Error: self check does not pass #12

Closed
opened 2018-05-18 04:37:43 +00:00 by Ghost · 7 comments

Thanks for putting so much into this. Once I figure it out I know it will come in handy :-)

I keep getting the same error "Error: self check does not pass". I am using this example.

var staging = true;


/////////////////////
// SET USER PARAMS //
/////////////////////

var opts = {
  domains: [ 'myname.example.com' ]       // CHANGE EMAIL AND DOMAINS
, email: 'my@email.com'
, agreeTos: true                  // Accept Let's Encrypt v2 Agreement
, communityMember: true           // Help make Greenlock better by submitting
                                  // stats and getting updates
};


////////////////////
// INIT GREENLOCK //
////////////////////

var greenlock = require('greenlock').create({
  version: 'draft-11'
, server: 'https://acme-' + (staging ? 'staging-' : '') + 'v02.api.letsencrypt.org/directory'
, configDir: '/tmp/acme/etc'
});


///////////////////
// GET TLS CERTS //
///////////////////

greenlock.register(opts).then(function (certs) {
  console.log(certs);
  // privkey, cert, chain, expiresAt, issuedAt, subject, altnames
}, function (err) {
  console.error(err);
});

I don't know why I am getting this error. What id the self check? why is it failing? I am sure I am just missing some peice of info.

other notes.

I do not have port 80 or 443 available on this machine. It does have a public domain, and that much is working.

Any help would me much appreciated

Thanks

Todd

Thanks for putting so much into this. Once I figure it out I know it will come in handy :-) I keep getting the same error "Error: self check does not pass". I am using this example. ``` var staging = true; ///////////////////// // SET USER PARAMS // ///////////////////// var opts = { domains: [ 'myname.example.com' ] // CHANGE EMAIL AND DOMAINS , email: 'my@email.com' , agreeTos: true // Accept Let's Encrypt v2 Agreement , communityMember: true // Help make Greenlock better by submitting // stats and getting updates }; //////////////////// // INIT GREENLOCK // //////////////////// var greenlock = require('greenlock').create({ version: 'draft-11' , server: 'https://acme-' + (staging ? 'staging-' : '') + 'v02.api.letsencrypt.org/directory' , configDir: '/tmp/acme/etc' }); /////////////////// // GET TLS CERTS // /////////////////// greenlock.register(opts).then(function (certs) { console.log(certs); // privkey, cert, chain, expiresAt, issuedAt, subject, altnames }, function (err) { console.error(err); }); ``` I don't know why I am getting this error. What id the self check? why is it failing? I am sure I am just missing some peice of info. other notes. I do not have port 80 or 443 available on this machine. It does have a public domain, and that much is working. Any help would me much appreciated Thanks Todd
Owner

In order to decrease the likelihood of being blocked for hitting bad request rate limits I implemented a "dry run" to catch errors before the real request is made to the ACME server.

I'll update that error message to be more helpful.

Anyway, it's most likely it's because you don't have port 80 available. Now, we've got a tool for that in the oven (stay tuned), but for right now I'd suggest using le-challenge-dns, which is interactive and dns-based, instead of the default le-challenge-fs, which requires port 80.

That will help you complete your first test and get your first set of certificates.

After that you'll need to take advantage of one of the DNS-01 challenge modules, which includes Cloudflare, Digital Ocean, and AWS Route53. We're also working on a DNS service - but at the moment it's missing that crucial last 10% of work that takes the other 90% of the time.

In order to decrease the likelihood of being blocked for hitting bad request rate limits I implemented a "dry run" to catch errors before the real request is made to the ACME server. I'll update that error message to be more helpful. Anyway, it's most likely it's because you don't have port 80 available. Now, we've got a tool for that in the oven (stay tuned), but for right now I'd suggest using `le-challenge-dns`, which is interactive and dns-based, instead of the default `le-challenge-fs`, which requires port 80. That will help you complete your first test and get your first set of certificates. After that you'll need to take advantage of one of the DNS-01 challenge modules, which includes Cloudflare, Digital Ocean, and AWS Route53. We're also working on a DNS service - but at the moment it's missing that crucial last 10% of work that takes the other 90% of the time.
Author

Ok, thanks for the response. I am beginning to understand.

I shouldn't say that I don't have port 80 available, I do. It is just being controlled by a separate web server. ( not my choice ).

Do I just need to set the webroot to that sever? Would that let le-challenge-fs g through?

Todd

Ok, thanks for the response. I am beginning to understand. I shouldn't say that I don't have port 80 available, I do. It is just being controlled by a separate web server. ( not my choice ). Do I just need to set the webroot to that sever? Would that let `le-challenge-fs` g through? Todd
Author

the answer to my question is "no".
:-(

the answer to my question is "no". :-(
Owner

Actually, that’s the purpose of the webroot option, so the answe is a resounding “Yes!”

Also, I updated the error handling so if you rm -rf /opt/greenlock and reinstall the latest version is may be more helpful.

If you’re still having trouble let’s get on Skype and spend a few minutes going through it together and perhaps you could help me update the documentation so that it’s more clear for others in your situation.

Actually, that’s the purpose of the webroot option, so the answe is a resounding “Yes!” Also, I updated the error handling so if you `rm -rf /opt/greenlock` and reinstall the latest version is may be more helpful. If you’re still having trouble let’s get on Skype and spend a few minutes going through it together and perhaps you could help me update the documentation so that it’s more clear for others in your situation.
Owner

Oh, this is what you might want to look at for your use case:

https://git.coolaj86.com/coolaj86/greenlock-cli.js

Start there, which is already set up for webroot, and then work back to creating a custom solution with the raw greenlock APIs if you need to.

Oh, this is what you might want to look at for your use case: https://git.coolaj86.com/coolaj86/greenlock-cli.js Start there, which is already set up for webroot, and then work back to creating a custom solution with the raw greenlock APIs if you need to.
Author

yup that is exactly what I want.

I tried it and it works. Now I just need it as a node module. I suppose I could just use child_process.exec() to wrap greenlock-cli. But that may be a little too much like the movie Inception.

I'll try to unwind it into a node module for doing the webroot option

Thanks :-)

yup that is exactly what I want. I tried it and it works. Now I just need it as a node module. I suppose I could just use child_process.exec() to wrap greenlock-cli. But that may be a little too much like the movie Inception. I'll try to unwind it into a node module for doing the webroot option Thanks :-)
Ghost closed this issue 2018-05-18 16:14:43 +00:00
Owner
This right here is the node module. That cli is just a way to pass the right arguments to the module. https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L27 https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L38 https://git.coolaj86.com/coolaj86/greenlock-cli.js/src/branch/master/index.js#L61
Sign in to join this conversation.
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/greenlock.js-ARCHIVED#12
No description provided.