Project

General

Profile

Actions

Bug #8312

closed

Can not init api (error code: 3)

Added by H. de Visser over 3 years ago. Updated over 3 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
Category:
ACME
Target version:
-
Start date:
02/05/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

pfSense: 2.3.5_p1 (on amd64)
Acme Package: 0.1.34

Trying to manually renew our certificate, but getting error below.
Not knowledgeable enough if this report belongs with the pfSense Acme package or the acme.sh script, so starting here.

LetsEncrypt_hakkers.com
Renewing certificateaccount: hakkers.com 
server: 

/usr/local/pkg/acme/acme.sh --issue -d 'hakkers.com' -d 'pydio.hakkers.com' -d 'pydio.vpn.hakkers.com' -d 'webmail.hakkers.com' -d 'wiki.hakkers.com' -d 'wiki.vpn.hakkers.com' -d 'mc-01.hakkers.com' -d 'mijninfo.hakkers.com' --home '/tmp/acme/LetsEncrypt_hakkers.com/' --accountconf '/tmp/acme/LetsEncrypt_hakkers.com/accountconf.conf' --force --reloadCmd '/tmp/acme/LetsEncrypt_hakkers.com/reloadcmd.sh' --standalone --listen-v4 --httpport '8126' --log-level 3 --log '/tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log'

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[port] => 8126
[ipv6] => 
)
[Mon Feb 5 10:24:34 CET 2018] Standalone mode.
[Mon Feb 5 10:24:36 CET 2018] Standalone mode.
[Mon Feb 5 10:24:39 CET 2018] Standalone mode.
[Mon Feb 5 10:24:41 CET 2018] Standalone mode.
[Mon Feb 5 10:24:43 CET 2018] Standalone mode.
[Mon Feb 5 10:24:46 CET 2018] Standalone mode.
[Mon Feb 5 10:24:48 CET 2018] Standalone mode.
[Mon Feb 5 10:24:50 CET 2018] Standalone mode.
[Mon Feb 5 10:24:53 CET 2018] Registering account
[Mon Feb 5 10:24:34 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:34 CET 2018] Can not init api.
[Mon Feb 5 10:24:53 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:53 CET 2018] Can not init api.
[Mon Feb 5 10:24:53 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:53 CET 2018] Can not connect to /directory to get nonce.
[Mon Feb 5 10:24:53 CET 2018] Register account Error: 
[Mon Feb 5 10:24:53 CET 2018] Please check log file for more details: /tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log

Actions #1

Updated by H. de Visser over 3 years ago

Relevant portion from acme_issuecert.log:

[Mon Feb  5 11:20:52 CET 2018] readlink exists=0
[Mon Feb  5 11:20:52 CET 2018] dirname exists=0
[Mon Feb  5 11:20:52 CET 2018] Lets find script dir.
[Mon Feb  5 11:20:52 CET 2018] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Mon Feb  5 11:20:52 CET 2018] _script='/usr/local/pkg/acme/acme.sh'
[Mon Feb  5 11:20:52 CET 2018] _script_home='/usr/local/pkg/acme'
[Mon Feb  5 11:20:52 CET 2018] Using config home:/tmp/acme/LetsEncrypt_hakkers.com/
[Mon Feb  5 11:20:52 CET 2018] APP
[Mon Feb  5 11:20:52 CET 2018] 2:LOG_FILE='/tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log'
[Mon Feb  5 11:20:52 CET 2018] APP
[Mon Feb  5 11:20:52 CET 2018] 3:LOG_LEVEL='3'
[Mon Feb  5 11:20:52 CET 2018] LE_WORKING_DIR='/tmp/acme/LetsEncrypt_hakkers.com/'
[Mon Feb  5 11:20:52 CET 2018] Using config home:/tmp/acme/LetsEncrypt_hakkers.com/
[Mon Feb  5 11:20:52 CET 2018] ACME_DIRECTORY='/directory'
[Mon Feb  5 11:20:52 CET 2018] _ACME_SERVER_HOST='directory'
[Mon Feb  5 11:20:52 CET 2018] CA_CONF='/tmp/acme/LetsEncrypt_hakkers.com//ca/directory/ca.conf'
[Mon Feb  5 11:20:52 CET 2018] DOMAIN_PATH='/tmp/acme/LetsEncrypt_hakkers.com//hakkers.com'
[Mon Feb  5 11:20:52 CET 2018] Using ACME_DIRECTORY: /directory
[Mon Feb  5 11:20:52 CET 2018] _init api for server: /directory
[Mon Feb  5 11:20:52 CET 2018] GET
[Mon Feb  5 11:20:52 CET 2018] url='/directory'
[Mon Feb  5 11:20:52 CET 2018] timeout
[Mon Feb  5 11:20:52 CET 2018] curl exists=0
[Mon Feb  5 11:20:52 CET 2018] wget exists=127
[Mon Feb  5 11:20:52 CET 2018] _CURL='curl -L --silent --dump-header /tmp/acme/LetsEncrypt_hakkers.com//http.header '
[Mon Feb  5 11:20:52 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb  5 11:20:52 CET 2018] ret='3'
[Mon Feb  5 11:20:52 CET 2018] response
[Mon Feb  5 11:20:52 CET 2018] Can not init api.
[Mon Feb  5 11:20:53 CET 2018] Le_NextRenewTime
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 1:Le_Domain='hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 2:Le_Alt='pydio.hakkers.com,pydio.vpn.hakkers.com,webmail.hakkers.com,wiki.hakkers.com,wiki.vpn.hakkers.com,mc-01.hakkers.com,mijninfo.hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 3:Le_Webroot='no'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 4:Le_PreHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 5:Le_PostHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 6:Le_RenewHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 7:Le_API='/directory'
[Mon Feb  5 11:20:53 CET 2018] _on_before_issue
[Mon Feb  5 11:20:53 CET 2018] 'no' contains 'no'
[Mon Feb  5 11:20:53 CET 2018] socat exists=0
[Mon Feb  5 11:20:53 CET 2018] Le_LocalAddress
[Mon Feb  5 11:20:53 CET 2018] Check for domain='hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] _currentRoot='no'
[Mon Feb  5 11:20:53 CET 2018] Standalone mode.
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 8:Le_HTTPPort='8126'
[Mon Feb  5 11:20:53 CET 2018] _checkport='8126'
[Mon Feb  5 11:20:53 CET 2018] _checkaddr
[Mon Feb  5 11:20:53 CET 2018] ss exists=127
[Mon Feb  5 11:20:53 CET 2018] netstat exists=0
[Mon Feb  5 11:20:53 CET 2018] Using: netstat
...

Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Not a Bug
  • Assignee set to Jim Pingle

It works fine here, it looks like it's something in your configuration, probably a problem with the key. If it can't determine if the key is using the production or staging server it doesn't populate the API URL, which is what appears to have happened.

Your log:

[Mon Feb  5 11:20:52 CET 2018] Using ACME_DIRECTORY: /directory
[Mon Feb  5 11:20:52 CET 2018] _init api for server: /directory

Should be this:

[Mon Feb  5 08:21:03 EST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Feb  5 08:21:03 EST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory

Edit the entry on the keys tab, make sure production is selected, then make sure that key is selected on the certificate.

If that doesn't help, follow up on the forum or reddit for more discussion. If a bug is uncovered, we can open a more specific issue at that time.

Actions

Also available in: Atom PDF