Page 1 of 2

Let's Encrypt: validation error and web interface issue

Posted: Sun Nov 27, 2016 9:52 pm
by snakehill
I have just switched from using interbrite's letsencrypt-vesta to the newly integrated Let's Encrypt system.

Quite a tedious process, going through all domains manually, deselecting SSL Support, saving it (required to not get a "not found" error), then selecting SSL Support and Lets Encrypt support and saving it again. However, all SSLs have been converted and are working fine.. except for one single domain which upon saving gives the following error: "Error: LE x.y.com validation" (where x.y is subdomain.domain). It is running just fine with the DNS set just like any other domain, and it used to work well with Let's Encrypt via interbrite's letencrypt-vesta so something must be wrong here:

Image


Also, default.domain, which contains a self-signed SSL (basically just a catch-all in case someone connects through https to the server's IP address or a wrong subdomain), shows SSL Support: Lets Encrypt, without Lets Encrypt Support even being checked (this wouldn't even be possible given I don't own the actual domain). I even tried to reset the SSL, deleting it and putting it back in, but the mistake persists:

Image

Image

Re: Let's Encrypt: validation error and web interface issue

Posted: Mon Nov 28, 2016 8:45 pm
by Spheerys
I have this error too for a lot of web domain.
As I have generated several certificates the same day (maybe 30), I have supposed it was a limit from Let's Encrypt.
But I have tested again today and I still have this error.

Is it a limit or is it a bug ?

Re: Let's Encrypt: validation error and web interface issue

Posted: Mon Nov 28, 2016 9:05 pm
by Spheerys
ohoh... on some other domains, I get this error : "Error code: 2"

What's wrong ?

Re: Let's Encrypt: validation error and web interface issue

Posted: Mon Nov 28, 2016 9:46 pm
by snakehill
It might actually be a rate limit, given Let's Encrypt allows 20 certificates per domain (that is per main domain, so including all subdomains). It would be really nice if we could group domains and request a certificate for multiple ones. Let's Encrypt allows 100 names per certificate for that exact reason. https://letsencrypt.org/docs/rate-limits/

Re: Let's Encrypt: validation error and web interface issue

Posted: Thu Dec 08, 2016 7:04 pm
by delebash
Ubuntu 16.04 x32

Similar problem as OP. Mine only fails on www alias of a particular domain.

This also used to work via the interbrite/letsencrypt-vesta script. The main domain as well as any other aliases such as test.domain.com work fine, just not www for that domain.

Vesta's error.log
2016-12-08 13:36:47 v-sign-letsencrypt-csr 'user' 'domain.com' '/tmp/tmp.ETgRqfa4Wc' [Error 8]
2016-12-08 13:36:47 v-add-letsencrypt-domain 'user' 'domain.com' 'www.domain.com' 'no' [Error 2]

Note:
I can also do a --dry-run via Let's Encrypt standard procedure and the certificate with alias works fine. Below is Let's Encrypt command.

Code: Select all

./certbot-auto certonly --dry-run --webroot -w /home/user/web/domain.com/public_html -d domain.com -d www.domain.com

Re: Let's Encrypt: validation error and web interface issue

Posted: Thu Dec 08, 2016 7:43 pm
by Spheerys
I have posted two messages on the suject on another topic : viewtopic.php?f=11&t=13203#p53900

Re: Let's Encrypt: validation error and web interface issue

Posted: Mon Dec 12, 2016 8:40 pm
by Myself5
I am getting the same error. However for me it seems to be a bit different.
I only get the validation error on any subdomain of a specific domain (already having 9 subdomains and the main domain running on SSL). So, every entry >10 for the domain is getting the LE validation error.
I then went on and created a .tk domain. That is working fine too. I can flawlessly create further SSL certificates for it.

Gonna see now of the 10+ issue is appearing on the tk domain too, then we'd ad least have a hint about what could be wrong.

I also tried reinstalling the whole server before, even swapping from CentOS 7 to Debian 8 (both 64bit). The Error still persists.

Re: Let's Encrypt: validation error and web interface issue

Posted: Tue Dec 13, 2016 10:34 pm
by Spheerys
I thing a have the beginning of an issue : viewtopic.php?f=11&t=13203&p=54368#p54368

Re: Let's Encrypt: validation error and web interface issue

Posted: Fri Dec 16, 2016 11:27 am
by Myself5
Spheerys wrote:I thing a have the beginning of an issue : viewtopic.php?f=11&t=13203&p=54368#p54368
That would make sense. I later on tried registering a subdomain of the domain that fails on a different VestaCP Server, and it failed for the same reason.

Though, I just tried again and its still failing for the same reason.
Guess I should wait some longer and see if the issues solves on its "own", like it did for you.

Re: Let's Encrypt: validation error and web interface issue

Posted: Fri Dec 16, 2016 7:32 pm
by DESSAR_SEGA
на 17 версии при создании домена, не удалять Алиасы. подождать 5 минут. обновляем страницу. редактировать домен - наличие заполенных полей сертификата. сохраняем. профит.

по крайней мере у меня так работает.

еще редактировал. /usr/local/vesta/bin/v-add-letsencrypt-domain
70 строку

Code: Select all

check_result $E_INVALID "LE domain validation" >/dev/null
на

Code: Select all

check_result "$E_INVALID" "LE domain validation" >/dev/null
хотя не уверен что в этом причина.