Learn about Centmin Mod LEMP Stack today
Register Now

Letsencrypt Error renewing hostname certificate

Discussion in 'Add Ons' started by Mr. Jinx, Dec 31, 2021.

  1. Mr. Jinx

    Mr. Jinx New Member

    29
    8
    3
    Apr 18, 2021
    Ratings:
    +15
    Local Time:
    9:54 AM
    • CentOS Version: CentOS 7 64bit ?
    • Centmin Mod Version Installed: 123.09beta01
    I'm trying to renew a letsencrypt certificate for my hostname, but it keeps failing.
    From the error log, I can see what is going on, but I don't know how to resolve it.

    The html root for hostname is in /home/nginx/html.
    However, the acme tool is putting the challenge in /home/nginx/domains/hostname.
    So my guess would be that acme tool should also be using /home/nginx/html ?


    virtual.conf:
    Code:
    server {
      listen 443 ssl http2 default_server backlog=4095 reuseport;
      listen [::]:443 ssl http2 default_server backlog=4095 ipv6only=on reuseport;
      server_name hostname;
    
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
      ssl_prefer_server_ciphers on;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
      access_log /var/log/nginx/localhost.access.log main_ext buffer=256k flush=5m;
      error_log /var/log/nginx/localhost.error.log warn;
    
      root html;
    
      location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
            }
    
      ### PhpMyAdmin start ###
      keepalive_timeout  3000;
      client_body_buffer_size 256k;
      client_body_timeout 3000s;
      client_header_buffer_size 256k;
      client_header_timeout  60s;
      client_max_body_size 512m;
      connection_pool_size  512;
      directio  512m;
      ignore_invalid_headers on;
      large_client_header_buffers 8 256k;
    
      location ^~ /xxx_mysqladminxxx/ {
            #try_files $uri $uri/ /xxx_mysqladmin1xxx/index.php?$args;
            include /usr/local/nginx/conf/php_xxx_mysqladminxxx.conf;
    
            #auth_basic      "Private Access";
            #auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
            allow xxx;
            deny all;
      }
      ### PhpMyAdmin end ###
    
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
      include /usr/local/nginx/conf/ssl/hostname/hostname.crt.key.conf;
    }
    
    
     
  2. eva2000

    eva2000 Administrator Staff Member

    47,837
    10,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,947
    Local Time:
    6:54 PM
    Nginx 1.21.x
    MariaDB 10.x
    Centmin Mod doesn't really support out of box main hostname HTTPS Letsencrypt unless you did it manually? If you did it manually, then you may need to manually renew. How did you first setup the Letencrypt SSL certificate for the main hostname Nginx vhost?

    As per Centmin Mod Configuration Files - CentminMod.com LEMP Nginx web stack for CentOS, main hostname Nginx vhost's web root is at /usr/local/nginx/html.
     
  3. Mr. Jinx

    Mr. Jinx New Member

    29
    8
    3
    Apr 18, 2021
    Ratings:
    +15
    Local Time:
    9:54 AM