Acme/letsencrypt error creating directory…



  • /usr/local/pkg/acme/acme_command.sh: PHP ERROR: Type: 1, File: /usr/local/pkg/acme/acme.inc, Line: 525, Message: Uncaught exception 'RuntimeException' with message 'Couldn't create directory to expose challenge: ' in /usr/local/pkg/acme/acme.inc:525 Stack trace: #0 /usr/local/pkg/acme/acme_command.sh(58): pfsense_pkg\acme\challenge_response_put('pfw1.tracks4afr…', 'pfw.tracks4afri...', 'KxNZYWUnASAM0zQ...', 'KxNZYWUnASAM0zQ...') #1 {main} thrown

    2.3.2-RELEASE-p1
    acme 0.1.9

    Where can I see the directory it tried to create that failed?



  • Same versions and same issue here:

    Fatal error: Uncaught exception 'RuntimeException' with message 'Couldn't create directory to expose challenge: ' in /usr/local/pkg/acme/acme.inc on line 525

    RuntimeException: Couldn't create directory to expose challenge: in /usr/local/pkg/acme/acme.inc on line 525

    Call Stack:
    0.0003 232952 1. {main}() /usr/local/pkg/acme/acme_command.sh:0
    0.0870 10649896 2. pfsense_pkg\acme\challenge_response_put() /usr/local/pkg/acme/acme_command.sh:58

    PHP ERROR: Type: 1, File: /usr/local/pkg/acme/acme.inc, Line: 525, Message: Uncaught exception 'RuntimeException' with message 'Couldn't create directory to expose challenge: ' in /usr/local/pkg/acme/acme.inc:525
    Stack trace:
    #0 /usr/local/pkg/acme/acme_command.sh(58): pfsense_pkg\acme\challenge_response_put('fw.aironaut.ch', 'fw.aironaut.ch', 'uhSaYT9UeNLNsOp…', 'uhSaYT9UeNLNsOp...')
    #1 {main}
    thrown[Wed Feb 8 15:34:29 CET 2017] Pending
    [Wed Feb 8 15:34:31 CET 2017] Pending
    [Wed Feb 8 15:34:33 CET 2017] Found domain http api file: /tmp/acme/fw.aironaut.ch//httpapi/pfSenseacme.sh
    [Wed Feb 8 15:34:26 CET 2017] Error add txt for domain:
    [Wed Feb 8 15:34:33 CET 2017] fw.aironaut.ch:Verify error:Could not connect to fw.aironaut.ch
    [Wed Feb 8 15:34:34 CET 2017] Please check log file for more details: /tmp/acme/fw.aironaut.ch/acme_issuecert.log


  • Banned

    @hvisage:

    Where can I see the directory it tried to create that failed?

    Erm… that'd be the one you configured (if you are talking about the local webroot method). If you did not configure any, no wonder it doesn't work.



  • a hint where this is configured would be much appreciated


  • Banned

    In the same place where you select the method.



  • There's no field to configure a directory in pf version 2.3.2_1 and acme package 0.1.9

    Also i don't think that configuring webroot is enough, from what i saw so far LE tryes to access a document over http, but there is no webserver listening on port 80 nor is there a firewall rule allowing access from LE to 80 over WAN.
    would be great if the cert issue process ensures that LE is trying to access the document over 443 (if webif is on 443) and that there is a rule or even better open a temporary one if this is possible


  • Banned

    @roadfox:

    There's no field to configure a directory in pf version 2.3.2_1 and acme package 0.1.9

    What ???

    (And yeah you need to have a webserver running there, completely OT for this thread. See this.)




  • See attachement on how it looks on my pfsense

    Do i use a broken template i'm not aware that i changed it, but i'm absolutely not sure
    In the other thread you write "If someone really insists on using  a local webroot."
    I'm absolutely not insisting on it, but which is the prefered method to use?

    And many thank for helping and replying so quick!

    ![Bild 5.png](/public/imported_attachments/1/Bild 5.png)
    ![Bild 5.png_thumb](/public/imported_attachments/1/Bild 5.png_thumb)


  • Banned

    Click the + there.



  • oh boy, ok got it, many thanks


  • Banned



  • doktornotor pointed to the method how to set it up with HAproxy whenthereisn'tawebserveronport80*

    HOWEVER: The default nginx Webconfigurator, will also listen on port 80 when the "WebGUI redirect" is unchecked (System -> Advanced -> Admin Access)

    Then, under the certificate under the Services -> ACME, select/edit/create the certificate, you select the webroot local, and then use /usr/local/www/.well-known/acme-challenge/
    (See attachment)

    I suspect when I check that WebGUI redirect disable, then you could use the "standalone HTTP server" option…

    ![Screenshot 2017-02-13 18.39.46.png](/public/imported_attachments/1/Screenshot 2017-02-13 18.39.46.png)
    ![Screenshot 2017-02-13 18.39.46.png_thumb](/public/imported_attachments/1/Screenshot 2017-02-13 18.39.46.png_thumb)