Forum
wget letsencrypt.tar.gz
Rene
14 May 2016, 07:51
Trying to get letsencrypt.tar.gz through wget:
This fails. But I can it through http from [url]https://www.hiawatha-webserver.org/weblog/110[url]. Any idea?
rene@foo:/tmp$ wget https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
--2016-05-14 07:48:53-- https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
Resolving www.hiawatha-webserver.org... 2a02:348:80:c9f9::1, 141.138.201.249
Connecting to www.hiawatha-webserver.org|2a02:348:80:c9f9::1|:443... connected.
Unable to establish SSL connection.
rene@foo:/tmp$
This fails. But I can it through http from [url]https://www.hiawatha-webserver.org/weblog/110[url]. Any idea?
Hugo Leisink
14 May 2016, 08:17
Try curl instead of wget. My idea is that wget is no longer maintained.
curl -O https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
Rene
14 May 2016, 08:19
ene@foo:/tmp$ wget -d https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
DEBUG output created by Wget 1.12 on linux-gnu.
--2016-05-14 08:20:22-- https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
Resolving www.hiawatha-webserver.org... 2a02:348:80:c9f9::1, 141.138.201.249
Caching www.hiawatha-webserver.org => 2a02:348:80:c9f9::1 141.138.201.249
Connecting to www.hiawatha-webserver.org|2a02:348:80:c9f9::1|:443... connected.
Created socket 3.
Releasing 0x00000000023bc730 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
Closed fd 3
Unable to establish SSL connection.
rene@foo:/tmp$
Rene
14 May 2016, 08:21
Test with curl:
rene@foo:/tmp$ curl -O https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
rene@foo:/tmp$
Rene
14 May 2016, 08:26
Looks like my OpenSSL on the system is outdated 
I will investigte further. Thanks anyway !
I will investigte further. Thanks anyway !Hugo Leisink
14 May 2016, 08:53
Yes, it does! My webserver only accepted TLS v1.2. I've changed this minimum version back to 1.0.
Mustafa Ramadhan
14 May 2016, 09:45
Use:
wget wget https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz --no-check-certificate
Rene
14 May 2016, 12:37
Thanks for setting TLS back to1.0. Now I'm able to download the file directly. Both wirl curl and with wget
rene@foo:/tmp$ curl -O https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10744 100 10744 0 0 100k 0 --:--:-- --:--:-- --:--:-- 120k
rene@foo:/tmp$ ls
rene@foo:/tmp$ wget https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz --secure-protocol=TLSv1 --no-check-certificate
--2016-05-14 12:39:23-- https://www.hiawatha-webserver.org/files/letsencrypt.tar.gz
Resolving www.hiawatha-webserver.org... 2a02:348:80:c9f9::1, 141.138.201.249
Connecting to www.hiawatha-webserver.org|2a02:348:80:c9f9::1|:443... connected.
WARNING: cannot verify www.hiawatha-webserver.org's certificate, issued by "/C=NL/ST=Zuid-Holland/L=Delft/O=Leisink.net/CN=Leisink.net CA/emailAddress=hugo@leisink.net":
Unable to locally verify the issuer's authority.
WARNING: certificate common name "*.leisink.net" doesn't match requested host name "www.hiawatha-webserver.org".
HTTP request sent, awaiting response... 200 OK
Length: 10744 (10K) [application/x-gzip]
Saving to: "letsencrypt.tar.gz.1"
100%[========================================================================================================================================>] 10,744 --.-K/s in 0.001s
2016-05-14 12:39:23 (6.97 MB/s) - "letsencrypt.tar.gz.1" saved [10744/10744]
rene@foo:/tmp$
Rene
14 May 2016, 14:49
Yes, I have my main site working with Let's Encrypt and hiawatha 10.2 Now it is https 
A remark about the README.txt:
- Since I first tested on my 'production' server, the account.key was already occupied for this test. So I had rename it, and register again, before I could get my trusted production certificate. Is this correct or did I something wrong?
And a remark about https://www.hiawatha-webserver.org/howto/bindings:
- When I specify my main acount certficate at the Bindings section, to get an https connection for my main account, all my other Virtual hosts will use that certificate for https. So this is not correct. If I leave the TLSCertFile empty at the Bindings section, and I only specify it at my VirtualHost, the https connection will fail totaly.
But when I specify an other account certificate at the Bindings section, then all my VirtualHost sections will work correct with https. Including my main certificate.
Can you explain this behavior? I do not understand this behavior of certificate at Bindings section vs VirtualHost section in relation to usage (allthough it works fine for me now).
Also please update/add information about Let's Encrypt at https://www.hiawatha-webserver.org/howto/bindings, how to use this in combination with Let's Encrypt.
Thanks for providing this usefull script for LetsEncrypt together with Hiawatha.
A remark about the README.txt:
- Since I first tested on my 'production' server, the account.key was already occupied for this test. So I had rename it, and register again, before I could get my trusted production certificate. Is this correct or did I something wrong?
And a remark about https://www.hiawatha-webserver.org/howto/bindings:
- When I specify my main acount certficate at the Bindings section, to get an https connection for my main account, all my other Virtual hosts will use that certificate for https. So this is not correct. If I leave the TLSCertFile empty at the Bindings section, and I only specify it at my VirtualHost, the https connection will fail totaly.
But when I specify an other account certificate at the Bindings section, then all my VirtualHost sections will work correct with https. Including my main certificate.
Can you explain this behavior? I do not understand this behavior of certificate at Bindings section vs VirtualHost section in relation to usage (allthough it works fine for me now).
Also please update/add information about Let's Encrypt at https://www.hiawatha-webserver.org/howto/bindings, how to use this in combination with Let's Encrypt.
Thanks for providing this usefull script for LetsEncrypt together with Hiawatha.
Hugo Leisink
16 May 2016, 10:31
I don't understand what you mean with 'the account.key was already occupied'.
You need to specify a TLS cert for a binding in order to make it a TLS binding. A binding without a TLScertFile option set is a normal plain text HTTP binding. The certificate specified at the binding is the default certificate, in case a virtual host has no certificate specified or a client uses a hostname unknown to the webserver.
You need to specify a TLS cert for a binding in order to make it a TLS binding. A binding without a TLScertFile option set is a normal plain text HTTP binding. The certificate specified at the binding is the default certificate, in case a virtual host has no certificate specified or a client uses a hostname unknown to the webserver.
Rene
18 May 2016, 20:13
When I used my 'old' acount.key at the production Let's encrypt, I got the same as mentioned in https://www.hiawatha-webserver.org/weblog/110
So when I created a 'new' account key, it worked fine.
In my case my test certificate was on the same box (test = production).
- Retrieving HTTP authentication challenge.
- No registration exists matching provided key.
- Authentication token for HTTP challenge not found.
- No registration exists matching provided key.
- Authentication token for HTTP challenge not found.
So when I created a 'new' account key, it worked fine.
In my case my test certificate was on the same box (test = production).
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
