Still Fighting (and Failing) with Let’s Encrypt

I’m still fighting with Let’s Encrypt.  Like a Mac, it’s so easy to use, I can’t figure it out!

UPDATE: A2 Hosting had the answer the entire time! Oops!

Here’s an outline of my latest failure:

README.md says: python sign_csr.py --public-key user.pub domain.csr > signed.crt

I used: python ~/tmp/test/letsencrypt-nosudo-master/sign_csr.py --file-based --public-key domain-redacted.pub domain-redacted.csr > domain-redacted.crt

Script above said:
openssl dgst -sha256 -sign user.key -out register_gI2frw.sig register_LvKVaG.json
openssl dgst -sha256 -sign user.key -out domain_jJRoxo.sig domain_BmX1i4.json
openssl dgst -sha256 -sign user.key -out cert_b2jwiM.sig cert_6c9otr.json

I used:
openssl dgst -sha256 -sign domain-redacted.key -out register_gI2frw.sig register_LvKVaG.json
openssl dgst -sha256 -sign domain-redacted.key -out domain_jJRoxo.sig domain_BmX1i4.json
openssl dgst -sha256 -sign domain-redacted.key -out cert_b2jwiM.sig cert_6c9otr.json

Then script above said:
openssl dgst -sha256 -sign user.key -out challenge_wdJ_kc.sig challenge_XoHFc0.json

I used:
openssl dgst -sha256 -sign domain-redacted.key -out challenge_wdJ_kc.sig challenge_XoHFc0.json

Script above said create file:

http://domain-redacted.com/.well-known/acme-challenge/QOtda4ngP4J-My0JgU8vZXixUjGiPURMo8YuwMNTkcI

containing QOtda4ngP4J-My0JgU8vZXixUjGiPURMo8YuwMNTkcI.4sYEd6yKWeYPjvJB5RJMuAN9IY19lhuVHsHShPlVV0A

I did:
cd ~/public_html
mkdir .well-known
cd .well-known
mkdir acme-challenge
cd acme-challenge
vi QOtda4ngP4J-My0JgU8vZXixUjGiPURMo8YuwMNTkcI

At this point, the command curl -I http://domain-redacted.com/.well-known/acme-challenge/QOtda4ngP4J-My0JgU8vZXixUjGiPURMo8YuwMNTkcI
returns:

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2017 17:04:53 GMT
Server: Apache
Last-Modified: Sat, 29 Apr 2017 17:03:15 GMT
ETag: "1586735-58-54e512a7647cb"
Accept-Ranges: bytes
Content-Length: 88
Vary: User-Agent
Content-Type: text/plain

And the script above bombs with:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has invalid anti-replay nonce 3rsTr_0FsH4iz-QzvzqfzheGl4nx6ecaAMNGfKY8Ry0",
"status": 400
}
Traceback (most recent call last):
File "/home/kentucky/tmp/test/letsencrypt-nosudo-master/sign_csr.py", line 446, in
signed_crt = sign_csr(args.public_key, args.csr_path, email=args.email, file_based=args.file_based)
File "/home/kentucky/tmp/test/letsencrypt-nosudo-master/sign_csr.py", line 386, in sign_csr
resp = urllib2.urlopen(csr_url, csr_data)
File "/usr/lib64/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib64/python2.6/urllib2.py", line 397, in open
response = meth(req, response)
File "/usr/lib64/python2.6/urllib2.py", line 510, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.6/urllib2.py", line 435, in error
return self._call_chain(*args)
File "/usr/lib64/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib64/python2.6/urllib2.py", line 518, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 400: Bad Request

I’m giving up for a while . . . maybe I’ll hafta learn python and fix their code. Sheesh!

Wishing you Happy Slacking!
Stu…

Leave a Comment