Join the community today
Register Now

Letsencrypt SSL Error getting validation data [LetsEncrypt / acmetool.ssh]

Discussion in 'Domains, DNS, Email & SSL Certificates' started by cr0, Aug 25, 2017.

  1. cr0

    cr0 Member

    37
    2
    8
    Aug 21, 2017
    Ratings:
    +2
    Local Time:
    10:58 PM
    Thank you for this amazing community!
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.4
    • PHP Version Installed: 7.1.8
    • MariaDB MySQL Version Installed: 10.1.26
    • When was last time updated Centmin Mod code base ? : fresh install
    • Persistent Config:
      LETSENCRYPT_DETECT='y'
    I'm using the following guide to install LetsEncrypt to use with WordPress (by the way, there's a new version of acmetool that can't be updated from centmin panel) : Using Centmin Mod acmetool.sh addon for Nginx HTTP/2 based HTTPS with free Letsencrypt SSL certificates

    Maybe it's because of CloudFlare? If so, how can I setup it together?
    Just disable CloudFlare during verification process and enabling it later because of DNS?

    But after reading this, it seems like an easy setup that doesn't require any of that: How to Validate a Let’s Encrypt Certificate on a Site Already Active on Cloudflare

    Here're the logs:
    [Fri Aug 25 01:23:23 UTC 2017] domainname.co:Verify error:Fetching https://domainname.co/.well-known/acme-challenge/zC9jK-lyhJI9f5CQ-KIU3Ke-9H9NQ-k5taYTtKfYP_A: Error getting validation data
    [Fri Aug 25 01:23:23 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-250817-012312.log
    LECHECK = 1


    Code:
    Fri Aug 25 01:23:17 UTC 2017] Lets find script dir.
    [Fri Aug 25 01:23:17 UTC 2017] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Fri Aug 25 01:23:17 UTC 2017] _script='/root/.acme.sh/acme.sh'
    [Fri Aug 25 01:23:17 UTC 2017] _script_home='/root/.acme.sh'
    [Fri Aug 25 01:23:17 UTC 2017] Using config home:/root/.acme.sh
    [Fri Aug 25 01:23:17 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
    [Fri Aug 25 01:23:17 UTC 2017] Using config home:/root/.acme.sh
    [Fri Aug 25 01:23:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Fri Aug 25 01:23:17 UTC 2017] DOMAIN_PATH='/root/.acme.sh/domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
    [Fri Aug 25 01:23:17 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
    [Fri Aug 25 01:23:17 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
    [Fri Aug 25 01:23:17 UTC 2017] Le_NextRenewTime
    [Fri Aug 25 01:23:17 UTC 2017] _on_before_issue
    [Fri Aug 25 01:23:17 UTC 2017] '/home/nginx/domains/domainname.co/public' does not contain 'no'
    [Fri Aug 25 01:23:17 UTC 2017] Le_LocalAddress
    [Fri Aug 25 01:23:17 UTC 2017] Check for domain='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _currentRoot='/home/nginx/domains/domainname.co/public'
    [Fri Aug 25 01:23:17 UTC 2017] Check for domain='www.domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _currentRoot='/home/nginx/domains/domainname.co/public'
    [Fri Aug 25 01:23:17 UTC 2017] '/home/nginx/domains/domainname.co/public' does not contain 'apache'
    [Fri Aug 25 01:23:17 UTC 2017] _saved_account_key_hash='KLksVXpcEK10OWKo0BDiT7/k06f7KYwj2Qik71rj/uk='
    [Fri Aug 25 01:23:17 UTC 2017] _saved_account_key_hash is not changed, skip register account.
    [Fri Aug 25 01:23:17 UTC 2017] Read key length:2048
    [Fri Aug 25 01:23:17 UTC 2017] _createcsr
    [Fri Aug 25 01:23:17 UTC 2017] domain='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] domainlist='www.domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] csrkey='/root/.acme.sh/domainname.co/domainname.co.key'
    [Fri Aug 25 01:23:17 UTC 2017] csr='/root/.acme.sh/domainname.co/domainname.co.csr'
    [Fri Aug 25 01:23:17 UTC 2017] csrconf='/root/.acme.sh/domainname.co/domainname.co.csr.conf'
    [Fri Aug 25 01:23:17 UTC 2017] _is_idn_d='www.domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _idn_temp
    [Fri Aug 25 01:23:17 UTC 2017] domainlist='www.domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] Multi domain='DNS:www.domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _is_idn_d='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _idn_temp
    [Fri Aug 25 01:23:17 UTC 2017] _csr_cn='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] Getting domain auth token for each domain
    [Fri Aug 25 01:23:17 UTC 2017] Getting webroot for domain='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _w='/home/nginx/domains/domainname.co/public'
    [Fri Aug 25 01:23:17 UTC 2017] _currentRoot='/home/nginx/domains/domainname.co/public'
    [Fri Aug 25 01:23:17 UTC 2017] Getting new-authz for domain='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
    [Fri Aug 25 01:23:17 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
    [Fri Aug 25 01:23:17 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
    [Fri Aug 25 01:23:17 UTC 2017] Try new-authz for the 0 time.
    [Fri Aug 25 01:23:17 UTC 2017] _is_idn_d='domainname.co'
    [Fri Aug 25 01:23:17 UTC 2017] _idn_temp
    [Fri Aug 25 01:23:17 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
    [Fri Aug 25 01:23:17 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "domainname.co"}}'
    [Fri Aug 25 01:23:17 UTC 2017] RSA key
    [Fri Aug 25 01:23:17 UTC 2017] _URGLY_PRINTF
    
    THANK YOU once again for your time! YOU'RE AMAZING.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,631
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    7:58 AM
    Nginx 1.13.x
    MariaDB 5.5
    just fixed that thanks

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    wrap output in CODE tags
     
    • Like Like x 1
  3. cr0

    cr0 Member

    37
    2
    8
    Aug 21, 2017
    Ratings:
    +2
    Local Time:
    10:58 PM
    Glad it helped you! Ehh I tried that but there's nothing in there (system tries to create a new file).

    The setup was made through option 22 wordpress

    Here's the log when I try to use

    .local/share/letsencrypt/bin/letsencrypt certonly --webroot --webroot-path /home/nginx/domains/domainname.co/public --renew-by-default --email domainname@gmail.com --text --agree-tos -d domainname.co -d www.domainname.co

    Log:

    Code:
    Failed authorization procedure. domainname.co (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://domainname.co/.well-known/acme-challenge/yOg3r62q6fvfz1mo59QGI2dQC-uAH6901BbxDjctOgc: Error getting validation data, www.domainname.co (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://domainname.co/.well-known/acme-challenge/x1Q5XXiuOiDXVBmjHDnmJ9N_kEAzEsXp5QxChmDLXqY: Error getting validation data
    
    IMPORTANT NOTES:
     - The following errors were reported by the server:
    
       Domain: domainname.co
       Type:   connection
       Detail: Fetching
       https://domainname.co/.well-known/acme-challenge/yOg3r62q6fvfz1mo59QGI2dQC-uAH6901BbxDjctOgc:
       Error getting validation data
    
       Domain: www.domainname.co
       Type:   connection
       Detail: Fetching
       https://domainname.co/.well-known/acme-challenge/x1Q5XXiuOiDXVBmjHDnmJ9N_kEAzEsXp5QxChmDLXqY:
       Error getting validation data
    
       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A/AAAA record(s) for that domain
       contain(s) the right IP address. Additionally, please check that
       your computer has a publicly routable IP address and that no
       firewalls are preventing the server from communicating with the
       client. If you're using the webroot plugin, you should also verify
       that you are serving files from the webroot path you provided.
     - Your account credentials have been saved in your Certbot
       configuration directory at /etc/letsencrypt. You should make a
       secure backup of this folder now. This configuration directory will
       also contain certificates and private keys obtained by Certbot so
       making regular backups of this folder is ideal.

    Thank you!
     
    Last edited: Aug 25, 2017
  4. eva2000

    eva2000 Administrator Staff Member

    30,631
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,308
    Local Time:
    7:58 AM
    Nginx 1.13.x
    MariaDB 5.5
    i mean fixed the acmetool.sh new version check prompt just centmin.sh menu option 23 submenu option 22 will update addons/acmetool.sh to report correct version

    Centmin Mod doesn't use letsencrypt client at all, it uses acme.sh client called via addons/acmetool.sh

    so need post #2 requested vhost contents to make sure you have the centmin mod setup whitelisting for .well-known direcory for letsencrypt validation which is included in centmin mod generated nginx vhost's staticfiles.conf include file
    Code (Text):
    include /usr/local/nginx/conf/staticfiles.conf;
    

    very top of staticfiles.conf include has
    Code (Text):
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    


    also make sure domain.com and www version has DNS A record pointing to server IPs
     
    Last edited: Aug 25, 2017