Want to subscribe to topics you're interested in?
Become a Member

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    but if I search on it using

    Code (Text):
    https://crt.sh/?q=peristal.xyz


    and the other domain also, both already have a record
     
  2. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    ok nvm I'm just nitpicking at this point :D
     
  3. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah i don't exactly when the record gets added. Just from what i seen on average ~1hr later
     
  4. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    thanks George
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  6. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Just a heads up the next few acmetool.sh releases might be more buggier than usual as i am trying out a new ssl vhost layout. For example with newdomain1.com. The new layout moves these 4 lines out of newdomain1.com.ssl.conf vhost file into their own include file
    Code (Text):
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain1.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain1.com/newdomain1.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain1.com/newdomain1.com.key;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain1.com/newdomain1.com-trusted.crt;
    

    They'll get moved out to include file at /usr/local/nginx/conf/ssl/${vhostname}/${vhostname}.crt.key.conf which will sit above existing ssl_include.conf file in newdomain1.com.ssl.conf
    Code (Text):
    include /usr/local/nginx/conf/ssl/newdomain1.com/newdomain1.com.crt.key.conf;
    include /usr/local/nginx/conf/ssl_include.conf;

    This is in an attempt to make acmetool.sh work better for subsequent/repeat runs of acmetool.sh where folks go from staging test letsencrypt ssl certs to live letencrypt ssl certs. As currently, acmetool.sh resets and wipes the entire newdomain1.com.ssl.conf for re-runs so you loose previous custom nginx rules in your newdomain1.com.ssl.conf.
     
    Last edited: Oct 1, 2016
    • Winner Winner x 1
  7. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    does this "--installcronjob" command work with the current acmetool.sh? and this will automatically renew existing certs 30 days before expiry by adding something in cron?
     
  8. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Read first 2 posts of this thread regarding auto renewal cron and beta test phase expiry vs stable planned expiry's renewal period
     
  9. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    I get this

    Code (Text):
    # nginx -t
    nginx: [emerg] SSL_CTX_load_verify_locations("/usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt', 'r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed


    debug log - [Apache Log] debug log - Pastebin.com

    acme reissue - [Apache Log] acme reissue - Pastebin.com

    domain.com.ssl.conf - [autoconf] # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarte - Pastebin.com

    [​IMG]
     
  10. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    sounds like you ran acmetool.sh multiple times on a wordpress domain site.. that would probably cause problems.. especially if you did centmin.sh menu option 22 then did force https via acmetool.sh. I have to figure out how to prevent repeated acmetool.sh runs across different types of vhost setups as I can't account for all combinations folks try right now.

    can you run down the commands or steps you made and the order you made them in

    edit: fyi the changes i outlined here only apply to acmetool.sh directly created https vhosts for centmin.sh menu option 2 or nv command. The changes haven't been made fully to centmin.sh menu option 22 which uses old vhost structure but is only converted once to new structure during option 22 selected letsencrypt ssl issuance. If you try re-running acmetool.sh on the same wordpress domain created via menu option 22 with letsencrypt ssl, it probably caused problems.
     
    Last edited: Oct 12, 2016
  11. pamamolf

    pamamolf Premium Member Premium Member

    3,288
    309
    83
    May 31, 2014
    Ratings:
    +577
    Local Time:
    3:42 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    It will be ok if i have a forum inside a folder for https to work?

    Code:
    /public/forum/
    Also is there any cron automated way to renew certificate or i must do it manual?
     
  12. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 22
    
    ....
    
    Enter vhost domain name you want to add (without www. prefix): domain.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 4
    
    Theme Setup:
    Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]: n
    
    Wordpress Setup:
    Set custom WP Admin Display Name ? [y/n]: n
    Install Wordpress in subdirectory /blog ? [y/n]: n
    Disable Auto Generated WP Admin Username / Password ? [y/n]: y
    Disable wp-login.php password protection ? (less security) [y/n]: y
    
    ....
    
    --------------------------------------------------------
            Wordpress Caching
    --------------------------------------------------------
    1). KeyCDN Cache Enabler (default & recommended)
    2). Redis Nginx Level Caching (may have issues with some wp plugins)
    3). Wordpress Super Cache
    --------------------------------------------------------
    Enter option [ 1 - 3 ] 1
    
    Do you want to exclude mobile/tablet devices from Cache Enabler caching ? [y/n]: y
    
    ....
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://community.centminmod.com/posts/34492/
    -------------------------------------------------
    
    continue [y/n] ? y
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Wed Oct 12 21:29:36 PHT 2016] Installing to /root/.acme.sh
    [Wed Oct 12 21:29:36 PHT 2016] Installed to /root/.acme.sh/acme.sh
    [Wed Oct 12 21:29:36 PHT 2016] OK, Close and reopen your terminal to start using acme.sh
    [Wed Oct 12 21:29:36 PHT 2016] Installing cron job
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Wed Oct 12 21:29:36 PHT 2016] Good, bash is found, so change the shebang to use bash as prefered.
    [Wed Oct 12 21:29:36 PHT 2016] OK
    https://github.com/Neilpang/acme.sh
    v2.6.0
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    backup & remove /usr/local/nginx/conf/conf.d/domain.com.conf
    
    [self-signed ssl cert check] required by acmetool.sh
    
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/dhparam.pem exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/domain.com.crt exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/domain.com.key exists
    
    [sslvhostsetup] create /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    [wp] backup & remove /usr/local/nginx/conf/conf.d/domain.com.conf
    [wp] create /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    cp -a /usr/local/nginx/conf/conf.d/domain.com.ssl.conf /usr/local/nginx/conf/conf.d/domain.com.ssl.conf-wp2
    sed -i '1,12d' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf-wp2
    cat /usr/local/nginx/conf/conf.d/domain.com.ssl.conf-wp1 /usr/local/nginx/conf/conf.d/domain.com.ssl.conf-wp2 > /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    Reloading nginx configuration (via systemctl):  [  OK  ]
    
    setting HTTPS default in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    remove /usr/local/nginx/conf/conf.d/domain.com.conf
    
    grep 'root' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
      root /home/nginx/domains/domain.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for domain.com
    -----------------------------------------------------------
    testcert value = wplived
    wp routine
    /root/.acme.sh/acme.sh --issue -d domain.com -d www.domain.com -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-121016-212613.log --log-level 2
    [Wed Oct 12 21:29:38 PHT 2016] Domains not changed.
    [Wed Oct 12 21:29:38 PHT 2016] Skip, Next renewal time is: Sun Dec 11 11:18:51 UTC 2016
    [Wed Oct 12 21:29:38 PHT 2016] Add '--force' to force to renew.
    LECHECK = 2
    
    issue skipped as ssl cert still valid
    
    ...
    
    -------------------------------------------------------------
    vhost for domain.com wordpress setup successfully
    domain.com setup info log saved at:
    /root/centminlogs/centminmod_1.2.3-eva2000.09.001_121016-212047_wordpress_addvhost.log
    -------------------------------------------------------------
    
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 24
    
    # nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful


    Code (Text):
    # cd addons
    [[email protected] addons]# ./acmetool.sh
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://community.centminmod.com/posts/34492/
    -------------------------------------------------
    
    continue [y/n] ? y
    
    # ./acmetool.sh reissue domain.com lived
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://community.centminmod.com/posts/34492/
    -------------------------------------------------
    
    continue [y/n] ? y
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Wed Oct 12 21:41:07 PHT 2016] Installing to /root/.acme.sh
    [Wed Oct 12 21:41:07 PHT 2016] Installed to /root/.acme.sh/acme.sh
    [Wed Oct 12 21:41:07 PHT 2016] OK, Close and reopen your terminal to start using acme.sh
    [Wed Oct 12 21:41:07 PHT 2016] Installing cron job
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Wed Oct 12 21:41:07 PHT 2016] Good, bash is found, so change the shebang to use bash as prefered.
    [Wed Oct 12 21:41:07 PHT 2016] OK
    https://github.com/Neilpang/acme.sh
    v2.6.0
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    backup & remove /usr/local/nginx/conf/conf.d/domain.com.conf
    
    [self-signed ssl cert check] required by acmetool.sh
    
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/dhparam.pem exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/domain.com.crt exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/domain.com/domain.com.key exists
    
    [sslvhostsetup] create /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    [non-wp] backup & remove /usr/local/nginx/conf/conf.d/domain.com.conf
    Reloading nginx configuration (via systemctl):  [  OK  ]
    grep 'root' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
      root /home/nginx/domains/domain.com/public;
    
    -----------------------------------------------------------
    reissue & install letsencrypt ssl certificate for domain.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --force --createDomainKey -d domain.com -d www.domain.com -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Wed Oct 12 21:41:08 PHT 2016] Creating domain key
    testcert value = lived
    /root/.acme.sh/acme.sh --force --issue -d domain.com -d www.domain.com -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-121016-214049.log --log-level 2
    [Wed Oct 12 21:41:09 PHT 2016] Registering account
    [Wed Oct 12 21:45:23 PHT 2016] Already registered
    [Wed Oct 12 21:49:36 PHT 2016] Update success.
    [Wed Oct 12 21:49:36 PHT 2016] Multi domain='DNS:www.domain.com'
    [Wed Oct 12 21:49:36 PHT 2016] Verify each domain
    [Wed Oct 12 21:49:36 PHT 2016] Getting webroot for domain='domain.com'
    [Wed Oct 12 21:49:36 PHT 2016] _w='/home/nginx/domains/domain.com/public'
    [Wed Oct 12 21:49:36 PHT 2016] Getting new-authz for domain='domain.com'
    [Wed Oct 12 21:53:50 PHT 2016] domain.com is already verified, skip.
    [Wed Oct 12 21:53:50 PHT 2016] Getting webroot for domain='www.domain.com'
    [Wed Oct 12 21:53:50 PHT 2016] _w='/home/nginx/domains/domain.com/public'
    [Wed Oct 12 21:53:50 PHT 2016] Getting new-authz for domain='www.domain.com'
    [Wed Oct 12 21:58:04 PHT 2016] www.domain.com is already verified, skip.
    [Wed Oct 12 21:58:04 PHT 2016] domain.com is already verified, skip http-01.
    [Wed Oct 12 21:58:04 PHT 2016] www.domain.com is already verified, skip http-01.
    [Wed Oct 12 21:58:04 PHT 2016] domain.com is already verified, skip http-01.
    [Wed Oct 12 21:58:04 PHT 2016] www.domain.com is already verified, skip http-01.
    [Wed Oct 12 21:58:04 PHT 2016] Verify finished, start to sign.
    [Wed Oct 12 22:04:24 PHT 2016] Cert success.
    -----BEGIN CERTIFICATE-----
    ......
    ASrZjChG09D/qvLxdMnaBsA+7Oi+p2uW48XFUzXB9T+64xyF/XowMpE=
    -----END CERTIFICATE-----
    [Wed Oct 12 22:04:24 PHT 2016] Your cert is in  /root/.acme.sh/domain.com/domain.com.cer
    [Wed Oct 12 22:04:24 PHT 2016] Your cert key is in  /root/.acme.sh/domain.com/domain.com.key
    [Wed Oct 12 22:06:30 PHT 2016] The intermediate CA cert is in  /root/.acme.sh/domain.com/ca.cer
    [Wed Oct 12 22:06:30 PHT 2016] And the full chain certs is there:  /root/.acme.sh/domain.com/fullchain.cer
    
    switch to HTTPS default after verification
    
    
    setting HTTPS default in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    
    remove /usr/local/nginx/conf/conf.d/domain.com.conf
    
    LECHECK = 0
      ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
    
    -----------------------------------------------------------
    install cert
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --installcert -d domain.com -d www.domain.com --certpath /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key --capath /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/domain.com/domain.com-fullchain-acme.key
    [Wed Oct 12 22:06:30 PHT 2016] Installing cert to:/usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer
    [Wed Oct 12 22:06:30 PHT 2016] Installing CA to:/usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer
    [Wed Oct 12 22:06:30 PHT 2016] Installing key to:/usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key
    [Wed Oct 12 22:06:30 PHT 2016] Installing full chain to:/usr/local/nginx/conf/ssl/domain.com/domain.com-fullchain-acme.key
    [Wed Oct 12 22:06:30 PHT 2016] Run Le_ReloadCmd: /usr/bin/ngxreload
    Reloading nginx configuration (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
    [Wed Oct 12 22:06:31 PHT 2016] Reload error for :domain.com
    
    letsencrypt ssl certificate setup completed
    ssl certs located at: /usr/local/nginx/conf/ssl/domain.com
    
    openssl x509 -noout -text < /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer
    Certificate:
        .....
        .....
    
    log files saved at /root/centminlogs
    -rw-r--r-- 1 root root  39K Oct 12 22:06 acmetool.sh-debug-log-121016-214049.log
    -rw-r--r-- 1 root root  12K Oct 12 22:06 acmesh-reissue_121016-214049.log
    
    # nginx -t
    nginx: [emerg] SSL_CTX_load_verify_locations("/usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/ssl/domain.com/domain.com-trusted.crt', 'r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
     
    • Informative Informative x 2
  13. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    8:42 PM
    latest
    latest
    The reason I had to reissue was because the first time I used menu option 22 and then 4 (issue live cert with HTTPS default), https didn't work. So I did a redo by deleting /home/nginx/domains/domain.com, the ssl folder (/usr/nginx/conf/ssl/domain.com), and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf

    and there's no reissue in option 22
     
    • Informative Informative x 1
  14. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Any letsencrypt ssl cert obtained via centmin.sh menu option 2, 22 or nv or acemtool.sh directly have auto renewal cron via acme.sh and yes https works on the domain not directory
     
  15. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah it's something i need to add to addons/acmetool.sh to recognise centmin.sh menu option 22 generated letsencrypt/https

    as to https default didn't work on centmin.sh as domain was already previously used for letsencrypt live issuance so domain was still valid so skipped the switch to live ssl syntax/files in domain.com.ssl.conf you can see in centmin.sh menu 22 log part here
    Code (Text):
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for domain.com
    -----------------------------------------------------------
    testcert value = wplived
    wp routine
    /root/.acme.sh/acme.sh --issue -d domain.com -d www.domain.com -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-121016-212613.log --log-level 2
    [Wed Oct 12 21:29:38 PHT 2016] Domains not changed.
    [Wed Oct 12 21:29:38 PHT 2016] Skip, Next renewal time is: Sun Dec 11 11:18:51 UTC 2016
    [Wed Oct 12 21:29:38 PHT 2016] Add '--force' to force to renew.
    LECHECK = 2
    
    issue skipped as ssl cert still valid
    


    guess another thing i need to work on for centmin.sh menu option 22 for reissue support
     
  16. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    guess one workaround is that for centmin.sh menu option 22's acmetool.sh issue routine if it's coming from menu option 22, always use reissue and thus --force for acme.sh to issue certs. As logic would dictate only time someone runs centmin.sh menu option 22 on a specific domain is that the domain doesn't exist on server anyway so should ignore if letsencrypt ssl cert issued for that wordpress domain already is valid at letsencrypt end and just reissue and bypass the vhost letsencrypt ssl cert install and setup skipping that usually happens if the letsencrypt ssl is still valid.

    so in theory that should allow centmin.sh menu option 22 wordpress site's letsnecrypt ssl cert validation to pass the first time, preventing the need to re-run acmetool.sh on the existing domain on the server.

    acmetool.sh 1.0.9 released with this workaround for centmin.sh menu option 22 Beta Branch - acmetool.sh 1.0.9 | Centmin Mod Community :)
     
    Last edited: Oct 13, 2016
  17. pamamolf

    pamamolf Premium Member Premium Member

    3,288
    309
    83
    May 31, 2014
    Ratings:
    +577
    Local Time:
    3:42 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Why i can't see anything related on crontab?
     
  18. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    you should see a cronjob for acme.sh renewals
    Code (Text):
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

    this goes through all /root/.acme.sh/domain.com/* directories and checks which ssl cert needs renewing or skip renewals
     
  19. pamamolf

    pamamolf Premium Member Premium Member

    3,288
    309
    83
    May 31, 2014
    Ratings:
    +577
    Local Time:
    3:42 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Then i think is my fault as i create a vhost from menu option 2 and i enter "y" on the first https question so it seems that i get the self signed https that's why i do not have that on my crons :)
     
  20. eva2000

    eva2000 Administrator Staff Member

    40,186
    8,883
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,692
    Local Time:
    10:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    see 1st post you need to enable LETSENCRYPT_DETECT variable in persistent config file first
    then centmin.sh menu option 2, 22 and nv command will detect if addons/acmetool.sh exists and convert the self signed ssl http setup to a letsencrypt ssl cert setup in the same run.
     
    • Informative Informative x 1
..