site certification problem with the l'etsencrypt

Discussion in 'Installation/Configuration' started by mymmo73, Jan 25, 2021.

  1. mymmo73

    mymmo73 Member

    I use a web server, my ip ends with 59
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    and what about the second question?
     
  3. mymmo73

    mymmo73 Member

    i confirmed what you asked me, i don't have a router because i use a web server, my ip of the web server ends with 59 i hope i have explained ..
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Using a web server is no indication if a router is used in front of the webserver or not. That's why I asked again.

    Back to the topic, the SSL cert is not requested because the domain is unreachable from the server and the Let's encrypt check fails. That's typical for NAT routers. What you can try is that you disable the let's encrypt check under System > server config > web and try again.
     
  5. mymmo73

    mymmo73 Member

    ok if I understand correctly I do so System> server config> web> SSL settings> Enable SNI, then I remove the flag right?
     
  6. mymmo73

    mymmo73 Member

    I performed the operation you indicated, I tried to certify the domain but it returns the following message "SNI for SSL is not activated on this server. You can enable only one SSL certificate on each IP address."
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    No, it is Server Config > Web > SSL Settings > Skip Lets Encrypt Check.
     
  8. mymmo73

    mymmo73 Member

    Code:
    [Tue 26 Jan 2021 09:12:06 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] Getting webroot for domain='inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] _w='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw","token":"fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo"'
    [Tue 26 Jan 2021 09:12:06 AM CET] token='fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo'
    [Tue 26 Jan 2021 09:12:06 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:06 AM CET] keyauthorization='fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 09:12:06 AM CET] dvlist='inps-bonus.it#fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw#http-01#/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] d='www.inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] Getting webroot for domain='www.inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] _w='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q","token":"O71HizL2s-K4THThODWNTVZx8N_B-dOWCsaI_OrNkBc"'
    [Tue 26 Jan 2021 09:12:06 AM CET] token='O71HizL2s-K4THThODWNTVZx8N_B-dOWCsaI_OrNkBc'
    [Tue 26 Jan 2021 09:12:06 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q'
    [Tue 26 Jan 2021 09:12:06 AM CET] keyauthorization='O71HizL2s-K4THThODWNTVZx8N_B-dOWCsaI_OrNkBc.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 09:12:06 AM CET] dvlist='www.inps-bonus.it#O71HizL2s-K4THThODWNTVZx8N_B-dOWCsaI_OrNkBc.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q#http-01#/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] d
    [Tue 26 Jan 2021 09:12:06 AM CET] vlist='inps-bonus.it#fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw#http-01#/usr/local/ispconfig/interface/acme,www.inps-bonus.it#O71HizL2s-K4THThODWNTVZx8N_B-dOWCsaI_OrNkBc.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q#http-01#/usr/local/ispconfig/interface/acme,'
    [Tue 26 Jan 2021 09:12:06 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] d='www.inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] ok, let's start to verify
    [Tue 26 Jan 2021 09:12:06 AM CET] Verifying: inps-bonus.it
    [Tue 26 Jan 2021 09:12:06 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 09:12:06 AM CET] keyauthorization='fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 09:12:06 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:06 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 09:12:06 AM CET] wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
    [Tue 26 Jan 2021 09:12:06 AM CET] writing token:fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo
    [Tue 26 Jan 2021 09:12:06 AM CET] Changing owner/group of .well-known to ispconfig:ispconfig
    [Tue 26 Jan 2021 09:12:06 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:06 AM CET] payload='{}'
    [Tue 26 Jan 2021 09:12:06 AM CET] POST
    [Tue 26 Jan 2021 09:12:06 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:06 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 09:12:07 AM CET] _ret='0'
    [Tue 26 Jan 2021 09:12:07 AM CET] code='200'
    [Tue 26 Jan 2021 09:12:07 AM CET] trigger validation code: 200
    [Tue 26 Jan 2021 09:12:07 AM CET] sleep 2 secs to verify
    [Tue 26 Jan 2021 09:12:09 AM CET] checking
    [Tue 26 Jan 2021 09:12:09 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:09 AM CET] payload
    [Tue 26 Jan 2021 09:12:09 AM CET] POST
    [Tue 26 Jan 2021 09:12:09 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:09 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 09:12:10 AM CET] _ret='0'
    [Tue 26 Jan 2021 09:12:10 AM CET] code='200'
    [Tue 26 Jan 2021 09:12:10 AM CET] inps-bonus.it:Verify error:Invalid response from http://inps-bonus.it/.well-known/acme-challenge/fdzOVwUwpxoYPh6uQjLXoFw8bPBMC-jrq3oIG39LwXo [2001:4b78:1001::1501]:
    [Tue 26 Jan 2021 09:12:10 AM CET] pid
    [Tue 26 Jan 2021 09:12:10 AM CET] No need to restore nginx, skip.
    [Tue 26 Jan 2021 09:12:10 AM CET] _clearupdns
    [Tue 26 Jan 2021 09:12:10 AM CET] dns_entries
    [Tue 26 Jan 2021 09:12:10 AM CET] skip dns.
    [Tue 26 Jan 2021 09:12:10 AM CET] _on_issue_err
    [Tue 26 Jan 2021 09:12:10 AM CET] Please check log file for more details: /var/log/ispconfig/acme.log
    [Tue 26 Jan 2021 09:12:10 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:10 AM CET] payload='{}'
    [Tue 26 Jan 2021 09:12:10 AM CET] POST
    [Tue 26 Jan 2021 09:12:10 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449763/xKRQyw'
    [Tue 26 Jan 2021 09:12:10 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 09:12:10 AM CET] _ret='0'
    [Tue 26 Jan 2021 09:12:10 AM CET] code='400'
    [Tue 26 Jan 2021 09:12:10 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q'
    [Tue 26 Jan 2021 09:12:10 AM CET] payload='{}'
    [Tue 26 Jan 2021 09:12:10 AM CET] POST
    [Tue 26 Jan 2021 09:12:10 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10366449764/MkF04Q'
    [Tue 26 Jan 2021 09:12:10 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 09:12:11 AM CET] _ret='0'
    [Tue 26 Jan 2021 09:12:11 AM CET] code='200'
    
    if it can be useful this is the updated log
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Please see post #16 for the steps that need to be taken to get the nescessary debug output after you changed the skip letsencrypt check setting.
     
  10. mymmo73

    mymmo73 Member

    ok I have performed the instructions of post number 16, this is the result in the certificate propagation phase.
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    26.01.2021-11:32 - DEBUG - Calling function 'check_phpini_changes' from plugin '                                                                                                             webserver_plugin' raised by action 'server_plugins_loaded'.
    26.01.2021-11:32 - DEBUG - Found 1 changes, starting update process.
    26.01.2021-11:32 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' r                                                                                                             aised by event 'web_domain_update'.
    26.01.2021-11:32 - DEBUG - Calling function 'update' from plugin 'apache2_plugin                                                                                                             ' raised by event 'web_domain_update'.
    26.01.2021-11:32 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/we                                                                                                             b4' - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/we                                                                                                             b4' - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web4'|                                                                                                             awk 'END{print $2,$NF}' - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return                                                                                                              code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: setquota -u 'web4' '0' '0' 0 0 -a &> /                                                                                                             dev/null - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: setquota -T -u 'web4' 604800 604800 -a                                                                                                              &> /dev/null - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/we                                                                                                             b4' - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu                                                                                                             rn code: 0
    26.01.2021-11:32 - DEBUG - Create Let's Encrypt SSL Cert for: inps-bonus.it
    26.01.2021-11:32 - DEBUG - Let's Encrypt SSL Cert domains:
    26.01.2021-11:32 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d                                                                                                              inps-bonus.it -d www.inps-bonus.it -w /usr/local/ispconfig/interface/acme --alwa                                                                                                             ys-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ;                                                                                                              then /root/.acme.sh/acme.sh --install-cert  -d inps-bonus.it -d www.inps-bonus.                                                                                                             it --key-file '/var/www/clients/client1/web4/ssl/inps-bonus.it-le.key' --fullcha                                                                                                             in-file '/var/www/clients/client1/web4/ssl/inps-bonus.it-le.crt' --reloadcmd 'sy                                                                                                             stemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$?                                                                                                              ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
    [Tue 26 Jan 2021 11:32:37 AM CET] inps-bonus.it:Verify error:Invalid response from http://inps-bonus.it/.well-known/acme-challenge/bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q [2001:4b78:1001::1501]:
    [Tue 26 Jan 2021 11:32:37 AM CET] Please check log file for more details: /var/log/ispconfig/acme.log
    26.01.2021-11:32 - WARNING - Let's Encrypt SSL Cert for: inps-bonus.it could not be issued.
    26.01.2021-11:32 - WARNING - R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d inps-bonus.it -d www.inps-bonus.it -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert  -d inps-bonus.it -d www.inps-bonus.it --key-file '/var/www/clients/client1/web4/ssl/inps-bonus.it-le.key' --fullchain-file '/var/www/clients/client1/web4/ssl/inps-bonus.it-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
    26.01.2021-11:32 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    26.01.2021-11:32 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
    26.01.2021-11:32 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web4/.php-fcgi-starter
    26.01.2021-11:32 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
    26.01.2021-11:32 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/inps-bonus.it.vhost
    26.01.2021-11:32 - DEBUG - Apache status is: running
    26.01.2021-11:32 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    26.01.2021-11:32 - DEBUG - Restarting httpd: systemctl restart apache2.service
    26.01.2021-11:32 - DEBUG - Apache restart return value is: 0
    26.01.2021-11:32 - DEBUG - Apache online status after restart is: running
    26.01.2021-11:32 - DEBUG - Processed datalog_id 122
    26.01.2021-11:32 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    instead, the second result was performed after the attempt to certify the domain was finished
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    26.01.2021-11:34 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    26.01.2021-11:34 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~#
    
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so the ispconfig check was correct to block issuing the cert as acme.sh fails as well. Try this:

    run this command as root:

    touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test.txt

    then open this URL in the browser, you should get a white page and not an error:

    http://inps-bonus.it/.well-known/acme-challenge/test.txt
     
  12. mymmo73

    mymmo73 Member

    done, I got blank page
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, really strange. I just checked it myself and connection seems to be possible. Please post the part from /var/log/ispconfig/acme.log now which is about the failed le cert request, maybe there is some additional info there now.
     
  14. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# less /var/log/ispconfig/acme.log
    [Tue 26 Jan 2021 12:52:01 AM CET] Running cmd: cron
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] default_acme_server
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] ===Starting cron===
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] _stopRenewOnError
    [Tue 26 Jan 2021 12:52:01 AM CET] _set_level='2'
    [Tue 26 Jan 2021 12:52:01 AM CET] di='/root/.acme.sh/server.tradingforum.it/'
    [Tue 26 Jan 2021 12:52:01 AM CET] d='server.tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] DOMAIN_PATH='/root/.acme.sh/server.tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Renew: 'server.tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] Skip, Next renewal time is: Wed 24 Feb 2021 05:20:58 PM UTC
    [Tue 26 Jan 2021 12:52:01 AM CET] Add '--force' to force to renew.
    [Tue 26 Jan 2021 12:52:01 AM CET] Return code: 2
    [Tue 26 Jan 2021 12:52:01 AM CET] Skipped server.tradingforum.it
    [Tue 26 Jan 2021 12:52:01 AM CET] di='/root/.acme.sh/tradingforum.it/'
    [Tue 26 Jan 2021 12:52:01 AM CET] d='tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] DOMAIN_PATH='/root/.acme.sh/tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Renew: 'tradingforum.it'
    [Tue 26 Jan 2021 12:52:01 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 12:52:01 AM CET] Skip, Next renewal time is: Sat 27 Feb 2021 10:15:40 PM UTC
    [Tue 26 Jan 2021 12:52:01 AM CET] Add '--force' to force to renew.
    [Tue 26 Jan 2021 12:52:01 AM CET] Return code: 2
    [Tue 26 Jan 2021 12:52:01 AM CET] Skipped tradingforum.it
    [Tue 26 Jan 2021 12:52:01 AM CET] _error_level='3'
    [Tue 26 Jan 2021 12:52:01 AM CET] _set_level='2'
    [Tue 26 Jan 2021 12:52:01 AM CET] ===End cron===
    [Tue 26 Jan 2021 09:05:02 AM CET] Running cmd: issue
    [Tue 26 Jan 2021 09:05:02 AM CET] _main_domain='inps-bonus.it'
    [Tue 26 Jan 2021 09:05:02 AM CET] _alt_domains='www.inps-bonus.it'
    [Tue 26 Jan 2021 09:05:02 AM CET] Using config home:/root/.acme.sh
    [Tue 26 Jan 2021 09:05:02 AM CET] default_acme_server
    [Tue 26 Jan 2021 09:05:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue 26 Jan 2021 09:05:02 AM CET] DOMAIN_PATH='/root/.acme.sh/inps-bonus.it'
    [Tue 26 Jan 2021 09:05:02 AM CET] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Tue 26 Jan 2021 09:05:02 AM CET] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Tue 26 Jan 2021 09:05:02 AM CET] GET
    /var/log/ispconfig/acme.log
    
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    The interesting parts are missing. use tail command to see the last part of a log file, not less. The less command shows the fisrt part of a file, which does not contain recent infos when it' a log file.

    use e.g.

    tail -n 500 /var/log/ispconfig/acme.log
     
  16. mymmo73

    mymmo73 Member

    Code:
    [Tue 26 Jan 2021 11:32:32 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:32 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:32 AM CET] code='200'
    [Tue 26 Jan 2021 11:32:32 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/10368905826'
    [Tue 26 Jan 2021 11:32:32 AM CET] payload
    [Tue 26 Jan 2021 11:32:32 AM CET] POST
    [Tue 26 Jan 2021 11:32:32 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/10368905826'
    [Tue 26 Jan 2021 11:32:32 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:33 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:33 AM CET] code='200'
    [Tue 26 Jan 2021 11:32:33 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] Getting webroot for domain='inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] _w='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA","token":"bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q"'
    [Tue 26 Jan 2021 11:32:33 AM CET] token='bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q'
    [Tue 26 Jan 2021 11:32:33 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:33 AM CET] keyauthorization='bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 11:32:33 AM CET] dvlist='inps-bonus.it#bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA#http-01#/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] d='www.inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] Getting webroot for domain='www.inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] _w='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA","token":"yc72DfkR-fCUMzS7LiYnywWpmA1Aj1A9VwVIXhdehi8"'
    [Tue 26 Jan 2021 11:32:33 AM CET] token='yc72DfkR-fCUMzS7LiYnywWpmA1Aj1A9VwVIXhdehi8'
    [Tue 26 Jan 2021 11:32:33 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA'
    [Tue 26 Jan 2021 11:32:33 AM CET] keyauthorization='yc72DfkR-fCUMzS7LiYnywWpmA1Aj1A9VwVIXhdehi8.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 11:32:33 AM CET] dvlist='www.inps-bonus.it#yc72DfkR-fCUMzS7LiYnywWpmA1Aj1A9VwVIXhdehi8.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA#http-01#/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] d
    [Tue 26 Jan 2021 11:32:33 AM CET] vlist='inps-bonus.it#bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA#http-01#/usr/local/ispconfig/interface/acme,www.inps-bonus.it#yc72DfkR-fCUMzS7LiYnywWpmA1Aj1A9VwVIXhdehi8.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA#http-01#/usr/local/ispconfig/interface/acme,'
    [Tue 26 Jan 2021 11:32:33 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] d='www.inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] ok, let's start to verify
    [Tue 26 Jan 2021 11:32:33 AM CET] Verifying: inps-bonus.it
    [Tue 26 Jan 2021 11:32:33 AM CET] d='inps-bonus.it'
    [Tue 26 Jan 2021 11:32:33 AM CET] keyauthorization='bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q.3GQa0vI-NyC8zPZNtlDwqOrgSwXdQ-wg0TxZ1_UD3EQ'
    [Tue 26 Jan 2021 11:32:33 AM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:33 AM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
    [Tue 26 Jan 2021 11:32:33 AM CET] wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
    [Tue 26 Jan 2021 11:32:33 AM CET] writing token:bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q
    [Tue 26 Jan 2021 11:32:33 AM CET] Changing owner/group of .well-known to ispconfig:ispconfig
    [Tue 26 Jan 2021 11:32:33 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:33 AM CET] payload='{}'
    [Tue 26 Jan 2021 11:32:33 AM CET] POST
    [Tue 26 Jan 2021 11:32:33 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:33 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:34 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:34 AM CET] code='200'
    [Tue 26 Jan 2021 11:32:34 AM CET] trigger validation code: 200
    [Tue 26 Jan 2021 11:32:34 AM CET] sleep 2 secs to verify
    [Tue 26 Jan 2021 11:32:36 AM CET] checking
    [Tue 26 Jan 2021 11:32:36 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:36 AM CET] payload
    [Tue 26 Jan 2021 11:32:36 AM CET] POST
    [Tue 26 Jan 2021 11:32:36 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:36 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:37 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:37 AM CET] code='200'
    [Tue 26 Jan 2021 11:32:37 AM CET] inps-bonus.it:Verify error:Invalid response from http://inps-bonus.it/.well-known/acme-challenge/bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q [2001:4b78:1001::1501]:
    [Tue 26 Jan 2021 11:32:37 AM CET] pid
    [Tue 26 Jan 2021 11:32:37 AM CET] No need to restore nginx, skip.
    [Tue 26 Jan 2021 11:32:37 AM CET] _clearupdns
    [Tue 26 Jan 2021 11:32:37 AM CET] dns_entries
    [Tue 26 Jan 2021 11:32:37 AM CET] skip dns.
    [Tue 26 Jan 2021 11:32:37 AM CET] _on_issue_err
    [Tue 26 Jan 2021 11:32:37 AM CET] Please check log file for more details: /var/log/ispconfig/acme.log
    [Tue 26 Jan 2021 11:32:37 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:37 AM CET] payload='{}'
    [Tue 26 Jan 2021 11:32:37 AM CET] POST
    [Tue 26 Jan 2021 11:32:37 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905825/EevURA'
    [Tue 26 Jan 2021 11:32:37 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:38 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:38 AM CET] code='400'
    [Tue 26 Jan 2021 11:32:38 AM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA'
    [Tue 26 Jan 2021 11:32:38 AM CET] payload='{}'
    [Tue 26 Jan 2021 11:32:38 AM CET] POST
    [Tue 26 Jan 2021 11:32:38 AM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/10368905826/GTHqSA'
    [Tue 26 Jan 2021 11:32:38 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Tue 26 Jan 2021 11:32:38 AM CET] _ret='0'
    [Tue 26 Jan 2021 11:32:38 AM CET] code='200'
    [email protected]:~#
    
    unfortunately the form does not make me publish the whole result
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Please run this command and post the result:

    grep -r 'bZJ1LXp87-m6sXssYa9FbVx' /var/log/nginx /var/log/ispconfig/httpd
     
  18. mymmo73

    mymmo73 Member

    here it is
    Code:
    [email protected]:~# grep -r 'bZJ1LXp87-m6sXssYa9FbVx' /var/log/nginx /var/log/ispconfig/httpd
    grep: /var/log/nginx: No such file or directory
    /var/log/ispconfig/httpd/inps-bonus.it/20210126-access.log:94.130.167.96 - - [26/Jan/2021:13:07:15 +0100] "GET /.well-known/acme-challenge/bZJ1LXp87-m6sXssYa9FbVxfucswEnEIh_vgpCTgL6Q HTTP/1.1" 404 2047 "-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/51.0"
    [email protected]:~#
    
     
  19. mymmo73

    mymmo73 Member

    do you have any other suggestions?
     
  20. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    @mymmo73 wrote in #7 host uses Apache.
    So try
    Code:
    grep -r 'bZJ1LXp87-m6sXssYa9FbVx' /var/log/apache2 /var/log/ispconfig/httpd
     

Share This Page