Hi Ben

I am stuck with the certificates after successfully generating them. I have four files from letsencrypt but I am unsure how to proceed next with those files.

1. cert.pem
2. chain.pem
3. fullchain.pem
4. privkey.pem

It should be possible to upload fullchain1.pem certificate to Cloud Foundry to a Custom Domain but I do not find the right commands in the CLI. Could you please clarify about the steps needed after the certificates are created with Let's Encrypt?

Best regards,
Ben

Hi i got this error when execute the app following this tutorial : https://www.ibm.com/blogs/bluemix/2016/08/securing-custom-domains-lets-encrypt/

Certs not ready yet, retrying in 5 seconds.
Certs not ready yet, retrying in 5 seconds.
Certs not ready yet, retrying in 5 seconds.

It has been 1 minutes without seeing certificates issued in the log. Something probably went wrong. Please check the output of cf logs letsencrypt --recent for more information.

Any ideas> Thanks

I recently tried using this application and received the following output:

OUT Calling letsencrypt...
ERR Traceback (most recent call last):
ERR File "run.py", line 64, in
ERR cli.main(args)
ERR AttributeError: 'module' object has no attribute 'main'

It seems like this repository is referencing an older letsencrypt pacakage, is that right?

Also, I believe that letsencrypt dependency requires root access. Do you know of an approach to get around this stipulation?

Update to latest certbot and pip versions.

I'm using PCF on Pivotal Web Services, the SSL certs aren't getting served, the error in the logs is:

2018-04-24T23:21:23.015-07:00 [APP/PROC/WEB/0] [ERR] 10.255.149.244 - - [25/Apr/2018 06:21:23] code 501, message Unsupported method ('OPTIONS')
2018-04-24T23:21:23.015-07:00 [APP/PROC/WEB/0] [ERR] 10.255.149.244 - - [25/Apr/2018 06:21:23] "OPTIONS /.well-known/acme-challenge//cloudfoundryapplication HTTP/1.1" 501 -
2018-04-24T23:21:23.019-07:00 [RTR/11] [OUT] api-dev.event-local.com - [2018-04-25T06:21:23.011+0000] "OPTIONS /.well-known/acme-challenge//cloudfoundryapplication HTTP/1.1" 501 0 220 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" "REDACTED" "REDACTED" x_forwarded_for:"REDACTED" x_forwarded_proto:"https" vcap_request_id:"7ac50568-3316-4b03-4639-ecea659db378" response_time:0.008216018 app_id:"a199ffad-bca2-4224-b784-8dbdd0c7ffde" app_index:"0" x_b3_traceid:"678ed5356fdd553e" x_b3_spanid:"678ed5356fdd553e" x_b3_parentspanid:"-"

Add support for Cloud Foundry Diego containers.
Would need to detect if app is diego enabled, then change approach for checking/reading files as Diego removes the cf files command and introduces cf ssh commands.

Currently a single certificate will be created for all domains and hosts listed in the configuration file. It may be desirable to get a separate certificate for each domain if separate load-balancers / SSL terminators are being configured for each domain.

Mentioned by @jlstack in #1 (comment)

My domains.yml has the following:

"domains": [
  {
    "domain": "mydomain.com",
    "hosts": [
      "www"
    ]
  } 
]

The logs at the end say:

Fetch the certs and logs via cf files ...
You can get them with these commands:
cf files letsencrypt app/conf/live/mydomain.com/cert.pem
cf files letsencrypt app/conf/live/mydomain.com/chain.pem
cf files letsencrypt app/conf/live/mydomain.com/fullchain.pem
cf files letsencrypt app/conf/live/mydomain.com/privkey.pem

The files are actually located at the following locations:

cf files letsencrypt app/conf/live/www.mydomain.com/cert.pem
cf files letsencrypt app/conf/live/www.mydomain.com/chain.pem
cf files letsencrypt app/conf/live/www.mydomain.com/fullchain.pem
cf files letsencrypt app/conf/live/www.mydomain.com/privkey.pem

The scripts should fetch the certificates for me.
Watch the logs, once the certificate generation has completed, download them to the local machine and terminate the CF app (for cost saving).