LetsEncrypt not working from GUI, CLI, or even letsencrypt-auto
Posted: Thu Apr 13, 2017 9:54 am
Hi,
This is driving me up the wall. I just can't work out what is going :/
Using the official certbot-auto, it works fine:
https://businessofbrands.co.uk/
But if I try and use:
I really don't get why everything wont work APART from certbot-auto (which shows that the server must be setup correctly, otherwise even that wouldn't work)
I'd really appreciate some help on this. Currently I had to do a *really* messy work around:
1) Enable SSL with a self-signed (to make it work)
2) Then edit the .conf file, so it points to the LetsEncrypt generated certs
3) Reboot ngninx
The problem with that, is that because I've changed the ssl_certificate / ssl_certificate_key values to another folder (/etc/letsencrypt/live/www.businessofbrands.co.uk-0001), it doesn't seem to think SSL is enabled on the site now :(
I guess I could setup a symlink to the files, but it just seems very very messy
Has anyone else had this issue? Its the latest VestaCP (installed a few days ago), along with nginx.
Thanks!
Andy
This is driving me up the wall. I just can't work out what is going :/
Using the official certbot-auto, it works fine:
Code: Select all
certbot-auto certonly -a webroot --webroot-path=/home/rachel/web/businessofbrands.co.uk/public_html -d http://www.businessofbrands.co.uk -d cdn.businessofbrands.co.uk -d businessofbrands.co.uk
But if I try and use:
letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
or the GUI, I get "invalid response" errors. Here is one of those such errors:letsencrypt-vesta rachel businessofbrands.co.uk
Code: Select all
root@com:/usr/local/certbot# ./letsencrypt-auto certonly --renew-by-default --webroot -w /home/rachel/web/businessofbrands.co.uk/public_html/ -d businessofbrands.co.uk,www.businessofbrands.co.uk,cdn.businessofbrands.co.uk,mail.businessofbrands.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for businessofbrands.co.uk
http-01 challenge for www.businessofbrands.co.uk
http-01 challenge for cdn.businessofbrands.co.uk
http-01 challenge for mail.businessofbrands.co.uk
Using the webroot path /home/rachel/web/businessofbrands.co.uk/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /home/rachel/web/businessofbrands.co.uk/public_html/.well-known/acme-challenge
Failed authorization procedure. mail.businessofbrands.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.businessofbrands.co.uk
Type: unauthorized
Detail: Invalid response from
http://mail.businessofbrands.co.uk/.well-known/acme-challenge/FLZ47EMuY9JGQEK6kF4tm-dumgpTg3IlJvsjYEdTnDg:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I really don't get why everything wont work APART from certbot-auto (which shows that the server must be setup correctly, otherwise even that wouldn't work)
I'd really appreciate some help on this. Currently I had to do a *really* messy work around:
1) Enable SSL with a self-signed (to make it work)
2) Then edit the .conf file, so it points to the LetsEncrypt generated certs
3) Reboot ngninx
The problem with that, is that because I've changed the ssl_certificate / ssl_certificate_key values to another folder (/etc/letsencrypt/live/www.businessofbrands.co.uk-0001), it doesn't seem to think SSL is enabled on the site now :(
I guess I could setup a symlink to the files, but it just seems very very messy
Has anyone else had this issue? Its the latest VestaCP (installed a few days ago), along with nginx.
Thanks!
Andy