Let's Encrypt: validation error and web interface issue
Let's Encrypt: validation error and web interface issue
I have just switched from using interbrite's letsencrypt-vesta to the newly integrated Let's Encrypt system.
Quite a tedious process, going through all domains manually, deselecting SSL Support, saving it (required to not get a "not found" error), then selecting SSL Support and Lets Encrypt support and saving it again. However, all SSLs have been converted and are working fine.. except for one single domain which upon saving gives the following error: "Error: LE x.y.com validation" (where x.y is subdomain.domain). It is running just fine with the DNS set just like any other domain, and it used to work well with Let's Encrypt via interbrite's letencrypt-vesta so something must be wrong here:
Also, default.domain, which contains a self-signed SSL (basically just a catch-all in case someone connects through https to the server's IP address or a wrong subdomain), shows SSL Support: Lets Encrypt, without Lets Encrypt Support even being checked (this wouldn't even be possible given I don't own the actual domain). I even tried to reset the SSL, deleting it and putting it back in, but the mistake persists:
Quite a tedious process, going through all domains manually, deselecting SSL Support, saving it (required to not get a "not found" error), then selecting SSL Support and Lets Encrypt support and saving it again. However, all SSLs have been converted and are working fine.. except for one single domain which upon saving gives the following error: "Error: LE x.y.com validation" (where x.y is subdomain.domain). It is running just fine with the DNS set just like any other domain, and it used to work well with Let's Encrypt via interbrite's letencrypt-vesta so something must be wrong here:
Also, default.domain, which contains a self-signed SSL (basically just a catch-all in case someone connects through https to the server's IP address or a wrong subdomain), shows SSL Support: Lets Encrypt, without Lets Encrypt Support even being checked (this wouldn't even be possible given I don't own the actual domain). I even tried to reset the SSL, deleting it and putting it back in, but the mistake persists:
Re: Let's Encrypt: validation error and web interface issue
I have this error too for a lot of web domain.
As I have generated several certificates the same day (maybe 30), I have supposed it was a limit from Let's Encrypt.
But I have tested again today and I still have this error.
Is it a limit or is it a bug ?
As I have generated several certificates the same day (maybe 30), I have supposed it was a limit from Let's Encrypt.
But I have tested again today and I still have this error.
Is it a limit or is it a bug ?
Re: Let's Encrypt: validation error and web interface issue
ohoh... on some other domains, I get this error : "Error code: 2"
What's wrong ?
What's wrong ?
Re: Let's Encrypt: validation error and web interface issue
It might actually be a rate limit, given Let's Encrypt allows 20 certificates per domain (that is per main domain, so including all subdomains). It would be really nice if we could group domains and request a certificate for multiple ones. Let's Encrypt allows 100 names per certificate for that exact reason. https://letsencrypt.org/docs/rate-limits/
Re: Let's Encrypt: validation error and web interface issue
Ubuntu 16.04 x32
Similar problem as OP. Mine only fails on www alias of a particular domain.
This also used to work via the interbrite/letsencrypt-vesta script. The main domain as well as any other aliases such as test.domain.com work fine, just not www for that domain.
Vesta's error.log
2016-12-08 13:36:47 v-sign-letsencrypt-csr 'user' 'domain.com' '/tmp/tmp.ETgRqfa4Wc' [Error 8]
2016-12-08 13:36:47 v-add-letsencrypt-domain 'user' 'domain.com' 'www.domain.com' 'no' [Error 2]
Note:
I can also do a --dry-run via Let's Encrypt standard procedure and the certificate with alias works fine. Below is Let's Encrypt command.
Similar problem as OP. Mine only fails on www alias of a particular domain.
This also used to work via the interbrite/letsencrypt-vesta script. The main domain as well as any other aliases such as test.domain.com work fine, just not www for that domain.
Vesta's error.log
2016-12-08 13:36:47 v-sign-letsencrypt-csr 'user' 'domain.com' '/tmp/tmp.ETgRqfa4Wc' [Error 8]
2016-12-08 13:36:47 v-add-letsencrypt-domain 'user' 'domain.com' 'www.domain.com' 'no' [Error 2]
Note:
I can also do a --dry-run via Let's Encrypt standard procedure and the certificate with alias works fine. Below is Let's Encrypt command.
Code: Select all
./certbot-auto certonly --dry-run --webroot -w /home/user/web/domain.com/public_html -d domain.com -d www.domain.comRe: Let's Encrypt: validation error and web interface issue
I have posted two messages on the suject on another topic : viewtopic.php?f=11&t=13203#p53900
Re: Let's Encrypt: validation error and web interface issue
I am getting the same error. However for me it seems to be a bit different.
I only get the validation error on any subdomain of a specific domain (already having 9 subdomains and the main domain running on SSL). So, every entry >10 for the domain is getting the LE validation error.
I then went on and created a .tk domain. That is working fine too. I can flawlessly create further SSL certificates for it.
Gonna see now of the 10+ issue is appearing on the tk domain too, then we'd ad least have a hint about what could be wrong.
I also tried reinstalling the whole server before, even swapping from CentOS 7 to Debian 8 (both 64bit). The Error still persists.
I only get the validation error on any subdomain of a specific domain (already having 9 subdomains and the main domain running on SSL). So, every entry >10 for the domain is getting the LE validation error.
I then went on and created a .tk domain. That is working fine too. I can flawlessly create further SSL certificates for it.
Gonna see now of the 10+ issue is appearing on the tk domain too, then we'd ad least have a hint about what could be wrong.
I also tried reinstalling the whole server before, even swapping from CentOS 7 to Debian 8 (both 64bit). The Error still persists.
Re: Let's Encrypt: validation error and web interface issue
I thing a have the beginning of an issue : viewtopic.php?f=11&t=13203&p=54368#p54368
Re: Let's Encrypt: validation error and web interface issue
That would make sense. I later on tried registering a subdomain of the domain that fails on a different VestaCP Server, and it failed for the same reason.Spheerys wrote:I thing a have the beginning of an issue : viewtopic.php?f=11&t=13203&p=54368#p54368
Though, I just tried again and its still failing for the same reason.
Guess I should wait some longer and see if the issues solves on its "own", like it did for you.
-
DESSAR_SEGA
- Posts: 16
- Joined: Sun Oct 02, 2016 10:48 am
- Contact:
- Os: Ubuntu 15x
- Web: apache + nginx
Re: Let's Encrypt: validation error and web interface issue
на 17 версии при создании домена, не удалять Алиасы. подождать 5 минут. обновляем страницу. редактировать домен - наличие заполенных полей сертификата. сохраняем. профит.
по крайней мере у меня так работает.
еще редактировал. /usr/local/vesta/bin/v-add-letsencrypt-domain
70 строку
на
хотя не уверен что в этом причина.
по крайней мере у меня так работает.
еще редактировал. /usr/local/vesta/bin/v-add-letsencrypt-domain
70 строку
Code: Select all
check_result $E_INVALID "LE domain validation" >/dev/nullCode: Select all
check_result "$E_INVALID" "LE domain validation" >/dev/null