dvoituron / azureletsencrypt Goto Github PK

Running AzureLetsEncrypt I got the following message :

2019/12/23 19:34:07 Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

May be AcmeV2 support would be fine.

Anyway thanks for the job

SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed on generate SSL.

Its my curl response:

curl -v https://acme-v02.api.letsencrypt.org/directory
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 172.65.32.248:443...

• Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: D:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
  } [5 bytes data]
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
  } [512 bytes data]
• TLSv1.3 (IN), TLS handshake, Server hello (2):
  { [122 bytes data]
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  { [19 bytes data]
• TLSv1.3 (IN), TLS handshake, Certificate (11):
  { [3025 bytes data]
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
  { [264 bytes data]
• TLSv1.3 (IN), TLS handshake, Finished (20):
  { [52 bytes data]
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  } [1 bytes data]
• TLSv1.3 (OUT), TLS handshake, Finished (20):
  } [52 bytes data]
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: CN=acme-v01.api.letsencrypt.org
• start date: Oct 18 20:04:26 2021 GMT
• expire date: Jan 16 20:04:25 2022 GMT
• subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
• issuer: C=US; O=Let's Encrypt; CN=R3
• SSL certificate verify ok.
• Using HTTP2, server supports multi-use
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  } [5 bytes data]
• Using Stream ID: 1 (easy handle 0x950360)
  } [5 bytes data]

GET /directory HTTP/2

Host: acme-v02.api.letsencrypt.org

user-agent: curl/7.71.1

accept: /

{ [5 bytes data]

• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  { [57 bytes data]
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  { [57 bytes data]
• old SSL session ID is stale, removing
  { [5 bytes data]
• Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
  } [5 bytes data]
  < HTTP/2 200

< server: nginx

< date: Thu, 21 Oct 2021 06:22:58 GMT

< content-type: application/json

< content-length: 658

< cache-control: public, max-age=0, no-cache

< x-frame-options: DENY

< strict-transport-security: max-age=604800

<

{ [658 bytes data]
100 658 100 658 0 0 3500 0 --:--:-- --:--:-- --:--:-- 3655{
"W0X5metR8HE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

• Connection #0 to host acme-v02.api.letsencrypt.org left intact

any way to fix this error?

Hello,
I have an error while generating new certificate. This is console output:
`D:\home>md AzureLetsEncrypt

D:\home>
D:\home\AzureLetsEncrypt>dotnet AzureLetsEncrypt.dll
$> Creation of './store' folder
$> openssl genrsa -out ./store/admin-bezsousedu-cz-private.key 2048
WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
....................+++
...+++
e is 65537 (0x10001)

$> openssl genrsa -out ./store/admin-bezsousedu-cz-account-le.key 4096
WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Loading 'screen' into random state - done
Generating RSA private key, 4096 bit long modulus
.....................++
..............................++
e is 65537 (0x10001)

$> Creation of 'D:/home/site/wwwroot.well-known\acme-challenge' folder
$> le64 --key ./store/admin-bezsousedu-cz-account-le.key --csr ./store/admin-bezsousedu-cz-signing-le.csr --csr-key ./store/admin-bezsousedu-cz-private.key --crt ./store/admin-bezsousedu-cz.crt --domains "admin.bezsousedu.cz" --generate-missing --path D:/home/site/wwwroot.well-known\acme-challenge\ --unlink --live
2019/12/03 15:02:14 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/12/03 15:02:14 Loading an account key from ./store/admin-bezsousedu-cz-account-le.key
2019/12/03 15:02:14 Generating a new CSR for domains admin.bezsousedu.cz
2019/12/03 15:02:14 New CSR will be based on './store/admin-bezsousedu-cz-private.key' key
2019/12/03 15:02:14 Saving a new CSR into ./store/admin-bezsousedu-cz-signing-le.csr
2019/12/03 15:02:15 Registering the account key
2019/12/03 15:02:15 Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

$> Remove the 'D:/home/site/wwwroot.well-known\acme-challenge' folder
ERROR: GENERATIION FAILED.`

Am I doing something wrong? I followed your youtute tutorial.

Many thanks.