Forum OpenACS Q&A: letsencrypt No account exists with the provided key

Collapse
1: letsencrypt No account exists with the provided key
Posted by Cesar Dominguez on 03/26/21 10:27 PM 
Hi ,

i have been trying to get the certificate for my site, I already setup the following :
- edit letsencrypt.tcl - added ID, password and made sure flag was set to 1.
- edited /usr/local/ns/config-fd6-prod.tcl
-added this line:
ns_param certificate $serverroot/etc/certfile.pem and verified $serverroot value is /var/www/fd6-prod

when I run letsencrypt file on my browser I got this message:





Obtaining a certificate from Let's Encrypt using the Production API:

Let's Encrypt URLs (production API):

   https://acme-v02.api.letsencrypt.org/acme/key-change
   https://acme-v02.api.letsencrypt.org/acme/new-nonce
   https://acme-v02.api.letsencrypt.org/acme/new-order
   https://acme-v02.api.letsencrypt.org/acme/new-acct
   https://acme-v02.api.letsencrypt.org/acme/revoke-cert

Reuse existing account registration at Let's Encrypt (/usr/local/ns/modules/nsssl/letsencrypt-production-account.key)
parseAccountKey /usr/local/ns/modules/nsssl/letsencrypt-production-account.key

jwk: {"e":"AQAB","kty":"RSA","n":"1iNaphOl368Bvpq8L7rXBzNyIHUBagaY5Pd76kRdEyhDSXJx4ZT6qcFvgBYfOb9LExC8DCjHbJWK89yjFwDusgpySNzjsSDz0c_5RwSkVKeL5uqtjiYV3P9Pbyr7wIlHIAJwpKSxTr-5HoCY9-7udu5CEdq8VJH3c1foJEgY_dByr4VMVabRXO5lRTdiOC5x-quSyW3SA0nvinK4g7NKgGr75OCCSGBN2E5ytPRGi2fUCWe3DrDqzhm0fguGE71MdD5hm3Ql172BUBUHtGlyuEBh1gXMSm65q9NY8GMJJI9CeaNDG8XIZL6ybaEKKrNb5Uwg98uufAoZwnQja6jsqw"}
thumbprint64: CHVhdUny3UhaCUHqT7-3Ruedzs-A6O4shAJr6SAbSnE

reply from letsencrypt:
{
  "type": "urn:ietf:params:acme:error:accountDoesNotExist",
  "detail": "No account exists with the provided key",
  "status": 400
}

authorization for existing account failed ended with HTTP status 400

   server: nginx
   date: Fri, 26 Mar 2021 21:20:25 GMT
   content-type: application/problem+json
   content-length: 134
   connection: close
   cache-control: public, max-age=0, no-cache
   link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
   replay-nonce: 0004urWDJXEmuFjNwWu0MnRx2HzWU3rjlIlxu2x_0fdQHhA



{
  "type": "urn:ietf:params:acme:error:accountDoesNotExist",
  "detail": "No account exists with the provided key",
  "status": 400
}
Collapse
2: Re: letsencrypt No account exists with the provided key (response to 1)
Posted by Gustaf Neumann on 03/27/21 08:34 AM
Dear Cesar,

there is no need to edit letsencrpt.tcl. The script creates its own account and manages it. One machine can use many letsencrypt accounts in parallel. It is actually a good idea to use one letsencrypt account for one naviserver to ease moving installations around.

Once the certificate is retrieved from letsencrypt, it is named after the first domain name (e.g. on openacs.org "openacs.org.pem") and inserted in the configuraton file in the "ns/module/nsssl" section, if it is not there already.

Hope this helps.

Collapse
3: Re: letsencrypt No account exists with the provided key (response to 1)
Posted by Cesar Dominguez on 03/30/21 01:57 AM
Dear Gustaf,

Thanks for your prompt response, yes it helped me a lot, the site is certified.

Thank you!!!

Collapse
4: Re: letsencrypt No account exists with the provided key (response to 1)
Posted by Gustaf Neumann on 04/02/21 10:47 AM
Good news!
Thanks for the feedback
Cheers -g