Skip to content

Troubleshooting

Jump to bottom
Johannes Feichtner edited this page Jun 19, 2022 · 1 revision

Potential Issues

No Let's Encrypt certificate after installation

Problem

  • Still self-signed certificate
  • Error upon installation: Remote end closed connection without response 
$ cat /var/log/syslog.log | grep w2c
2022-05-16T12:28:01Z /opt/w2c-letsencrypt/renew.sh: Starting certificate renewal.
2022-05-16T12:28:03Z /opt/w2c-letsencrypt/renew.sh: Existing cert for example.com not issued by Let's Encrypt. Requesting a new one!
2022-05-16T12:28:11Z /opt/w2c-letsencrypt/renew.sh: Error: No cert obtained from Letsencrypt. Generating a self-signed certificate.

Resolution

  • Run the script manually and observe the output: /etc/init.d/w2c-letsencrypt start
  • Sometimes errors are shown upon first run (only) as the certificate retrieval adds a delay during VIB installation.
  • Check if the hostname is indeed reachable via defined A and/or AAAA records. If not, it will look like this:
Starting certificate renewal.
Existing cert for example.com not issued by Let's Encrypt. Requesting a new one!
Generating RSA private key, 4096 bit long modulus
****************************************************************************************************************++++
********************************************************************************************************++++
e is 65537 (0x10001)
Parsing account key...
Parsing CSR...
...
ValueError: Wrote file to /opt/w2c-letsencrypt/.well-known/acme-challenge/StMcbQ0ONjXWbFWhpvCUQ21NeVjEVUDG2C--fBFQ9Q8, but couldn't download http://example.com/.well-known/acme-challenge/StMcbQ0ONjXWbFWhpvCUQ21NeVjEVUDG2C--fBFQ9Q8: Error:
Url: http://example.com/.well-known/acme-challenge/StMcbQ0ONjXWbFWhpvCUQ21NeVjEVUDG2C--fBFQ9Q8
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>
Error: No cert obtained from Letsencrypt. Generating a self-signed certificate.

AcceptanceConfigError

During VIB Installation

Problem

$ esxcli software vib install -v /tmp/w2c-letsencrypt-esxi.vib  
 [AcceptanceConfigError]  
 VIB web-wack-creations_bootbank_w2c-letsencrypt-esxi_1.0.0-0.0.0's acceptance level is community, which is not compliant with the ImageProfile acceptance level partner  
 To change the host acceptance level, use the 'esxcli software acceptance set' command.  
 Please refer to the log file for more details.

Alternatively, the error could look like this:

VIB (web-wack-creations_bootbank_w2c-letsencrypt-esxi_1.0.0-0.0.0) failed a check of extensibility rules for acceptance level 'community': [u'(line 23: col 0) Element vib failed to validate content'].

Resolution

A) Install with -f flag: esxcli software vib install -v /tmp/w2c-letsencrypt-esxi.vib -f

B) Before installation set: esxcli software acceptance set --level=CommunitySupported

When trying to set acceptance level PartnerSupported

Problem

$ esxcli software acceptance set --level=PartnerSupported  
  [AcceptanceConfigError]  
  Unable to set acceptance level of partner due to installed VIBs  web-wack-creations_bootbank_w2c-letsencrypt-esxi_1.0.0-0.0.0 having a lower acceptance level.  
  Please refer to the log file for more details.

Resolution

esxcli software vib remove -n w2c-letsencrypt-esxi
esxcli software acceptance set --level=PartnerSupported
esxcli software vib install -v /tmp/w2c-letsencrypt-esxi.vib -f

Error during ESXi Upgrade

Problem

An ESXi upgrade via console stops with the following error:

VIB web-wack-creations_bootbank_w2c-letsencrypt-esxi_1.0.0-0.0.0's acceptance level is community, which is not compliant with the ImageProfile acceptance level partner

Resolution

A) Change the acceptance level to CommunitySupported and then repeat the update procedure:

esxcli software acceptance set --level=CommunitySupported

B) Remove w2c-letsencrypt-esxi, then update the host, and re-install it afterwards:

esxcli software vib remove -n w2c-letsencrypt-esxi
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-7.0U1d-17551050-standard
esxcli software vib install -v /tmp/w2c-letsencrypt-esxi.vib -f

C) Use the -f option to bypass the acceptance level check. E.g.:

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-7.0U1d-17551050-standard -f

Hostname is no FQDN

Problem

$ cat /var/log/syslog.log | grep w2c
2022-05-16T12:24:08Z /opt/w2c-letsencrypt/renew.sh: Error: Hostname asdf is no FQDN.

Resolution

Set an FQDN, then run the script again:

$ esxcfg-advcfg -s new-example.com /Misc/hostname`
Value of HostName is new-example.com

$ /etc/init.d/w2c-letsencrypt start
Running 'start' action
Starting certificate renewal.
Clone this wiki locally