Learn about Centmin Mod LEMP Stack today
Become a Member

SSL ACME SSL error on install

Discussion in 'Bug Reports' started by joshuah, Apr 25, 2017.

  1. joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    9:10 PM
    • Centmin Mod Version Installed: 123.09beta01
    I am trying to install wordpress using option 22 and I got an error to check the logs.. so I did and this is what is going outputted?

    Code:
    tailf /root/centminlogs/acmetool.sh-debug-log-250417-130130.log
    Boulder-Requester: 13292929
    Replay-Nonce: F2JCo1_5kkeGLzeHNNazMDZ9bvgDjxfZNE_VmUh6YD8
    Expires: Tue, 25 Apr 2017 13:01:59 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 25 Apr 2017 13:01:59 GMT
    Connection: close
    '
    [Tue Apr 25 13:01:59 UTC 2017] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: response does not complete challenge","status": 400}'
    [Tue Apr 25 13:01:59 UTC 2017] code='400'


     
  2. eva2000

    eva2000 Administrator Staff Member

    53,247
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    9:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    Without the answers to above questions and logs, there is nothing to help troubleshoot.