Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
4 posts • Page 1 of 1
youradds
Posts: 130
Joined: Tue Sep 01, 2015 10:16 am

LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
  • Quote

Post by youradds » Thu Apr 13, 2017 9:54 am

Hi,

This is driving me up the wall. I just can't work out what is going :/

Using the official certbot-auto, it works fine:

Code: Select all

certbot-auto certonly -a webroot --webroot-path=/home/rachel/web/businessofbrands.co.uk/public_html  -d http://www.businessofbrands.co.uk -d cdn.businessofbrands.co.uk -d businessofbrands.co.uk
https://businessofbrands.co.uk/

But if I try and use:
letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
letsencrypt-vesta rachel businessofbrands.co.uk
or the GUI, I get "invalid response" errors. Here is one of those such errors:

Code: Select all

root@com:/usr/local/certbot# ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for businessofbrands.co.uk
http-01 challenge for www.businessofbrands.co.uk
http-01 challenge for cdn.businessofbrands.co.uk
http-01 challenge for mail.businessofbrands.co.uk
Using the webroot path /home/rachel/web/businessofbrands.co.uk/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /home/rachel/web/businessofbrands.co.uk/public_html/.well-known/acme-challenge
Failed authorization procedure. mail.businessofbrands.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.businessofbrands.co.uk
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

I really don't get why everything wont work APART from certbot-auto (which shows that the server must be setup correctly, otherwise even that wouldn't work)

I'd really appreciate some help on this. Currently I had to do a *really* messy work around:

1) Enable SSL with a self-signed (to make it work)
2) Then edit the .conf file, so it points to the LetsEncrypt generated certs
3) Reboot ngninx

The problem with that, is that because I've changed the ssl_certificate / ssl_certificate_key values to another folder (/etc/letsencrypt/live/www.businessofbrands.co.uk-0001), it doesn't seem to think SSL is enabled on the site now :(

I guess I could setup a symlink to the files, but it just seems very very messy

Has anyone else had this issue? Its the latest VestaCP (installed a few days ago), along with nginx.

Thanks!

Andy
Top

SS88
Posts: 336
Joined: Thu Nov 19, 2015 12:40 pm

Re: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
  • Quote

Post by SS88 » Mon Apr 17, 2017 9:00 pm

Code: Select all

v-add-letsencrypt-domain rachel businessofbrands.co.uk www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Top

youradds
Posts: 130
Joined: Tue Sep 01, 2015 10:16 am

Re: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
  • Quote

Post by youradds » Wed Apr 19, 2017 3:43 pm

SS88 wrote:

Code: Select all

v-add-letsencrypt-domain rachel businessofbrands.co.uk www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Thanks. That is what I tried (but I get an error when it tries to verify). I managed to get it going, but not sure what I did.

Cheers

Andy
Top

hdavis84
Posts: 13
Joined: Sat Apr 29, 2017 7:55 pm

Re: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
  • Quote

Post by hdavis84 » Fri Apr 06, 2018 4:18 pm

I was getting errors when trying to add letsencrypt ssl support to the domain of the hosting panel, too. I realized that I didn't have a CNAME for www and went to the DNS settings for the domain on DigitalOcean and created it. Then I successfully tried adding letsencrypt ssl support.

Make sure if you have anything in the alias section, when setting up your domain in VestaCP, that you have CNAME records for them.
Top


Post Reply
  • Print view

4 posts • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password