Hi All - I am using getssl on CentOS 7. It have been working fine since Feb 17th and just stopped. My script: getssl -u -a -q getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM - please check it manually So I did check it manually from another machine - it works fine: curl http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI So it works fine. I then thought perhaps a firewall issue. So I "systemctl stop firewalld", redid the getssl -u -a -q command above - and I get the same error. How do I see/tell what its not liking ? Thanks, Jerry
On Fri, 14 May 2021 at 11:52, Jerry Geis <jerry.geis at gmail.com> wrote:> Hi All - I am using getssl on CentOS 7. >which getssl are you using? I could assume https://github.com/srvrco/getssl but it could be all numbers of things. If it is that one, then it is written in bash so it should work via bash -x and removing the -q to get more data on what might be broken. It have been working fine since Feb 17th and just stopped.> > My script: > getssl -u -a -q > getssl: for some reason could not reach > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > - please check it manually > > So I did check it manually from another machine - it works fine: > curl > > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > > lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI > > So it works fine. > > I then thought perhaps a firewall issue. So I "systemctl stop firewalld", > redid the getssl -u -a -q command above - and I get the same error. > > How do I see/tell what its not liking ? > > Thanks, > > Jerry > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on BBS... time to reboot.
On Fri, May 14, 2021 at 10:52 AM Jerry Geis <jerry.geis at gmail.com> wrote:> Hi All - I am using getssl on CentOS 7. > It have been working fine since Feb 17th and just stopped. >Are you using a recent version of getssl? Newer releases support ACMEv2 , and there is a planned brownout of ACMEv1 service in effect right now. You shouldbe migrating everything to ACMEv2 support only right now. https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/16
On Fri, May 14, 2021 at 11:52 AM Jerry Geis <jerry.geis at gmail.com> wrote:> Hi All - I am using getssl on CentOS 7. > It have been working fine since Feb 17th and just stopped. > > My script: > getssl -u -a -q > getssl: for some reason could not reach > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > - please check it manually > > So I did check it manually from another machine - it works fine: > curl > http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM > > > lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI > > So it works fine. > > I then thought perhaps a firewall issue. So I "systemctl stop firewalld", > redid the getssl -u -a -q command above - and I get the same error. > > How do I see/tell what its not liking ? > > Thanks, > > Jerry >I took off the -q as requested - doesnt say much more. Redirecting to /bin/systemctl stop httpd.service Check all certificates MY_NAME: no certificate obtained from host Registering account Verify each domain Verifying MY_NAME copying challenge token to /var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM getssl: for some reason could not reach http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM - please check it manually Redirecting to /bin/systemctl start httpd.service I thought the -u does the automatic upgrade - getssl -v getssl V2.36 Thanks, Jerry