How to check the LetsEncrypt logs for errors / diagnose problems

269ac00f765508cb74b25d006dbf5bb2

Written by Dennis Nind

Last published at: February 11th, 2019

You can replicate the functionality of issuing an SSL via the following...

certbot certonly -a webroot -w /tmp -d ef-training.co.uk -d autodiscover.elitefitnesstraining.co.uk -d cpanel.elitefitnesstraining.co.uk -d ef-training.uk -d elite-fitness-training.co.uk -d elitefitnesscrosssport.co.uk -d elitefitnesscrosssportconditioning.co.uk -d elitefitnesscrosssports.com -d elitefitnesstraining.co.uk -d mail.ef-training.co.uk -d mail.ef-training.uk -d mail.elite-fitness-training.co.uk -d mail.elitefitnesscrosssport.co.uk --dry-run


When this is ran, you can extract the 'order' URL from the following logs...

/var/log/letsencrypt/letsencrypt.log


You can then visit the URL provided, which will give you a list of 'authz' - from these links, you will then be able to see the response for each auth...

root@Ubuntu-1804-bionic-64-minimal:~# cat /var/log/letsencrypt/letsencrypt.log | grep order/
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/8204054/23205007


Clicking that link will give you similar to...

{
  "status": "invalid",
  "expires": "2019-02-18T18:35:53Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "autodiscover.elitefitnesstraining.co.uk"
    },
    {
      "type": "dns",
      "value": "cpanel.elitefitnesstraining.co.uk"
    },
    {
      "type": "dns",
      "value": "ef-training.co.uk"
    },
    {
      "type": "dns",
      "value": "ef-training.uk"
    },
    {
      "type": "dns",
      "value": "elite-fitness-training.co.uk"
    },
    {
      "type": "dns",
      "value": "elitefitnesscrosssport.co.uk"
    },
    {
      "type": "dns",
      "value": "elitefitnesscrosssportconditioning.co.uk"
    },
    {
      "type": "dns",
      "value": "elitefitnesscrosssports.com"
    },
    {
      "type": "dns",
      "value": "elitefitnesstraining.co.uk"
    },
    {
      "type": "dns",
      "value": "mail.ef-training.co.uk"
    },
    {
      "type": "dns",
      "value": "mail.ef-training.uk"
    },
    {
      "type": "dns",
      "value": "mail.elite-fitness-training.co.uk"
    },
    {
      "type": "dns",
      "value": "mail.elitefitnesscrosssport.co.uk"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/5FILXPCdDcnuGH3DrIGjrOr4yjCGJOtkHkPICqClYAc",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/7Idiq6HIP0dHriEVC_ad-mUzvGdXiXroQAJ4hF4jubg",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/fzmJErH6aw3DbwDMkF4d337KOgJiPMVu-yz62Y9Eocw",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/JRZKWEawieSk2ngcyjoMGV2yikWx5ngyef-UBz5SlT0",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/KyrfOk0Gd8lhqLK8RRBgcr6UeGReMwN_Akrmj7T9oNo",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/MtVDMgLrlRNJ76r0ZJvjLKZK3td6M9-motyZkQlWHVQ",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/M_efeTNLqtrbLskm_TePB2wGDZgSAreNvyUkcgGsA7w",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/nkEh9T0ngkVeJNNxaQq1AjV6bIl65rEUNiyzANZ122Y",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/plZLwnqIgGM3dw2sTMI7ewc6nFk20ZfWbvRaNI9Mr4w",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/qz5pYb5mlQQnIPeZIN-ADiyxQltaJNDKnko4EM_ZVSQ",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/rNWphIT35rp4EZbCGDnt_709fudMOoqqAsh-l0HTfg0",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/RqpJEhOL8NotQzJHAXJyXp7SvL7bcUiZiIDY3LA8O6Y",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/zKd5IFiFnHyrwcfORgy5vV137bFNOXS2Cl-PtMi_v_Y"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8204054/23205007"
}


From here, you can now 'grep' the individual 'authz' via the logs, or alternative check them directly in a browser.