I have been trying to get an SSL certificate for a site using LetsEncrypt, "a free, automated, and open certificate authority (CA), run for the public’s benefit". There is an ACME shell script that is meant to make the process of using LetsEncrypts API easier to receive an SSL certificate. One of their methods requires you to enter in your domain name, and the webroot of your application.
acme.sh --issue -d example.com -w /home/wwwroot/example.com
However, when I try to enter this command, it says that it was unable to verify the domain. I added a --debug flag to the script command, and received this, but am not sure where the problem lies.
[Mon Sep 11 05:05:01 UTC 2017] Using config home:/home/doc4design/.acme.sh
[Mon Sep 11 05:05:01 UTC 2017] DOMAIN_PATH='/home/doc4design/.acme.sh/doc4design.com'
[Mon Sep 11 05:05:01 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:01 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:01 UTC 2017] Le_NextRenewTime
[Mon Sep 11 05:05:01 UTC 2017] _on_before_issue
[Mon Sep 11 05:05:01 UTC 2017] Le_LocalAddress
[Mon Sep 11 05:05:01 UTC 2017] Check for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Mon Sep 11 05:05:02 UTC 2017] Read key length:
[Mon Sep 11 05:05:02 UTC 2017] _createcsr
[Mon Sep 11 05:05:02 UTC 2017] Single domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] Getting domain auth token for each domain
[Mon Sep 11 05:05:02 UTC 2017] Getting webroot for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _w='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] Getting new-authz for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:02 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:03 UTC 2017] wellknown_path='/home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge'
[Mon Sep 11 05:05:03 UTC 2017] writing token:jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c to /home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8C$
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:06 UTC 2017] code='400'
Could someone who is familiar with LetsEncrypt shed some light on why LetsEncrypt can't verify my site, and issue me an SSL certificate ?
I had this on webfaction.
I see you also have a Django install.
In my case, I had to place the LetyEncrypt generated file in the same directory where the STATIC assets are located.
LetsEncrypt utility client for WebFaction hosts
I have it configured for 2 domains, and last time I checked the LetsEncrypt certificates were renewed automatically.