[SOLVED]Letsencrypt domain not verified (wordpress)

Discussion in 'Installation/Configuration' started by Tuumke, Jan 20, 2017.

  1. Tuumke

    Tuumke Member

    I'm running ISPConfig 3.1 latest for my own domains.
    Having a multi server setup:
    1 'Main' server with all services
    1 Second server wich is a mirror of the 1st
    1 Second DNS server with dns only

    All seems to be working fine, thanks for the great tutorials! :)

    I've got about 4 domains on ISPconfig. For 3 domains, lets encrypt works fine. For the main domain, i cant get the certificate verified.
    It sees the website, no owner information is supplied but verification is niet specified.
    https://www.tsictdiensten.nl

    Code:
    2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem. Your cert will expire on 2017-04-20. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew"
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Take look at the letsencypt log to see why they can not issue the cert.
     
  3. Tuumke

    Tuumke Member

    That's the thing. There are not errors in /var/log/letsencrypt/letsencrypt.log

    Code:
    HTTP 200
    Server: nginx
    Content-Type: application/pkix-cert
    Content-Length: 1174
    Boulder-Request-Id: xxxxxxxxxxxxxxxxxxxxxxxx
    Replay-Nonce: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Fri, 20 Jan 2017 07:45:09 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Fri, 20 Jan 2017 07:45:09 GMT
    Connection: keep-alive
    
    -snip-
    
    2017-01-20 07:45:09,048:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/tsictdiensten.nl and live directory /etc/letsencrypt/live/tsictdiensten.nl created.
    2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/tsictdiensten.nl/cert.pem.
    2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/tsictdiensten.nl/privkey.pem.
    2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/tsictdiensten.nl/chain.pem.
    2017-01-20 07:45:09,050:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem.
    2017-01-20 07:45:09,050:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/tsictdiensten.nl/README.
    2017-01-20 07:45:10,577:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/tsictdiensten.nl.conf.
    2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem. Your cert will expire on 2017-04-20. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew"
    2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:
    
    Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
    Donating to EFF:  https://eff.org/donate-le
    
    -edit-
    Can i turn of let's encrypt for the websites, remote the files created in /etc/letsencrypt, then turn it back on the websites? Will that give me a fresh start?
     
    Last edited: Jan 20, 2017
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The log looks fine indeed. you can try to disable LE for this one website, then wait a minute and then enable it again and see if the checkbox stays enabled after a minute.
     
  5. Tuumke

    Tuumke Member

    Hm, ended up disabling ssl + LE, deleting the files inside the /etc/letsencrypt/archive,live,renew etc folders.
    Then f*cked up my webserver, because somehow it hadnt synced the disable ssl yet. Manualy edited out the SSL settings from the .vhost files.
    Then rebooted. Deleted all websites and recreated them (wasnt hosting any actual websites yet, except from my main site, restored backup from that site).
    Now all SSL seems to be fine.
     
  6. Tuumke

    Tuumke Member

    Nope, still not alright :(
    Somehow the domain cannot be validated? Any more debugging ideas?
     
  7. Tuumke

    Tuumke Member

    Not getting anywhere yet :(
    Also, seeing debugging error in the log about an outdate version. The /opt/certbot/certbot-auto.sh is different version then /root/.local/share/letsencrypt/bin/letsencrypt file?

    If i turn of the SSL+LE, wait 1 min then turn it back on, the LE log shows:

    2017-01-23 07:47:03,493:INFO:certbot.renewal:Cert not yet due for renewal
    2017-01-23 07:47:03,493:INFO:certbot.main:Keeping the existing certificate
    But i need it to make a new cert, so that validations is started again. Should i revoke this cert somehow?

    -edit-
    Too many certificates already issued for exact set of domains:
    Have to wait for a week..
     
    Last edited: Jan 23, 2017
  8. sjau

    sjau Local Meanie Moderator

    you need to force renewal. Not too many certs issued but the issued certs are too far from expiration.
     
  9. Tuumke

    Tuumke Member

    Yeah but how to force it?
    -edit-
    I guess i should have mentioned that i removed the domain in /etc/letsencrypt/*/domain/
     
  10. Tuumke

    Tuumke Member

    So, i could request a new certificate today.
    Somehow, DNS-> NS01 and TLS-01 keep pending?
    It does write the certificates eventually.
    Code:
    Connection: keep-alive
    
    {
      "identifier": {
      "type": "dns",
      "value": "tsictdiensten.nl"
      },
      "status": "valid",
      "expires": "2017-03-20T08:00:06Z",
      "challenges": [
      {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxx",
      "token": "xxx"
      },
      {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxxx",
      "token": "xxxx"
      },
      {
      "type": "http-01",
      "status": "valid",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxx,
      "token": "xxxxx",
      "keyAuthorization": "6xxxxxx",
      "validationRecord": [
      {
      "url": "http://tsictdiensten.nl/.well-known/acme-challenge/xxxxxx",
      "hostname": "tsictdiensten.nl",
      "port": "80",
      "addressesResolved": [
      "92.222.70.196"
      ],
      "addressUsed": "92.222.70.196"
      }
    
    -btw-
    Does LetsEncrypt or ISPConfig install somethign from puppetlabs?
     
    Last edited: Jan 27, 2017
  11. Tuumke

    Tuumke Member

    @till any ideas?

    -edit-
    what the f? Whenever i move index.php to index.php_old and visit my website, i get the 404. But when i go to the https at that point, certificate works...

    -edit2-
    Probably something in the sourcecode pointing to http instead of https. None lets-encrypt error.
     
    Last edited: Feb 2, 2017
  12. Tuumke

    Tuumke Member

    @till or @sjau solved! Had some http references to images on the interwebs =O (default template.. lal)
    Fixed now! https working as intended :)
    Thnx for the support.
     

Share This Page