Forum OpenACS Q&A: Re: Trying to get https working with letsencrypt certs...
8: Re: Trying to get https working with letsencrypt certs... (response to 1)
Posted by Gustaf Neumann on 11/15/18 07:43 PM
This looks indeed strange. Just now, i have refreshed the certificate on openacs.org via letsencrypt,tcl, and everything went as expected (see log below). Maybe, your were unlucky, and the service was down at this time. One can check the availability of the API with https://letsencrypt.status.io/.
Concerning the error message: The only place in NaviServer to return a "can't' connect" error message is the following statement:
Ns_TclPrintfResult(interp, "can't connect to %s port %hu: %s", host, portNr, (Tcl_GetErrno() != 0) ? Tcl_PosixError(interp) : "reason unknown");You see, it gets its error information from Tcl. so far, i had no indication that this is unreliable.
Output from letsencrypt.tcl:
Obtaining a certificate from Let's Encrypt using the Production API: Let's Encrypt URLs: https://acme-v01.api.letsencrypt.org/acme/key-change https://acme-v01.api.letsencrypt.org/acme/new-authz https://acme-v01.api.letsencrypt.org/acme/new-cert https://acme-v01.api.letsencrypt.org/acme/new-reg https://acme-v01.api.letsencrypt.org/acme/revoke-cert Reuse existing account registration at Let's Encrypt Authorizing account for domain openacs.org... returned HTTP status 201 ... getting HTTP challenge... returned HTTP status 202 ... validating the challenge... status: pending ... retry after one second... status: pending ... retry after one second... status: valid ...