Let's encrypt fails on local sub-domains

Discussion in 'General' started by almere, Dec 18, 2016.

  1. almere

    almere Member HowtoForge Supporter

    Hey there.

    When I try to enable Let's Encrypt for a domain with sub-domains it will fail, because Let's Encrypt validator wont' be able to open acme challenge file for any sub-domain.
    Sub-domain rewrite rule:
    Code:
         
    if ($http_host = "sub.domain.com") {
           rewrite ^(?!/\b(sub|stats|error)\b)/(.*)$ /sub/$2 last;
    }
    
    Acme location:
    Code:
         
    
    location ~ /\.well-known/acme-challenge/ {
          root /usr/local/ispconfig/interface/acme/;
          index index.html index.htm;
          try_files $uri =404;
    }
    
    http://sub.domain.com/.well-known/acme-challenge/test = 404

    Please, advice.

    Thank's
     
  2. almere

    almere Member HowtoForge Supporter

  3. sjau

    sjau Local Meanie Moderator

    can you provide the actual subdomain?
     
  4. almere

    almere Member HowtoForge Supporter

  5. sjau

    sjau Local Meanie Moderator

  6. almere

    almere Member HowtoForge Supporter

    Yeah, because I changes try_files $uri =404; to try_files $uri =403; to see if it comes to that block.

    location ~ /\.well-known/acme-challenge/ {
    root /usr/local/ispconfig/interface/acme/;
    index index.html index.htm;
    try_files $uri =403;
    }
     
  7. almere

    almere Member HowtoForge Supporter

    @till would you like to help here, please?
     
  8. almere

    almere Member HowtoForge Supporter

    These one seems to work fine:
    rewrite ^(?!/(.well-known|\b(old|stats|error)\b))/(.*)$ /old/$3 last;
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Please add a report in the bugtracker so I can add the letsencrypt path exclusion that for the next release.
     
  10. sghazagh

    sghazagh New Member

    Hi,
    I have a same issue from yesterday.
    All my subdomains stopped working and now even my main site shows this error in Firefox:
    ------------------------
    Secure Connection Failed

    An error occurred during a connection to www.royalsteel.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
    ------------------

    I tried to remove all the certificates, and recreated them for my website through ISPConfig panel.
    Both SSL and Let's Encrypt checkmark stays active and certificates populated in the cert, request and key fileds.
    However, the above error persist on my Firefox if I open any subdomain or main website!
    here is the address of website: www.royalsteel.com
    I have this issue for all my websites. This one is for sample and test but still have no luck to see why it had happened after long time working fine
     

Share This Page