dec 6 06:05:39 EST 2017] Please add '--debug' or '--log' to check more det ails.
[Wed Dec 6 06:05:39 EST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How -to-debug-acme.sh

Debug log

[email protected]:~$ sudo ~/.acme.sh/acme.sh --issue --standalone -d $FQDN --debug
[Wed Dec 6 06:05:44 EST 2017] Lets find script dir.
[Wed Dec 6 06:05:44 EST 2017] SCRIPT='/home/fab/.acme.sh/acme.sh'
[Wed Dec 6 06:05:44 EST 2017] _script='/home/fab/.acme.sh/acme.sh'
[Wed Dec 6 06:05:44 EST 2017] _script_home='/home/fab/.acme.sh'
[Wed Dec 6 06:05:44 EST 2017] Using default home:/home/fab/.acme.sh
[Wed Dec 6 06:05:44 EST 2017] Using config home:/home/fab/.acme.sh
https://github.com/Neilpang/acme.sh
v2.7.5
[Wed Dec 6 06:05:44 EST 2017] Using config home:/home/fab/.acme.sh
[Wed Dec 6 06:05:44 EST 2017] DOMAIN_PATH='/home/fab/.acme.sh/zen.harrisvan.tk'
[Wed Dec 6 06:05:44 EST 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsen crypt.org/directory
[Wed Dec 6 06:05:44 EST 2017] _init api for server: https://acme-v01.api.letsen crypt.org/directory
[Wed Dec 6 06:05:44 EST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt .org/acme/key-change'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt. org/acme/new-authz'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt. org/acme/new-cert'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencryp t.org/acme/new-reg'
[Wed Dec 6 06:05:44 EST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencryp t.org/acme/revoke-cert'
[Wed Dec 6 06:05:44 EST 2017] Le_NextRenewTime
[Wed Dec 6 06:05:44 EST 2017] _on_before_issue
[Wed Dec 6 06:05:44 EST 2017] Le_LocalAddress
[Wed Dec 6 06:05:44 EST 2017] Check for domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:44 EST 2017] _currentRoot='no'
[Wed Dec 6 06:05:44 EST 2017] Standalone mode.
[Wed Dec 6 06:05:44 EST 2017] _checkport='80'
[Wed Dec 6 06:05:44 EST 2017] _checkaddr
[Wed Dec 6 06:05:44 EST 2017] Using: ss
[Wed Dec 6 06:05:44 EST 2017] _saved_account_key_hash is not changed, skip regi ster account.
[Wed Dec 6 06:05:44 EST 2017] Read key length:
[Wed Dec 6 06:05:44 EST 2017] _createcsr
[Wed Dec 6 06:05:44 EST 2017] Single domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:44 EST 2017] Getting domain auth token for each domain
[Wed Dec 6 06:05:44 EST 2017] Getting webroot for domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:44 EST 2017] _w='no'
[Wed Dec 6 06:05:44 EST 2017] _currentRoot='no'
[Wed Dec 6 06:05:44 EST 2017] Getting new-authz for domain='zen.harrisvan.tk'
[Wed Dec 6 06:05:44 EST 2017] _init api for server: https://acme-v01.api.letsen crypt.org/directory
[Wed Dec 6 06:05:44 EST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt .org/acme/key-change'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt. org/acme/new-authz'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt. org/acme/new-cert'
[Wed Dec 6 06:05:44 EST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencryp t.org/acme/new-reg'
[Wed Dec 6 06:05:44 EST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencryp t.org/acme/revoke-cert'
[Wed Dec 6 06:05:44 EST 2017] Try new-authz for the 0 time.
[Wed Dec 6 06:05:44 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/ne w-authz'
[Wed Dec 6 06:05:44 EST 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "zen.harrisvan.tk"}}'
[Wed Dec 6 06:05:44 EST 2017] RSA key
[Wed Dec 6 06:05:44 EST 2017] GET
[Wed Dec 6 06:05:44 EST 2017] url='https://acme-v01.api.letsencrypt.org/directo ry'
[Wed Dec 6 06:05:44 EST 2017] timeout
[Wed Dec 6 06:05:44 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:45 EST 2017] ret='0'
[Wed Dec 6 06:05:45 EST 2017] POST
[Wed Dec 6 06:05:45 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/ne w-authz'
[Wed Dec 6 06:05:45 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:46 EST 2017] Using sed -i
[Wed Dec 6 06:05:46 EST 2017] _ret='0'
[Wed Dec 6 06:05:46 EST 2017] code='201'
[Wed Dec 6 06:05:46 EST 2017] The new-authz request is ok.
[Wed Dec 6 06:05:46 EST 2017] entry='"type":"http-01","status":"pending","uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZ jw8YbVJgOqsbKwI8/2662264351","token":"1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGqO0nxZigwLst 8"'
[Wed Dec 6 06:05:46 EST 2017] token='1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGqO0nxZigwLst 8'
[Wed Dec 6 06:05:46 EST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/ch allenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:46 EST 2017] keyauthorization='1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGq O0nxZigwLst8.0h1GbjTwTXGzRTYCq1dcwS4pI33E05YpHLVB5IOQ080'
[Wed Dec 6 06:05:46 EST 2017] dvlist='zen.harrisvan.tk#1ktZsCPaVcd7NF_EVnaGmvR1 rO7FJGqO0nxZigwLst8.0h1GbjTwTXGzRTYCq1dcwS4pI33E05YpHLVB5IOQ080#https://acme-v01 .api.letsencrypt.org/acme/challenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/ 2662264351#http-01#no'
[Wed Dec 6 06:05:46 EST 2017] vlist='zen.harrisvan.tk#1ktZsCPaVcd7NF_EVnaGmvR1r O7FJGqO0nxZigwLst8.0h1GbjTwTXGzRTYCq1dcwS4pI33E05YpHLVB5IOQ080#https://acme-v01. api.letsencrypt.org/acme/challenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2 662264351#http-01#no,'
[Wed Dec 6 06:05:46 EST 2017] ok, let's start to verify
[Wed Dec 6 06:05:46 EST 2017] Verifying:zen.harrisvan.tk
[Wed Dec 6 06:05:46 EST 2017] d='zen.harrisvan.tk'
[Wed Dec 6 06:05:46 EST 2017] keyauthorization='1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGq O0nxZigwLst8.0h1GbjTwTXGzRTYCq1dcwS4pI33E05YpHLVB5IOQ080'
[Wed Dec 6 06:05:46 EST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/ch allenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:46 EST 2017] _currentRoot='no'
[Wed Dec 6 06:05:46 EST 2017] Standalone mode server
[Wed Dec 6 06:05:46 EST 2017] ncaddr
[Wed Dec 6 06:05:46 EST 2017] startserver: 5714
[Wed Dec 6 06:05:46 EST 2017] Le_HTTPPort='80'
[Wed Dec 6 06:05:46 EST 2017] Le_Listen_V4
[Wed Dec 6 06:05:46 EST 2017] Le_Listen_V6
[Wed Dec 6 06:05:46 EST 2017] _NC='socat'
[Wed Dec 6 06:05:47 EST 2017] serverproc='6138'
[Wed Dec 6 06:05:47 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/ch allenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:47 EST 2017] payload='{"resource": "challenge", "keyAuthorizat ion": "1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGqO0nxZigwLst8.0h1GbjTwTXGzRTYCq1dcwS4pI33E0 5YpHLVB5IOQ080"}'
[Wed Dec 6 06:05:47 EST 2017] POST
[Wed Dec 6 06:05:47 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/ch allenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:47 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:47 EST 2017] Using sed -i
[Wed Dec 6 06:05:47 EST 2017] _ret='0'
[Wed Dec 6 06:05:47 EST 2017] code='202'
[Wed Dec 6 06:05:47 EST 2017] sleep 2 secs to verify
[Wed Dec 6 06:05:49 EST 2017] checking
[Wed Dec 6 06:05:49 EST 2017] GET
[Wed Dec 6 06:05:49 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/ch allenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:49 EST 2017] timeout
[Wed Dec 6 06:05:49 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:50 EST 2017] ret='0'
[Wed Dec 6 06:05:50 EST 2017] Pending
[Wed Dec 6 06:05:50 EST 2017] sleep 2 secs to verify
[Wed Dec 6 06:05:52 EST 2017] checking
[Wed Dec 6 06:05:52 EST 2017] GET
[Wed Dec 6 06:05:52 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:52 EST 2017] timeout
[Wed Dec 6 06:05:52 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:52 EST 2017] ret='0'
[Wed Dec 6 06:05:52 EST 2017] Pending
[Wed Dec 6 06:05:52 EST 2017] sleep 2 secs to verify
[Wed Dec 6 06:05:54 EST 2017] checking
[Wed Dec 6 06:05:54 EST 2017] GET
[Wed Dec 6 06:05:54 EST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/zcZnT3Dz8PsBciYJdWw-DXTyuyZjw8YbVJgOqsbKwI8/2662264351'
[Wed Dec 6 06:05:54 EST 2017] timeout
[Wed Dec 6 06:05:54 EST 2017] _WGET='wget -q --content-on-error '
[Wed Dec 6 06:05:55 EST 2017] ret='0'
[Wed Dec 6 06:05:55 EST 2017] zen.harrisvan.tk:Verify error:Fetching http://zen.harrisvan.tk/.well-known/acme-challenge/1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGqO0nxZigwLst8: Timeout
[Wed Dec 6 06:05:55 EST 2017] Debug: get token url.
[Wed Dec 6 06:05:55 EST 2017] GET
[Wed Dec 6 06:05:55 EST 2017] url='http://zen.harrisvan.tk/.well-known/acme-challenge/1ktZsCPaVcd7NF_EVnaGmvR1rO7FJGqO0nxZigwLst8'
[Wed Dec 6 06:05:55 EST 2017] timeout='1'
[Wed Dec 6 06:05:55 EST 2017] _WGET='wget -q --content-on-error --timeout=1'

#6

Have you allowed http and https traffic to your VPS? You’ll need to allow inbound TCP traffic on port 80 and port 443 for the certificate generation to succeed.

Have you configured the A record in your DNS for your servers IP address?

Have you set the hostname of your secure node? Use ’ hostnamectl set-hostname example_hostname (If your host name is znode then use sudo hostnamectl set-hostname znode)


#7

Hello dizzle, thanks so much your help. A recored was pointed to my IP Addr, The FW was not active at all so i try to NAT or FW 80 to my Server but no luck.
Regarding hostname i already set.


#8

I just use another VPS and the problem gone. Tks ppls