w2c/letsencrypt-esxi

Error in generating certificate

mbernardi82 opened this issue · 1 comments

mbernardi82 commented

Hallo,

I am getting this error. I have removed the domain but already verified that I can reach the ESXi console from Internet using the domain I used to generate the new certificate

[root@...:/tmp] /etc/init.d/w2c-letsencrypt start
Running 'start' action
Starting certificate renewal.
Existing cert issued for localhost.localdomain but current domain name is ....... Requesting a new one!
Serving HTTP on :: port 8120 (http://[::]:8120/) ...
Parsing account key...
Parsing CSR...
Found domains: .....
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/1046503447
Creating new order...
Order created!
Verifying .........
Traceback (most recent call last):
File "./acme_tiny.py", line 145, in get_crt
assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
File "./acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error:
Url: http://....../.well-known/acme-challenge/1vNofoe2lO8zUwuJkOgzg3fnLC9iuBgamSauCy4rlf4
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "./acme_tiny.py", line 199, in
main(sys.argv[1:])
File "./acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
File "./acme_tiny.py", line 147, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /opt/w2c-letsencrypt/.well-known/acme-challenge/1vNofoe2lO8zUwuJkOgzg3fnLC9iuBgamSauCy4rlf4, but couldn't download http://..../.well-known/acme-challenge/1vNofoe2lO8zUwuJkOgzg3fnLC9iuBgamSauCy4rlf4: Error:
Url: http://..../.well-known/acme-challenge/1vNofoe2lO8zUwuJkOgzg3fnLC9iuBgamSauCy4rlf4
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)>
Certificate will not expire
Warning: No cert obtained from Let's Encrypt. Keeping the existing one as it is still valid.
usage: clusterAgent [-h] ACTION
clusterAgent: error: the following arguments are required: ACTION

  • '[' '!' -d /opt/dell/fist ]
  • basename /etc/init.d/dell_fist
  • echo 'Usage: dell_fist {start,stop}'
  • exit 1
    usage: esxio-commd [-h] ACTION
    esxio-commd: error: the following arguments are required: ACTION
    logger: Invalid PID 'Usage: fsvmsockrelay '
    logger: Invalid PID '{start|stop|status|restart} [--vmci VMCI_ID]'
    usage: gpuManager [-h] ACTION
    gpuManager: error: the following arguments are required: ACTION
    hostd signalled.
    watchdog-lsud[1053680]: Terminating watchdog process with PID 1053288
    lsud stopped
    lsud started
    VMware HTTP reverse proxy signalled.
    sfcbd-init[1053765]: args ('')
    sfcbd-init[1053765]: Getting Exclusive access, please wait...
    sfcbd-init[1053765]: Exclusive access granted.
    sfcbd-init[1053776]: args ('ssl_reset')
    sfcbd-init[1053776]: Getting Exclusive access, please wait...
    sfcbd-init[1053776]: Exclusive access granted.
    sfcbd-init[1053776]: sfcbd is not running.
    logger: Invalid PID 'Usage: vdfsd '
    logger: Invalid PID '{start|stop|status|restart|'
    vpxa signalled.
    vsanperfsvc is not running.
    /etc/init.d/vvold ssl_reset, PID 1053888
    vvold is not running.
Churro commented

Please make sure to set a valid FQDN. localhost.localdomain won't work, see https://github.com/w2c/letsencrypt-esxi#prerequisites