So I built a lamp server to test letsencryt, dehydrated solutions your presented. For me, they all failed. I have been doing IT for 40 years and I thought I followed your instructions fairly closely. But I do have bad days.
I have a couple of wordpress servers with 10 websites on each, so I need to see a solution that works here. Just for info these are blogs and info sites for the most part and are not critical. All my customer websites are elsewhere.
Here is my whole confconsole log since install
[2019-10-28 15:14:04] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.config not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.config
[2019-10-28 15:14:05] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.hook.sh not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.hook.sh
[2019-10-28 15:14:05] dehydrated-wrapper: WARNING: /etc/cron.daily/confconsole-dehydrated not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.cron
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:14:09] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:14:09] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:14:09] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:16:43] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:16:43] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:16:44] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:45:18] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:45:18] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:45:18] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow registrations.
[2019-10-28 15:53:06] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:53:06] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:53:06] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 15:57:10] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:57:10] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:57:10] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 16:22:57] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 16:22:57] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 16:22:57] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 16:35:49] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 16:35:49] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 16:35:49] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 17:17:30] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 17:17:30] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 17:17:30] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 17:17:39] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 17:17:39] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 17:17:39] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-acct (Status 400)
I tried all Gitub fixes
So I built a lamp server to test letsencryt, dehydrated solutions your presented. For me, they all failed. I have been doing IT for 40 years and I thought I followed your instructions fairly closely. But I do have bad days.
I have a couple of wordpress servers with 10 websites on each, so I need to see a solution that works here. Just for info these are blogs and info sites for the most part and are not critical. All my customer websites are elsewhere.
Here is my whole confconsole log since install
[2019-10-28 15:14:04] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.config not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.config
[2019-10-28 15:14:05] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.hook.sh not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.hook.sh
[2019-10-28 15:14:05] dehydrated-wrapper: WARNING: /etc/cron.daily/confconsole-dehydrated not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.cron
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:14:09] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:14:09] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:14:09] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:16:43] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:16:43] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:16:44] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-10-28 15:45:18] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:45:18] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:45:18] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow registrations.
[2019-10-28 15:53:06] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:53:06] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:53:06] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 15:57:10] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 15:57:10] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 15:57:10] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 16:22:57] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 16:22:57] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 16:22:57] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 16:35:49] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 16:35:49] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 16:35:49] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 17:17:30] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 17:17:30] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 17:17:30] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
ERROR: Certificate authority doesn't allow certificate signing
[2019-10-28 17:17:39] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 17:17:39] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 17:17:39] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
+ ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-acct (Status 400)
Details:
HTTP/2 400
server: nginx
date: Mon, 28 Oct 2019 18:29:45 GMT
content-type: application/problem+json
content-length: 134
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001Fk1cV3kBRsb47W6qjKNm4swQvN0Yj7meXGlIGUerRmo
{
"type": "urn:ietf:params:acme:error:accountDoesNotExist",
"detail": "No account exists with the provided key",
"status": 400
}
[2019-10-28 18:29:45] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-10-28 18:29:45] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-10-28 18:29:45] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
I am moving to setup another server for testing purpose using wordpress since Lamp appears to use Nginx.
As I said no worries and I will watch your efforts.
Daniel Frantz