[SOLVED] Cluster Letsencrypt SSL

lweidig

Active Member
Oct 20, 2011
104
2
38
Sheboygan, WI
We have a Proxmox 5.1 cluster and were trying to follow the directions for LetsEncrypt SSL certificates for the nodes. We are following the directions at:

https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer)

These directions worked great for the first node in the cluster. However, when I try to get certificates for any of the other nodes at step 5 when I attempt to issue the certificate I get:

[Thu Dec 7 12:43:49 CST 2017] Standalone mode.
[Thu Dec 7 12:43:49 CST 2017] Registering account
[Thu Dec 7 12:43:49 CST 2017] Already registered
[Thu Dec 7 12:43:49 CST 2017] Update account error.
[Thu Dec 7 12:43:49 CST 2017] Please check log file for more details: /root/.acme.sh/acme.sh.log
Any suggestions how to get certificates issued for the remaining nodes in the cluster?
 
well - what does the log say?
 
Here is a slightly scrubbed log but the host / email address are correct and DNS resolvable forward / reverse:

Code:
# cat acme.sh.log
[Mon Dec 11 07:29:01 CST 2017] DOMAIN_PATH='/root/.acme.sh/xxxxx.excel.net'
[Mon Dec 11 07:29:01 CST 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Dec 11 07:29:01 CST 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Dec 11 07:29:01 CST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Dec 11 07:29:01 CST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Dec 11 07:29:01 CST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Dec 11 07:29:01 CST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Dec 11 07:29:01 CST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Dec 11 07:29:01 CST 2017] Le_NextRenewTime
[Mon Dec 11 07:29:02 CST 2017] _on_before_issue
[Mon Dec 11 07:29:02 CST 2017] Le_LocalAddress
[Mon Dec 11 07:29:02 CST 2017] Check for domain='xxxxx.excel.net'
[Mon Dec 11 07:29:02 CST 2017] _currentRoot='no'
[Mon Dec 11 07:29:02 CST 2017] Standalone mode.
[Mon Dec 11 07:29:02 CST 2017] _checkport='80'
[Mon Dec 11 07:29:02 CST 2017] _checkaddr
[Mon Dec 11 07:29:02 CST 2017] Using: ss
[Mon Dec 11 07:29:02 CST 2017] Using config home:/root/.acme.sh
[Mon Dec 11 07:29:02 CST 2017] RSA key
[Mon Dec 11 07:29:02 CST 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Dec 11 07:29:02 CST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Dec 11 07:29:02 CST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Dec 11 07:29:02 CST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Dec 11 07:29:02 CST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Dec 11 07:29:02 CST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Dec 11 07:29:02 CST 2017] AGREEMENT
[Mon Dec 11 07:29:02 CST 2017] Registering account
[Mon Dec 11 07:29:02 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Dec 11 07:29:02 CST 2017] payload='{"resource": "new-reg", "contact": ["mailto: xxxxx@excel.net"], "agreement": ""}'
[Mon Dec 11 07:29:02 CST 2017] GET
[Mon Dec 11 07:29:02 CST 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Dec 11 07:29:02 CST 2017] timeout
[Mon Dec 11 07:29:02 CST 2017] _WGET='wget -q --content-on-error '
[Mon Dec 11 07:29:02 CST 2017] ret='0'
[Mon Dec 11 07:29:02 CST 2017] POST
[Mon Dec 11 07:29:02 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Dec 11 07:29:02 CST 2017] _WGET='wget -q --content-on-error '
[Mon Dec 11 07:29:02 CST 2017] wget returns 8, the server returns a 'Bad request' response, lets process the response later.
[Mon Dec 11 07:29:02 CST 2017] Using sed  -i
[Mon Dec 11 07:29:02 CST 2017] _ret='0'
[Mon Dec 11 07:29:02 CST 2017] code='409'
[Mon Dec 11 07:29:02 CST 2017] Already registered
[Mon Dec 11 07:29:02 CST 2017] _accUri='https://acme-v01.api.letsencrypt.org/acme/reg/25492412'
[Mon Dec 11 07:29:02 CST 2017] _tos
[Mon Dec 11 07:29:02 CST 2017] Use default tos: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
[Mon Dec 11 07:29:02 CST 2017] AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Mon Dec 11 07:29:02 CST 2017] Update tos: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
[Mon Dec 11 07:29:02 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/25492412'
[Mon Dec 11 07:29:02 CST 2017] payload='{"resource": "reg", "contact": ["mailto: xxxxxx@excel.net"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Mon Dec 11 07:29:02 CST 2017] POST
[Mon Dec 11 07:29:02 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/25492412'
[Mon Dec 11 07:29:02 CST 2017] _WGET='wget -q --content-on-error '
[Mon Dec 11 07:29:02 CST 2017] wget returns 8, the server returns a 'Bad request' response, lets process the response later.
[Mon Dec 11 07:29:02 CST 2017] Using sed  -i
[Mon Dec 11 07:29:02 CST 2017] _ret='0'
[Mon Dec 11 07:29:02 CST 2017] code='400'
[Mon Dec 11 07:29:02 CST 2017] Update account error.
[Mon Dec 11 07:29:02 CST 2017] _on_issue_err
[Mon Dec 11 07:29:02 CST 2017] Please check log file for more details: /root/.acme.sh/acme.sh.log

Thanks!
 
Yep, that was the problem. I had installed using the zip file and not git. Changed to git and went through just as documented. Thanks for catching this!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!