Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when try to reach out to acme-v01 #75

Open
riccardomanfrin opened this issue Feb 14, 2022 · 1 comment
Open

Error when try to reach out to acme-v01 #75

riccardomanfrin opened this issue Feb 14, 2022 · 1 comment

Comments

@riccardomanfrin
Copy link

Ciao,

I'm following the instruction from the hexdocs. I did not configure the :server option which is therefore defaulted to https://acme-v01.api.letsencrypt.org/ here:

certbot/lib/certbot/config.ex

Line 44 in bd3edba

server: opts[:server] || "https://acme-v01.api.letsencrypt.org/",

When I start the application I get this error:

** (Mix) Could not start application app: App.start(:normal, []) returned an error: shutdown: failed to start child: App.CertbotClient
    ** (EXIT) an exception was raised:
        ** (MatchError) no match of right hand side value: {:error, :nxdomain}
            (acme 0.5.1) lib/acme/client.ex:188: Acme.Client.request/3
            (acme 0.5.1) lib/acme/client.ex:69: Acme.Client.initialize/1
            (certbot 0.5.1) lib/certbot/acme/client.ex:7: Certbot.Acme.Client.init/1
            (stdlib 3.15.1) gen_server.erl:423: :gen_server.init_it/2
            (stdlib 3.15.1) gen_server.erl:390: :gen_server.init_it/6
            (stdlib 3.15.1) proc_lib.erl:226: :proc_lib.init_p_do_apply/3

Now I'm not super expert about the whole process, but a dns lookup to acme-v01.api.letsencrypt.org gives me no results and shows the same nxdomain (non existent domain) problem I saw in the stack trace:

$> nslookup acme-v01.api.letsencrypt.org
Server:		192....
Address:	192.....#53

** server can't find acme-v01.api.letsencrypt.org: NXDOMAIN

Instead a lookup to acme-v02.api.letsencrypt.org works allright:

$> nslookup acme-v02.api.letsencrypt.org
Server:		192....
Address:	192.....#53

Non-authoritative answer:
acme-v02.api.letsencrypt.org	canonical name = prod.api.letsencrypt.org.
prod.api.letsencrypt.org	canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
Name:	ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 172.65.32.248
Name:	ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 2606:4700:60:0:f53d:5624:85c7:3a2c

Now reading here and there I found this post: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

so I'm wondering if it is right to try to talk to acme-v01 or if I'm set up to hit a wall there?

Thanks
@maartenvanvliet
Copy link
Owner

The project aims at the v1 protocol. I haven't looked too closely but V2 support would not be too hard to add I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maartenvanvliet @riccardomanfrin