Giters

kristapsdz / acme-client

secure ACME client

Home Page:https://kristaps.bsd.lv/acme-client

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

acme-client package on FreeBSD 11.1-RELEASE hangs

opened this issue · comments

commented

I am seeing acme-client from pkg in FreeBSD 11.1-RELEASE hang on trying to create a new certificate.
acme-client-0.1.16_1
I am seeing the same behavior with acme-client-portable compiled from source.

$ acme-client -vNn $MYDOMAIN
acme-client: acme-client: /usr/local/etc/ssl/acme/private/privkey.pem: generating RSA domain key
/usr/local/etc/acme/privkey.pem: generating RSA account key
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 118.214.136.206
acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140f:5:190::3d5
acme-client: acme-v01.api.letsencrypt.org: DNS: 2600:140f:5:185::3d5
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: $MYDOMAIN
acme-client: /usr/local/www/acme/pOhU3dDhHYyjyAM4SSkuiivzdhwgP3BnTCgwCofWf5Q: created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/6vV3EBQCqoq64zla9xtO8GQmoFqXnkPa8X-XaIu8Y-g/2135641107: challenge
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/6vV3EBQCqoq64zla9xtO8GQmoFqXnkPa8X-XaIu8Y-g/2135641107: status
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate
acme-client: http://cert.int-x3.letsencrypt.org/: full chain
acme-client: cert.int-x3.letsencrypt.org: DNS: 124.124.252.172
acme-client: cert.int-x3.letsencrypt.org: DNS: 124.124.252.99
acme-client: cert.int-x3.letsencrypt.org: DNS: 2600:1417:6d::170f:221a
acme-client: cert.int-x3.letsencrypt.org: DNS: 2600:1417:6d::170f:221b

It remains stuck at this point indefinitely until eventually terminating without writing the certificate, chain or fullchain to /usr/local/etc/ssl/acme/. I have tested with the staging servers where acme-client completes successfully without any errors. I have generated many certificates with acme-client, thank you for writing this excellent software! I am unsure why it is failing in this case and I would appreciate any assistance in troubleshooting this matter.

commented

I was running acme-client and nginx in a jail as it makes things much easier. I had NAT & port forwarding configured in PF and have had no trouble getting certificates for about a year. I tried to retrieve my certificates by running acme-client and nginx on the host and have successfully retrieved my certificates.

I am going to close this ticket now, thanks.

A small bit of dicussion on this matter can be found here: https://community.letsencrypt.org/t/acme-client-on-freebsd-failed-to-retrieve-certificates-unable-to-revoke/43826