Let's Encrypt request failed

NethServer Version: 7.8.2003
Module: SOGo

hi i have a problem when i want to request a certificat on a new nethserver : i have this after few second :slight_smile:

Challenge failed for domain srvccas.ccas-coulogne.fr Some challenges have failed.

Here Log File :

Blockquote
2020-07-08 07:56:35,024:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-07-08 07:56:35,157:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2020-07-08 07:56:35,162:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
“UJR3qkVLFZY”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
letsencrypt.org
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “Staging Environment - Let's Encrypt
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
2020-07-08 07:56:35,832:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
2020-07-08 07:56:36,072:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf;rel=“terms-of-service”
location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/14589066
2020-07-08 07:56:36,237:DEBUG:certbot._internal.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
2020-07-08 07:56:36,238:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=u’valid’, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(u’mailto:service.informatique@mairie-coulogne.fr’,), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7efc774f7b90>)>), external_account_binding=None), uri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/14589066’, new_authzr_uri=None, terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), c19b6a0b5d29920a7baf3fb9a41a7aaa, Meta(creation_host=‘srvccas.ccas-coulogne.fr’, creation_dt=datetime.datetime(2020, 7, 8, 5, 56, 36, tzinfo=)))>
2020-07-08 07:56:36,292:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
2020-07-08 07:56:36,294:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2020-07-08 07:56:36,295:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/14589066/111388028
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/14589066/111388028
2020-07-08 07:56:36,515:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/oz5eLA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/M4InXQ”,
2020-07-08 07:56:36,677:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
2020-07-08 07:56:37,840:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/oz5eLA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/M4InXQ”,
2020-07-08 07:56:41,003:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/oz5eLA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/M4InXQ”,
2020-07-08 07:56:44,166:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/oz5eLA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/M4InXQ”,
2020-07-08 07:56:47,407:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/oz5eLA”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/M4InXQ”,
2020-07-08 07:56:50,570:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/74084313:
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/74084313/Q-SfDA”,

Blockquote

Thank’s for your help

@Elberton

Salut!

I’m using english here, even though I can speak/write passable french. Just in case we find a solution, this can help others.

I have verified the information in the logs above.

The DNS name “srvccas.ccas-coulogne.fr” resolves to 37.58.186.91.
This much is OK.

However, the server does NOT react with http, only with https.
A normal NethServer will usually react on http and redirect you to https…

Now, LetsEncrypt checks your server with http, using the name, to verify if it’s really your server.
And http is not working…

Solution:
If NethServer is NOT your firewall/gateway, allow http (Port 80) to your NethServer, not only https!
If NethServer is your Firewall, also allow http access from the Internet!

Verify that it works from outside (The Internet) and you should be good to go!
-> Request LetsEncrypt again, this time no errors will show anymore, you get your LetsEncrypt Certificate!

You still need to set the certificate in NethServer as Standard (default)!

Mes deux centimes
Andy

3 Likes

Hi.
I forgot that… I have another Nethserver server but i have forgot to do that…
That Ok after.

thank’s for your help !

2 Likes