"detail": "Error creating new order :: Issuance for IP addresses not supported",

sibeeshvenu · April 1, 2019, 9:49am

Hi Team,

Greetings!.

I am trying to enable https on my Azure UCS VM and I am using Let’s Encrypt UCS application for the same. But even though I am providing the DNS name instead of IP address I am still getting an error as Error creating new order :: Issuance for IP addresses not supported when I add my domain in Let’s Encrypt app settings. Can anyone please help me with this. Any help is really appreciated. Thank you.!

I just looked in to the logs and here is the content.

Create letsencrypt/status
Fr 29. Mär 12:39:30 CET 2019
Refreshing certificate for following domains:
https://lmz-dev.northeurope.cloudapp.azure.com/
Parsing account key...
Parsing CSR...
Traceback (most recent call last):
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 197, in <module>
    main(sys.argv[1:])
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 193, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 90, in get_crt
    out = _cmd(["openssl", "req", "-in", csr, "-noout", "-text"], err_msg="Error loading {0}".format(csr))
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 28, in _cmd
    raise IOError("{0}\n{1}".format(err_msg, err))
IOError: Error loading /etc/univention/letsencrypt/domain.csr
unable to load X509 request
139707857842240:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:686:Expecting: CERTIFICATE REQUEST

Setting letsencrypt/status
Setting letsencrypt/services/apache2
File: /etc/apache2/sites-available/univention-letsencrypt.conf
Fr 29. Mär 12:44:20 CET 2019
Refreshing certificate for following domains:
https://lmz-dev.northeurope.cloudapp.azure.com/
Parsing account key...
Parsing CSR...
Traceback (most recent call last):
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 197, in <module>
    main(sys.argv[1:])
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 193, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 90, in get_crt
    out = _cmd(["openssl", "req", "-in", csr, "-noout", "-text"], err_msg="Error loading {0}".format(csr))
  File "/usr/share/univention-letsencrypt/acme_tiny.py", line 28, in _cmd
    raise IOError("{0}\n{1}".format(err_msg, err))
IOError: Error loading /etc/univention/letsencrypt/domain.csr
unable to load X509 request
140626029727808:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:686:Expecting: CERTIFICATE REQUEST

Setting letsencrypt/status
Setting letsencrypt/services/apache2
File: /etc/apache2/sites-available/univention-letsencrypt.conf

Kindest Regards
Sibeesh Venu

gulden · April 1, 2019, 10:46am

Hello @sibeeshvenu,

please enter the domain name without https… at the beginning, just the domain name. What’s the result then?

Best regards,
Nico

sibeeshvenu · April 1, 2019, 11:39am

I tried that as well. The result is same.

sibeeshvenu · April 1, 2019, 11:48am

I just checked now, and it is working now. I had to uninstall and reinstall the Let’s Encrypt application and then update the settings with only the domain name as you have suggested. Thank you.