added some basic troubleshooting that helped me resolve my issue
parent
53d2caa1a6
commit
070ab4c16c
|
@ -11,4 +11,31 @@ To output more detailed info:
|
||||||
|
|
||||||
```
|
```
|
||||||
acme.sh --issue .......... --debug 2
|
acme.sh --issue .......... --debug 2
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Common Root Cause of issue:
|
||||||
|
#### Port 80 is blocked
|
||||||
|
If your ISP blocks port 80, any webroot based authentication will fail
|
||||||
|
You can test this by running this command: curl -IkL -m20 http://<your domain> from OUTSIDE your local network.
|
||||||
|
|
||||||
|
### Common Errors using DNS API:
|
||||||
|
#### Mistake 1: Clumsy fingers - newline in ~/.acme.sh/account.conf
|
||||||
|
If you type in the api key or private key and accidentally put in a newline or a typo, check and ensure the keys look right in ~/.acme.sh/account.conf
|
||||||
|
|
||||||
|
#### I still see my old keys (when moving from letsencrypt bot to .acme.sh)
|
||||||
|
Needed step - point nginx configuration to new acme based keys
|
||||||
|
If you still see the old keys being used, even after finally getting the dns based authentication to work.
|
||||||
|
You may need to comment out the previous keys from the letsencrypt bot, and point to the new folder:
|
||||||
|
|
||||||
|
> `# RSA certificate`
|
||||||
|
>
|
||||||
|
> #ssl_certificate /etc/letsencrypt/live/<your domain>/fullchain.pem; # managed by Certbot
|
||||||
|
>
|
||||||
|
> #ssl_certificate_key /etc/letsencrypt/live/<your domain>/privkey.pem; # managed by Certbot
|
||||||
|
>
|
||||||
|
> ssl_certificate <your home directory>/.acme.sh/<your domain>/fullchain.cer;
|
||||||
|
>
|
||||||
|
> ssl_certificate_key <your home directory>/.acme.sh/<your domain>/<your domain>.key;
|
||||||
|
|
||||||
|
#### Do I need to include the webroot `-w <my webroot>` for DNS?
|
||||||
|
No! You'll end up back failing the port 80 access to your webroot folder if that was your issue.
|
Loading…
Reference in New Issue