MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: LotsOfQ on 2017-12-17, 13:39:18

Title: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2017-12-17, 13:39:18

I can't add Let's Encrypt anymore. It was working fine before. All old ones are still working fine but can't add new ones.

Keeps getting this error. "Alert: Create Certificate failed"

Tried:

Code: [Select]

sh /script/fixssl; sh /script/fixweb; sh /script/restart-web -y
sh /script/fixdns;sh /script/restart-all;
sh /script/fixdnsaddstatsrecord

I'm out of idea. Anyone please help.

Title: Re: Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2017-12-17, 14:03:07

I've checked log and found this. It might be because I've upgraded Curl to the latest version (curl.x86_64 0:7.57.0-1.0.cf.rhel6).

Code: [Select]

7] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 77
[Sun Dec 17 04:12:21 PST 2017] Can not connect to https://acme-v01.api.letsencrypt.org/directory to get nonce.
[Sun Dec 17 04:12:21 PST 2017] Can not get domain new authz.
[Sun Dec 17 04:12:21 PST 2017] Please add '--debug' or '--log' to check more details.
[Sun Dec 17 04:12:21 PST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.shShould I downgrade it and if so, how do I downgrade?

Title: Re: Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2017-12-17, 14:45:40

Solved.

Code: [Select]

Go to https://curl.haxx.se/docs/caextract.html and download cacert.pem
rename it to ca-bundle.crt
replace  /etc/pki/tls/certs/ca-bundle.crt

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: amitkumar on 2018-01-04, 17:58:28

i am having same issues and also applied all above method but still its not working

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2018-01-07, 03:43:31

1. Did you updated curl?

2. Make sure that you actually replace ca-bundle.crt
   (Delete /etc/pki/tls/certs/ca-bundle.crt and then upload the new ca-bundle.crt)
    Then sh /script/restart-all or reboot

The first time I replaced ca-bundle.crt for some reasons it didn't do so. So I would actually opened it up to see what was inside and sure enough it was pretty blank with a few lines of notes.

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: amitkumar on 2018-01-07, 11:34:21

no, I didn't update the curl, please p0rovide me the command.

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2018-01-10, 14:34:25

Quote from: amitkumar on 2018-01-07, 11:34:21

no, I didn't update the curl, please p0rovide me the command.

https://forum.mratwork.com/kloxo-mr-technical-helps/curl-error-60-peer-certificate-cannot-be-authenticated/msg60543/#msg60543

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: mehawk on 2018-01-16, 12:02:59

Hello,

Are you still getting that issue??

Title: Re: [Solved] Let's Encrypt Alert: Create Certificate failed
Post by: LotsOfQ on 2018-01-25, 08:40:30

I did marked it "Solved" in the title.