Welcome to Centmin Mod Community
Register Now

SSL acme.sh is using ZeroSSL as default CA now.

Discussion in 'Bug Reports' started by Matt Williams, Jun 15, 2021.

  1. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    1:35 AM
    latest
    10
    Is this new? Never seen this before...

    Code:
    [Tue Jun 15 13:24:20 UTC 2021] Using CA: https://acme.zerossl.com/v2/DV90
    [Tue Jun 15 13:24:20 UTC 2021] Create account key ok.
    [Tue Jun 15 13:24:20 UTC 2021] No EAB credentials found for ZeroSSL, let's get one
    [Tue Jun 15 13:24:20 UTC 2021] acme.sh is using ZeroSSL as default CA now.
    [Tue Jun 15 13:24:20 UTC 2021] Please update your account with an email address first.
    [Tue Jun 15 13:24:20 UTC 2021] acme.sh --register-account -m my@example.com
    [Tue Jun 15 13:24:20 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
    [Tue Jun 15 13:24:20 UTC 2021] Please check log file for more details: /root/centminlogs/acmetool.sh-                                            debug-log-150621-132410.log
    
    So I ran...

    Code:
    /usr/local/src/centminmod/addons/acmetool.sh  --register-account  -m myemail@mydomain.com --server zerossl
    and it just brought up the acmetool usage commands.

    Looks like you have to register an account 1st then run the acmetool?

    acmesh-official/acme.sh

    I was setting up a new WP site with menu option 22 when I hit this snag..

     
    Last edited: Jun 15, 2021
  2. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    1:35 AM
    latest
    10
    Looks like I just needed to do an update to the acme tool with
    Code:
    /usr/local/src/centminmod/addons/acmetool.sh acmeupdate
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    How old is your Centmin Mod 123.09beta01 install and when was last time you ran cmupdate prior the update?

    I remember now The acme.sh will change default CA to ZeroSSL on August-1st 2021

    I added a 123.09beta01 for that though back in Jan 30, 2021 at Beta Branch - update addons/acmetool.sh 1.0.70 set default CA to letsencrypt in 123.09beta01

     
  4. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    @Matt Williams updated Centmin Mod 123.09beta01 addons/acmetool.sh to ensure defaults to using Letsencrypt CA provider instead of underlying acme.sh clients new ZeroSSL defaults - see Beta Branch - acmetool.sh 1.0.74 (and previous update at Beta Branch - update addons/acmetool.sh 1.0.70 set default CA to letsencrypt in 123.09beta01). Though of course, if you haven't updated Centmin Mod 123.09beta01 after Jan 30, 2021 at least, you wouldn't have the fixes so would need to update.

    FYI, every time you run Centmin Mod Nginx creation routines for centmin.sh menu option 2, 22, or nv command it would also run addons/acmetool.sh acmeupdate before issuing SSL certificates, so should in theory grab the addons/acmetool.sh update fixes (though only if you also ran cmupdate first) and also set acme.sh to default to Letsencrypt CA instead of ZeroSSL - not sure why it didn't in your case.
     
    Last edited: Jun 18, 2021
  5. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    1:35 AM
    latest
    10
    It was literally a brand new install. I'm not sure either? When I ran the update it worked fine. I guess I'll run cmupdate for them all that's already created. I usually do this about once a week. I guess I should create a cron that does this automatically.

    Thank you @eva2000 for all your hard work.
     
  6. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Strange then, I'll have to test it again on my end to see.
     
  7. AHTOLLlKA

    AHTOLLlKA New Member

    22
    2
    3
    Dec 1, 2017
    Ratings:
    +6
    Local Time:
    8:35 AM
    just try it
    /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    and now 2, 22 menu options can get and work with Let's Encrypt
     
  8. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    @AHTOLLlKA centmin.sh menu option 2, 22 and nv all use addons/acmetool.sh to issue SSL certificates and should already set Letsencrypt as default CA (see below quote). But don't know why it didn't. Though added more updates from Beta Branch - acmetool.sh 1.0.74 too.

     
  9. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    1:35 AM
    latest
    10
    Still defaulting to ZeroSSL

    Code:
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for mywphubspot.com
    -----------------------------------------------------------
    testcert value = wplived
    wp routine detected use reissue instead via --force
    /root/.acme.sh/acme.sh --force --issue -d mydomain.com -d www.mydomain.com --days 60 -w /home/nginx/domains/mywphubspot.com/public -k 2048 --useragent centmin  mod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-240621-022542.log --log-level 2
    [Thu Jun 24 02:25:47 UTC 2021] Using CA: https://acme.zerossl.com/v2/DV90
    [Thu Jun 24 02:25:47 UTC 2021] Create account key ok.
    [Thu Jun 24 02:25:48 UTC 2021] No EAB credentials found for ZeroSSL, let's get one
    [Thu Jun 24 02:25:48 UTC 2021] acme.sh is using ZeroSSL as default CA now.
    [Thu Jun 24 02:25:48 UTC 2021] Please update your account with an email address first.
    [Thu Jun 24 02:25:48 UTC 2021] acme.sh --register-account -m my@example.com
    [Thu Jun 24 02:25:48 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
    [Thu Jun 24 02:25:48 UTC 2021] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-240621-022542.log
    LECHECK = 1
    
    
    This was a fresh install using
    Code:
    yum -y update; curl -O https://centminmod.com/betainstaller74.sh && chmod 0700 betainstaller74.sh && bash betainstaller74.sh
    as the auto installer. Is there a newer one?

    Then I run:
    Code:
    [root@vps ~]# /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
    [Thu Jun 24 02:32:25 UTC 2021] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
    
    Then I run:
    Code:
    /usr/local/src/centminmod/addons/acmetool.sh reissue-only mydomain.com live
    And all works good again.
     
  10. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you were using centmin.sh menu option 22 ?

    To troubleshoot centmin.sh menu option 22 wordpress installation, you need to check the centmin.sh menu option 22 log located in /root/centminlogs at /root/centminlogs/centminmod_*_wordpress_addvhost.log based log where * is the centminmod version and date timestamp. Edit and mask any actual ftp username/password or wordpress usernames and logins before posting the log contents to Pastebin.com or Gists to share a sanitised version of the contents of the log.

    Example list /root/centminlogs files in date ascending order and grep for wordpress_addvhost.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep wordpress_addvhost.log
    

    example output returns log at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep wordpress_addvhost.log
    -rw-r--r--  1 root root 2.2M Oct 11 01:40 /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    

    in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log. Clear your SSH client window/buffer so only output is the contents of the file
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    

    Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents. But makes sure it's sanitised version of the contents without revealing sensitive info. For example you can replace domain name of the wordpress site with generic dummy entry = domain.com if you want and mask site/server IP revealed in the log with generic dummy entry = 111.222.333.444.
     
  11. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Found the bug and updated 123.09beta01 now so running cmupdate should fix it for existing installs and out of the box new installs should already have the fix
     
  12. Matt Williams

    Matt Williams WordPress Fanatic

    497
    96
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +143
    Local Time:
    1:35 AM
    latest
    10
    So you don't need me to do pastebin? It didn't have anything to do with the initial install of CMM, just when I ran Option 22 and when it went into creating the LE SSL
     
  13. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    No need for the centmin.sh menu option 22 run log file now. I found the bug and fixed it at Beta Branch - fix acmetools.sh acmeupdate command in 123.09beta01