Learn about Centmin Mod LEMP Stack today
Register Now

Letsencrypt DLG_FLAGS_INVALID_CA

Discussion in 'Domains, DNS, Email & SSL Certificates' started by iekamburoglu, May 2, 2018.

  1. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    7:32 AM
    1.17.10
    Hello, I have a problem

    This site can’t provide a secure connection
    https://cilalitas.com


    i make it from 22th option what could be wrong?
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,406
    10,302
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,980
    Local Time:
    2:32 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    To troubleshoot centmin.sh menu option 22 wordpress installation, you need to check the centmin.sh menu option 22 log located in /root/centminlogs at /root/centminlogs/centminmod_*_wordpress_addvhost.log based log where * is the centminmod version and date timestamp. Edit and mask any actual ftp username/password or wordpress usernames and logins before posting the log contents to Pastebin.com or Gists to share a sanitised version of the contents of the log.

    Example list /root/centminlogs files in date ascending order and grep for wordpress_addvhost.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep wordpress_addvhost.log
    

    example output returns log at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep wordpress_addvhost.log
    -rw-r--r--  1 root root 2.2M Oct 11 01:40 /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    

    in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log. Clear your SSH client window/buffer so only output is the contents of the file
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_wordpress_addvhost.log
    

    Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents. But makes sure it's sanitised version of the contents without revealing sensitive info. For example you can replace domain name of the wordpress site with generic dummy entry = domain.com if you want and mask site/server IP revealed in the log with generic dummy entry = 111.222.333.444.

    As to ssl cert
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost
     
  3. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    7:32 AM
    1.17.10
    Hello again,

    There is my pastebin

    Thank you.
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,406
    10,302
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,980
    Local Time:
    2:32 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    I see you're problem you only used self-signed SSL certificate when you created nginx vhost, to enable letsencrypt ssl cert options to display on centmin.sh menu option 22, read info at for details addons/acmetool.sh paying attention to enabling LETSENCRYPT_DETECT='y' too.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,406
    10,302
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,980
    Local Time:
    2:32 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Quick example at Install - Quick Centmin Mod Install + Nginx Vhost Site + MySQL Database Setup - just instead of centmin.sh menu option 2 use option 22 after enabling LETSENCRYPT_DETECT='y'

    If you wordpress site you created via centmin.sh menu option 22 has no real data, you can delete it and uninstall it and re-try centmin.sh menu option 22 runs.

    Every centmin.sh menu option 22 run has an accompanying uninstall script at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} = your domain name. You can run that to uninstall almost everything except mysql database which you have to manually remove yourself - extra precaution in case you accidentally run the worng uninstall script.
     
  6. iekamburoglu

    iekamburoglu New Member

    10
    1
    3
    Apr 27, 2018
    Turkey
    Ratings:
    +1
    Local Time:
    7:32 AM
    1.17.10
    Thank you,

    I have installed last beta then created via acmetool