LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
Hi,
This is driving me up the wall. I just can't work out what is going :/
Using the official certbot-auto, it works fine:
https://businessofbrands.co.uk/
But if I try and use:
I really don't get why everything wont work APART from certbot-auto (which shows that the server must be setup correctly, otherwise even that wouldn't work)
I'd really appreciate some help on this. Currently I had to do a *really* messy work around:
1) Enable SSL with a self-signed (to make it work)
2) Then edit the .conf file, so it points to the LetsEncrypt generated certs
3) Reboot ngninx
The problem with that, is that because I've changed the ssl_certificate / ssl_certificate_key values to another folder (/etc/letsencrypt/live/www.businessofbrands.co.uk-0001), it doesn't seem to think SSL is enabled on the site now :(
I guess I could setup a symlink to the files, but it just seems very very messy
Has anyone else had this issue? Its the latest VestaCP (installed a few days ago), along with nginx.
Thanks!
Andy
This is driving me up the wall. I just can't work out what is going :/
Using the official certbot-auto, it works fine:
Code: Select all
certbot-auto certonly -a webroot --webroot-path=/home/rachel/web/businessofbrands.co.uk/public_html -d http://www.businessofbrands.co.uk -d cdn.businessofbrands.co.uk -d businessofbrands.co.ukBut if I try and use:
letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
or the GUI, I get "invalid response" errors. Here is one of those such errors:letsencrypt-vesta rachel businessofbrands.co.uk
Code: Select all
root@com:/usr/local/certbot# ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for businessofbrands.co.uk
http-01 challenge for www.businessofbrands.co.uk
http-01 challenge for cdn.businessofbrands.co.uk
http-01 challenge for mail.businessofbrands.co.uk
Using the webroot path /home/rachel/web/businessofbrands.co.uk/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /home/rachel/web/businessofbrands.co.uk/public_html/.well-known/acme-challenge
Failed authorization procedure. mail.businessofbrands.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.businessofbrands.co.uk
Type: unauthorized
Detail: Invalid response from
http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I really don't get why everything wont work APART from certbot-auto (which shows that the server must be setup correctly, otherwise even that wouldn't work)
I'd really appreciate some help on this. Currently I had to do a *really* messy work around:
1) Enable SSL with a self-signed (to make it work)
2) Then edit the .conf file, so it points to the LetsEncrypt generated certs
3) Reboot ngninx
The problem with that, is that because I've changed the ssl_certificate / ssl_certificate_key values to another folder (/etc/letsencrypt/live/www.businessofbrands.co.uk-0001), it doesn't seem to think SSL is enabled on the site now :(
I guess I could setup a symlink to the files, but it just seems very very messy
Has anyone else had this issue? Its the latest VestaCP (installed a few days ago), along with nginx.
Thanks!
Andy
Re: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
Code: Select all
v-add-letsencrypt-domain rachel businessofbrands.co.uk www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.ukRe: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
Thanks. That is what I tried (but I get an error when it tries to verify). I managed to get it going, but not sure what I did.SS88 wrote:Code: Select all
v-add-letsencrypt-domain rachel businessofbrands.co.uk www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Cheers
Andy
Re: LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
I was getting errors when trying to add letsencrypt ssl support to the domain of the hosting panel, too. I realized that I didn't have a CNAME for www and went to the DNS settings for the domain on DigitalOcean and created it. Then I successfully tried adding letsencrypt ssl support.
Make sure if you have anything in the alias section, when setting up your domain in VestaCP, that you have CNAME records for them.
Make sure if you have anything in the alias section, when setting up your domain in VestaCP, that you have CNAME records for them.