Welcome to Centmin Mod Community
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. elargento

    elargento Member

    240
    16
    18
    Jan 4, 2016
    Ratings:
    +31
    Local Time:
    3:37 AM
    10
    I don't understand when I have to run this command.
    Just to make sure first I have to install acme.sh and then issue a cert following acme.sh instructions? So when should I run ./acmetool.sh acmeinstall command?
    I also don't have any file on /etc/centminmod/custom_config.inc, should I create it? Once I add that line, debug mode will be enabled, but I already have option 22 in centmin menu...so which will be the difference?
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes that command installs acme.sh underlying client first time

    yes you need to create it yourself

    centmin.sh menu option 2 and 22 don't see acmetool.sh and doesn't prompt for letsencrypt related questions unless LETSENCRYPT_DETECT='y' is set in /etc/centminmod/custom_config.inc
     
  3. elargento

    elargento Member

    240
    16
    18
    Jan 4, 2016
    Ratings:
    +31
    Local Time:
    3:37 AM
    10
    Seems a big warning, is still risky to install Letsencrypt in this way on a live site?
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    that relates to direct tools/acmetool.sh usage as there's many other combinations to test but ok if you follow 1st post's 2 official guides with have limited one known good combinations
     
    • Like Like x 1
  5. elargento

    elargento Member

    240
    16
    18
    Jan 4, 2016
    Ratings:
    +31
    Local Time:
    3:37 AM
    10
    I didn't do step 1 and 2: Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates
    just LETSENCRYPT_DETECT='y' and ./acmetool.sh acme-menu and I successfully installed the Letencrypt certificate and forced a redirect because I previously run centmin and option 2 so vhost was already created. Why

    Do I have to set a cron job to autorenew the certificate or will acmetool do it automatically?
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    yeah that's risky process as acmetool.sh is written to work on existing nginx vhosts like you tested just some folks existing nginx vhost gets messed up a bit with the process so hence needing more beta testing and feedback by users on 'test servers' so until then LETSENCRYPT_DETECT='n' is the default

    acmetool.sh acmeinstall command will take care of acme.sh cronjob you can see from cronjobs listed via command
    Code (Text):
    crontab -l
    
     
    • Like Like x 1
  7. jair

    jair New Member

    15
    1
    3
    Jan 8, 2017
    Ratings:
    +1
    Local Time:
    9:37 AM
    I am having some troubles with renewing the SSL certificate. I managed to track it down to the fact that I changed my webroot folder. Initially it was in:

    Code:
    /home/nginx/domains/mydomain/public 
    But I changed it to

    Code:
    /home/nginx/domains/mydomain/public /new
    I did the change manually in the vhost file, thought this is enough. Anyway, now my cert expired and I am not able to renew, probably, because letsencrypt can't access the initial webroot location. Here is relevant part from the log file:

    Code:
    -----------------------------------------------------------
    reissue & install letsencrypt ssl certificate for devtest.magelanci.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --force --createDomainKey -d devtest.magelanci.com -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Fri Apr 21 18:17:27 UTC 2017] Creating domain key
    testcert value = lived
    /root/.acme.sh/acme.sh --force --issue -d devtest.magelanci.com -w /home/nginx/domains/devtest.magelanci.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-210417-181719.log --log-level 2
    [Fri Apr 21 18:17:28 UTC 2017] Single domain='devtest.magelanci.com'
    [Fri Apr 21 18:17:28 UTC 2017] Getting domain auth token for each domain
    [Fri Apr 21 18:17:28 UTC 2017] Getting webroot for domain='devtest.magelanci.com'
    [Fri Apr 21 18:17:28 UTC 2017] Getting new-authz for domain='devtest.magelanci.com'
    [Fri Apr 21 18:17:33 UTC 2017] The new-authz request is ok.
    [Fri Apr 21 18:17:33 UTC 2017] Verifying:devtest.magelanci.com
    [Fri Apr 21 18:17:38 UTC 2017] devtest.magelanci.com:Verify error:Invalid response from http://devtest.magelanci.com/.well-known/acme-challenge/_kcULzWLUCdHhdnVXwj6yNvh-2yGSXI3yufXU046shc:
    [Fri Apr 21 18:17:38 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-210417-181719.log
    LECHECK = 1
    
    I guess I probably deleted .well-known folder at some point, arghhh. Is there any way I can completely remove and start this certificate from scratch without messing my vhost conf file?
     
  8. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes you broken .well-known support by change the webroot folder location as underlying acme.sh client dynamically generates a hash coded .well-known file on demand to verify your domain and places it in webroot/.well-known/ directory so if you change the directory for web root, the /.well-known directory location changes too.

    you can manually modifying the config file acme.sh uses to determine your web root it would be in /root/.acme.sh/yourdomain.com/yourdomain.com.conf for Le_Webroot variable where your new webroot is at /home/nginx/domains/domain.com/new
    Code (Text):
    Le_Webroot='/home/nginx/domains/domain.com/new'
    

    then manually renew by manually running the acme.sh cronjob command
    Code (Text):
    /root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    
     
    Last edited: Apr 22, 2017
    • Informative Informative x 1
  9. jair

    jair New Member

    15
    1
    3
    Jan 8, 2017
    Ratings:
    +1
    Local Time:
    9:37 AM
    My Le_Webroot already points to /new. Maybe I issued the certificate after I made the change, can't remember right now.

    Code:
    [Fri Apr 21 19:54:27 UTC 2017] ===Starting cron===
    [Fri Apr 21 19:54:27 UTC 2017] Renew: 'mydomain'
    [Fri Apr 21 19:54:28 UTC 2017] Single domain='mydomain'
    [Fri Apr 21 19:54:28 UTC 2017] Getting domain auth token for each domain
    [Fri Apr 21 19:54:28 UTC 2017] Getting webroot for domain='mydomain'
    [Fri Apr 21 19:54:28 UTC 2017] Getting new-authz for domain='mydomain'
    [Fri Apr 21 19:54:32 UTC 2017] The new-authz request is ok.
    [Fri Apr 21 19:54:33 UTC 2017] Verifying:mydomain
    [Fri Apr 21 19:54:38 UTC 2017] mydomain:Verify error:Invalid response from http://mydomain/.well-known/acme-challenge/9ObV3Yi9Y21RmG0bOyCvGohTfT3rksu-t54L2SLae34:
    [Fri Apr 21 19:54:38 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-210417-182003.log
    [Fri Apr 21 19:54:40 UTC 2017] Error renew mydomain.
    [Fri Apr 21 19:54:40 UTC 2017] ===End cron===
    
    where mydomain is the domain name I am trying to issue certificate for. Could it be related to the fact that LE looks at http?
     
  10. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
  11. jair

    jair New Member

    15
    1
    3
    Jan 8, 2017
    Ratings:
    +1
    Local Time:
    9:37 AM
    Here, domain name is included, I guess there is no reason to hide it:

    Code:
    #x# HTTPS-DEFAULT
    server {
    
      server_name devtest.magelanci.com www.devtest.magelanci.com;
      return 302 https://$server_name$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name devtest.magelanci.com www.devtest.magelanci.com;
    
      include /usr/local/nginx/conf/ssl/devtest.magelanci.com/devtest.magelanci.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/devtest.magelanci.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/devtest.magelanci.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/devtest.magelanci.com/autoprotect-devtest.magelanci.com.conf;
      root /home/nginx/domains/devtest.magelanci.com/public/new/;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
    
     # Prevent access to ./directories and files
        location ~ (?:^|/)\. {
            deny all;
        }
    
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      try_files    $uri $uri/ /index.php;
    
      }
    
    
    # IP.Board PHP/CGI Protection
    
        # Allow Access to Interface Files
        # Add Your Specific Application to the List if you Add New Applications
    #    location ~ ^/applications/(calendar|tutorials|cms|core|forums|gallery|nexus|rules|videos|)/interface/.*\.(?:php\d*|phtml)$ {
    #        allow all;
     #       include /usr/local/nginx/conf/php.conf;
      #  }
    
        # Block Access to PHP / PHTML Files
        location ~ ^/(uploads|datastore|system|plugins)/.*\.(?:php\d*|phtml)$ {
            allow 127.0.0.1;
            deny all;
        }
    
        # Block Access to Application PHP / PHTML Files
        # Add Your Specific Application to the List if you Add New Applications
    #    location ~ ^/applications/(calendar|tutorials|cms|core|forums|gallery|nexus|rules|videos|)/.*\.(?:php\d*|phtml)$ {
     #       allow 127.0.0.1;
      #      deny all;
       # }
    
    
    
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    remove this part
    Code (Text):
     # Prevent access to ./directories and files
       location ~ (?:^|/)\. {
           deny all;
       }
    

    it's blocking /.well-known directory access
     
  13. jair

    jair New Member

    15
    1
    3
    Jan 8, 2017
    Ratings:
    +1
    Local Time:
    9:37 AM
    Thanks, that did it! Is it relatively safe to leave this option though? I see that I don't have other /. folders in my webroot, so I guess it is ok to leave it without this protection.
     
  14. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
  15. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
  16. jscott

    jscott Member

    84
    13
    8
    Aug 13, 2015
    Ratings:
    +28
    Local Time:
    2:37 AM
    Looks like LE is broken again....
    New install on a new hostus server. 0.9beta fully updated.

    Looks like nv.sh is missing...

    -John

    Code:
    [root@node3-regx centminmod]# cd /usr/local/src/centminmod/addons                                                               
    [root@node3-regx addons]# ./acmetool.sh webroot-issue yii.atlone.com /home/nginx/domains/yii.atlone.com/public/basic/web lived
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://centminmod.com/acmetool
    -------------------------------------------------
    
    continue [y/n] ? y
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Fri Jun  9 02:18:52 UTC 2017] Installing to /root/.acme.sh
    [Fri Jun  9 02:18:53 UTC 2017] Installed to /root/.acme.sh/acme.sh
    [Fri Jun  9 02:18:53 UTC 2017] Installing alias to '/root/.bashrc'
    [Fri Jun  9 02:18:53 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
    [Fri Jun  9 02:18:53 UTC 2017] Installing alias to '/root/.cshrc'
    [Fri Jun  9 02:18:53 UTC 2017] Installing alias to '/root/.tcshrc'
    [Fri Jun  9 02:18:53 UTC 2017] Installing cron job
    52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Fri Jun  9 02:18:53 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
    [Fri Jun  9 02:18:53 UTC 2017] OK
    https://github.com/Neilpang/acme.sh
    v2.7.1
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    
    yii.atlone.com nginx vhost + pureftp virtual ftp user setup
    
    /usr/bin/nv not found
    
    

    Code:
    
    [root@node3-regx ~]# ls /usr/bin/nv
    /usr/bin/nv
    [root@node3-regx ~]# ls -lah /usr/bin/nv
    lrwxrwxrwx 1 root root 38 Jun  8 21:52 /usr/bin/nv -> /usr/local/src/centminmod/addons/nv.sh
    [root@node3-regx ~]#
    
    
     
  17. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    Did you run acmetool.sh the very first time immediately after centmin mod initial install before ever running centmin.sh? Because the symlink for nv.sh to /usr/bin/nv is only created after first centmin.sh run.

    The symlink to /usr/local/src/centminmod/addons/nv.sh is incorrect as I also added a symlink check and if not found creation in acmetool.sh itself and the derived directory for nv.sh path is relatively created from when acmetool.sh ran from which you could say is a bug. It should point to /usr/local/src/centminmod/tools/nv.sh

    So remove symlink /usr/bin/nv and re-run centmin.sh to re-create the /usr/bin/nv symlink at correct path.

    Updated 123.09beta01's addons/acmetool.sh 1.0.31 with fix for incorrect symlink too. Thanks for the bug report :D
     
    Last edited: Jun 9, 2017
  18. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod 123.09beta01 has Letsencrypt SSL integration in beta testing so is not enabled by default on centmin.sh menu option 2, 22 or nv command based Nginx vhost site creation routines. However, some new users are unaware thinking the self-signed SSL vhost questions at centmin.sh menu option 2 or 22 are fully web browser trusted SSL certificates. So to tackling this confusion, I've updated 123.09beta01's centmin.sh menu option 2 and 22 with additional notice message to detail this.

    Example centmin.sh menu option 2 run.

    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 2
    --------------------------------------------------------
    

    Code (Text):
    ---------------------------------------------------------------
    Important Information
    ---------------------------------------------------------------
    
    You are about to create an Nginx vhost site account with/without
    HTTPS/SSL support. Details of this process are outlined on site
    at centminmod.com/nginx_domain_dns_setup.html. Also read the
    continually updated Getting Started Guide for Centmin Mod usage
    at centminmod.com/getstarted.html which covers the pure-ftpd
    ftp username that is auto generated with the Nginx vhost site.
    ---------------------------------------------------------------
    403 Permission denied message handling
    if after vhost site setup you encounter 403 permission denied errors,
    check https://community.centminmod.com/threads/7308/ to see if your
    site needs tools/autoprotect.sh tweaking/whitelisting
    ---------------------------------------------------------------
    [ LETSENCRYPT_DETECT is not enabled ]
    Ignore this message if you do not want HTTPS based web site otherwise
    read below carefully.
    
    Free letsencrypt SSL certificates integration is in beta testing if
    you want to obtain free letsencrypt SSL certificate for HTTPS site,
    you will need to manually enable LETSENCRYPT_DETECT='y' outlined
    at https://centminmod.com/acmetool so exit this vhost routine first
    set LETSENCRYPT_DETECT='y' and update domain DNS A record first
    then re-run vhost site creation menu option
    ---------------------------------------------------------------
    
    Do you want to continue with Nginx vhost site creation ? [y/n] n
    
    aborting Nginx vhost setup..
    

    Here if user wanted free Letsencrypt SSL certificate, they can answer no to abort vhost setup, then follow instructions outlined at centminmod.com/acmetool/ to enabling LETSENCRYT_DETECT='y' and updating domain DNS A record to server IP address, and then re-running centmin.sh menu option 2 or 22 to create their Nginx vhost site + Letsencrypt SSL based HTTPS.
     
  19. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,533
    Local Time:
    4:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    For centmin.sh menu option 2 and 22, updated options for letsencrypt ssl cert type to make it more clearer that staging test ssl certs are untrusted versus live trusted ssl certs.
    Code (Text):
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS (untrusted)
    2. issue staging test cert with HTTPS default (untrusted)
    3. issue live cert with HTTP + HTTPS (trusted)
    4. issue live cert with HTTPS default (trusted)
    Enter option number 1-4: 
    
     
  20. Mastergumble

    Mastergumble New Member

    21
    5
    3
    Sep 29, 2016
    Ratings:
    +8
    Local Time:
    7:37 AM
    1.11.x
    10.x
    Weird thing today setting few things to a new server.

    Code:
    testcert value =
    /root/.acme.sh/acme.sh --staging --issue -d domain.com -d www.domain.com --days 60 -w /home/nginx/domains/domain                                                                                        .pt/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-020717-2                                                                                        32844.log --log-level 2
    [Sun Jul  2 23:28:50 UTC 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:51 UTC 2017] Multi domain='DNS:www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting domain auth token for each domain
    [Sun Jul  2 23:28:51 UTC 2017] Getting webroot for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting new-authz for domain='domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:52 UTC 2017] Getting webroot for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] Getting new-authz for domain='www.domain.com'
    [Sun Jul  2 23:28:53 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:53 UTC 2017] Verifying:domain.com
    [Sun Jul  2 23:28:56 UTC 2017] Pending
    [Sun Jul  2 23:28:58 UTC 2017] Pending
    [Sun Jul  2 23:29:00 UTC 2017] domain.com:Verify error:Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfL                                                                                        SKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout
    [Sun Jul  2 23:29:00 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-020717-2                                                                                        32844.log
    LECHECK = 1