Error: self check does not pass #12

Thanks for putting so much into this. Once I figure it out I know it will come in handy :-)

I keep getting the same error "Error: self check does not pass". I am using this example.

var staging = true;


/////////////////////
// SET USER PARAMS //
/////////////////////

var opts = {
  domains: [ 'myname.example.com' ]       // CHANGE EMAIL AND DOMAINS
, email: 'my@email.com'
, agreeTos: true                  // Accept Let's Encrypt v2 Agreement
, communityMember: true           // Help make Greenlock better by submitting
                                  // stats and getting updates
};


////////////////////
// INIT GREENLOCK //
////////////////////

var greenlock = require('greenlock').create({
  version: 'draft-11'
, server: 'https://acme-' + (staging ? 'staging-' : '') + 'v02.api.letsencrypt.org/directory'
, configDir: '/tmp/acme/etc'
});


///////////////////
// GET TLS CERTS //
///////////////////

greenlock.register(opts).then(function (certs) {
  console.log(certs);
  // privkey, cert, chain, expiresAt, issuedAt, subject, altnames
}, function (err) {
  console.error(err);
});

I don't know why I am getting this error. What id the self check? why is it failing? I am sure I am just missing some peice of info.

other notes.

I do not have port 80 or 443 available on this machine. It does have a public domain, and that much is working.

Any help would me much appreciated

Thanks

Todd

In order to decrease the likelihood of being blocked for hitting bad request rate limits I implemented a "dry run" to catch errors before the real request is made to the ACME server.

I'll update that error message to be more helpful.

Anyway, it's most likely it's because you don't have port 80 available. Now, we've got a tool for that in the oven (stay tuned), but for right now I'd suggest using le-challenge-dns, which is interactive and dns-based, instead of the default le-challenge-fs, which requires port 80.

That will help you complete your first test and get your first set of certificates.

After that you'll need to take advantage of one of the DNS-01 challenge modules, which includes Cloudflare, Digital Ocean, and AWS Route53. We're also working on a DNS service - but at the moment it's missing that crucial last 10% of work that takes the other 90% of the time.

Ok, thanks for the response. I am beginning to understand.

I shouldn't say that I don't have port 80 available, I do. It is just being controlled by a separate web server. ( not my choice ).

Do I just need to set the webroot to that sever? Would that let le-challenge-fs g through?

Todd

the answer to my question is "no".
:-(

Actually, that’s the purpose of the webroot option, so the answe is a resounding “Yes!”

Also, I updated the error handling so if you rm -rf /opt/greenlock and reinstall the latest version is may be more helpful.

If you’re still having trouble let’s get on Skype and spend a few minutes going through it together and perhaps you could help me update the documentation so that it’s more clear for others in your situation.

Oh, this is what you might want to look at for your use case:

https://git.coolaj86.com/coolaj86/greenlock-cli.js

Start there, which is already set up for webroot, and then work back to creating a custom solution with the raw greenlock APIs if you need to.

yup that is exactly what I want.

I tried it and it works. Now I just need it as a node module. I suppose I could just use child_process.exec() to wrap greenlock-cli. But that may be a little too much like the movie Inception.

I'll try to unwind it into a node module for doing the webroot option

Thanks :-)

This right here is the node module.

That cli is just a way to pass the right arguments to the module.

https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L27

https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L38

https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L61