Bug #8312: Can not init api (error code: 3) - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #8312

closed

Can not init api (error code: 3)

Added by H. de Visser about 6 years ago. Updated about 6 years ago.

Status:

Not a Bug

Priority:

Normal

Assignee:

Jim Pingle

Category:

ACME

Target version:

Start date:

02/05/2018

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

pfSense: 2.3.5_p1 (on amd64)
Acme Package: 0.1.34

Trying to manually renew our certificate, but getting error below.
Not knowledgeable enough if this report belongs with the pfSense Acme package or the acme.sh script, so starting here.

LetsEncrypt_hakkers.com
Renewing certificateaccount: hakkers.com 
server: 

/usr/local/pkg/acme/acme.sh --issue -d 'hakkers.com' -d 'pydio.hakkers.com' -d 'pydio.vpn.hakkers.com' -d 'webmail.hakkers.com' -d 'wiki.hakkers.com' -d 'wiki.vpn.hakkers.com' -d 'mc-01.hakkers.com' -d 'mijninfo.hakkers.com' --home '/tmp/acme/LetsEncrypt_hakkers.com/' --accountconf '/tmp/acme/LetsEncrypt_hakkers.com/accountconf.conf' --force --reloadCmd '/tmp/acme/LetsEncrypt_hakkers.com/reloadcmd.sh' --standalone --listen-v4 --httpport '8126' --log-level 3 --log '/tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log'

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[port] => 8126
[ipv6] => 
)
[Mon Feb 5 10:24:34 CET 2018] Standalone mode.
[Mon Feb 5 10:24:36 CET 2018] Standalone mode.
[Mon Feb 5 10:24:39 CET 2018] Standalone mode.
[Mon Feb 5 10:24:41 CET 2018] Standalone mode.
[Mon Feb 5 10:24:43 CET 2018] Standalone mode.
[Mon Feb 5 10:24:46 CET 2018] Standalone mode.
[Mon Feb 5 10:24:48 CET 2018] Standalone mode.
[Mon Feb 5 10:24:50 CET 2018] Standalone mode.
[Mon Feb 5 10:24:53 CET 2018] Registering account
[Mon Feb 5 10:24:34 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:34 CET 2018] Can not init api.
[Mon Feb 5 10:24:53 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:53 CET 2018] Can not init api.
[Mon Feb 5 10:24:53 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb 5 10:24:53 CET 2018] Can not connect to /directory to get nonce.
[Mon Feb 5 10:24:53 CET 2018] Register account Error: 
[Mon Feb 5 10:24:53 CET 2018] Please check log file for more details: /tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log

Actions

Copy link

Updated by H. de Visser about 6 years ago

Relevant portion from acme_issuecert.log:

[Mon Feb  5 11:20:52 CET 2018] readlink exists=0
[Mon Feb  5 11:20:52 CET 2018] dirname exists=0
[Mon Feb  5 11:20:52 CET 2018] Lets find script dir.
[Mon Feb  5 11:20:52 CET 2018] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Mon Feb  5 11:20:52 CET 2018] _script='/usr/local/pkg/acme/acme.sh'
[Mon Feb  5 11:20:52 CET 2018] _script_home='/usr/local/pkg/acme'
[Mon Feb  5 11:20:52 CET 2018] Using config home:/tmp/acme/LetsEncrypt_hakkers.com/
[Mon Feb  5 11:20:52 CET 2018] APP
[Mon Feb  5 11:20:52 CET 2018] 2:LOG_FILE='/tmp/acme/LetsEncrypt_hakkers.com/acme_issuecert.log'
[Mon Feb  5 11:20:52 CET 2018] APP
[Mon Feb  5 11:20:52 CET 2018] 3:LOG_LEVEL='3'
[Mon Feb  5 11:20:52 CET 2018] LE_WORKING_DIR='/tmp/acme/LetsEncrypt_hakkers.com/'
[Mon Feb  5 11:20:52 CET 2018] Using config home:/tmp/acme/LetsEncrypt_hakkers.com/
[Mon Feb  5 11:20:52 CET 2018] ACME_DIRECTORY='/directory'
[Mon Feb  5 11:20:52 CET 2018] _ACME_SERVER_HOST='directory'
[Mon Feb  5 11:20:52 CET 2018] CA_CONF='/tmp/acme/LetsEncrypt_hakkers.com//ca/directory/ca.conf'
[Mon Feb  5 11:20:52 CET 2018] DOMAIN_PATH='/tmp/acme/LetsEncrypt_hakkers.com//hakkers.com'
[Mon Feb  5 11:20:52 CET 2018] Using ACME_DIRECTORY: /directory
[Mon Feb  5 11:20:52 CET 2018] _init api for server: /directory
[Mon Feb  5 11:20:52 CET 2018] GET
[Mon Feb  5 11:20:52 CET 2018] url='/directory'
[Mon Feb  5 11:20:52 CET 2018] timeout
[Mon Feb  5 11:20:52 CET 2018] curl exists=0
[Mon Feb  5 11:20:52 CET 2018] wget exists=127
[Mon Feb  5 11:20:52 CET 2018] _CURL='curl -L --silent --dump-header /tmp/acme/LetsEncrypt_hakkers.com//http.header '
[Mon Feb  5 11:20:52 CET 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Mon Feb  5 11:20:52 CET 2018] ret='3'
[Mon Feb  5 11:20:52 CET 2018] response
[Mon Feb  5 11:20:52 CET 2018] Can not init api.
[Mon Feb  5 11:20:53 CET 2018] Le_NextRenewTime
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 1:Le_Domain='hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 2:Le_Alt='pydio.hakkers.com,pydio.vpn.hakkers.com,webmail.hakkers.com,wiki.hakkers.com,wiki.vpn.hakkers.com,mc-01.hakkers.com,mijninfo.hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 3:Le_Webroot='no'
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 4:Le_PreHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 5:Le_PostHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 6:Le_RenewHook=''
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 7:Le_API='/directory'
[Mon Feb  5 11:20:53 CET 2018] _on_before_issue
[Mon Feb  5 11:20:53 CET 2018] 'no' contains 'no'
[Mon Feb  5 11:20:53 CET 2018] socat exists=0
[Mon Feb  5 11:20:53 CET 2018] Le_LocalAddress
[Mon Feb  5 11:20:53 CET 2018] Check for domain='hakkers.com'
[Mon Feb  5 11:20:53 CET 2018] _currentRoot='no'
[Mon Feb  5 11:20:53 CET 2018] Standalone mode.
[Mon Feb  5 11:20:53 CET 2018] OK
[Mon Feb  5 11:20:53 CET 2018] 8:Le_HTTPPort='8126'
[Mon Feb  5 11:20:53 CET 2018] _checkport='8126'
[Mon Feb  5 11:20:53 CET 2018] _checkaddr
[Mon Feb  5 11:20:53 CET 2018] ss exists=127
[Mon Feb  5 11:20:53 CET 2018] netstat exists=0
[Mon Feb  5 11:20:53 CET 2018] Using: netstat
...

Actions

Copy link

Updated by Jim Pingle about 6 years ago

Status changed from New to Not a Bug
Assignee set to Jim Pingle

It works fine here, it looks like it's something in your configuration, probably a problem with the key. If it can't determine if the key is using the production or staging server it doesn't populate the API URL, which is what appears to have happened.

Your log:

[Mon Feb  5 11:20:52 CET 2018] Using ACME_DIRECTORY: /directory
[Mon Feb  5 11:20:52 CET 2018] _init api for server: /directory

Should be this:

[Mon Feb  5 08:21:03 EST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Feb  5 08:21:03 EST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory

Edit the entry on the keys tab, make sure production is selected, then make sure that key is selected on the certificate.

If that doesn't help, follow up on the forum or reddit for more discussion. If a bug is uncovered, we can open a more specific issue at that time.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #8312

Can not init api (error code: 3)

Updated by H. de Visser about 6 years ago

Updated by Jim Pingle about 6 years ago