Join the community today
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    6:51 PM
    Yes I do that to remove a vhost on my server.

    What I meant to ask is if I could remove all records of yii.atlone.com from the LetsEncrypt servers.

    -John
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    No way to do that, short lived 90 day expiry certs live in Letsencrypt servers until they expire.

    Just updated acmetool.sh to 0.4 for custom web root method to have an index page copied over from /public so that you don't get 403 permission denied on access.
     
    Last edited: Aug 19, 2016
  3. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    6:51 PM
    OK. I will take a look at it tomorrow. Its getting late and my brain is fried.

    Ah I forgot that. Done now.

    Does this do anything other then give you easy access to the status pages?

    -John

    Thank you for all the effort you put into this.

    I think LE is a great enhancement to a great project.

    -John
     
    Last edited by a moderator: Aug 19, 2016
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod nginx, php, phpmyadmin.sh when installed etc all rely on working main hostname. The future netdata addon will also Beta Branch - addons/netdata.sh - new system monitor addon | Centmin Mod Community :)

    cheers, yeah it's always been on the books for Centmin Mod. Way before letsencrypt came around, I was working on paid SSL certificate integration methods into Centmin Mod Nginx as I already offer Centmin Mod Premium members discounted paid commercial SSL certificates including Wildcard SSL certificates. :) Which is something planned for even after acmetool.sh becomes stable ;)
     
  5. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    6:51 PM
     
    • Like Like x 1
  6. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    6:51 PM
    I was looking over my server this morning and I noticed this log message and thought it looked odd....

    It shows up in /var/log/nginx/localhost.error.log

    Code (Text):
    2016/08/19 00:23:32 [error] 13694#13694: *4 open() "/usr/local/nginx/html/.well-known/acme-challenge/BnalTUIZxK4HucNYpbdTNEC34hTUGnBzf2XAKvJkUL4" failed (2: No such file or directory), client: 207.144.103.139, server: le-test, request: "GET /.well-known/acme-challenge/BnalTUIZxK4HucNYpbdTNEC34hTUGnBzf2XAKvJkUL4 HTTP/1.1", host: "yii.atlone.com"
    


    It looks like it corresponds to this request in /var/log/nginx/localhost.access.log

    Code (Text):
    207.144.103.139 - - [19/Aug/2016:00:23:32 +0000] "GET /.well-known/acme-challenge/BnalTUIZxK4HucNYpbdTNEC34hTUGnBzf2XAKvJkUL4 HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" "-" rt=0.000 ua="-" us="-" ut="-" ul="-" cs=-
    


    Is there any reason for ACME to be writing to /usr/local/nginx/html? This shows up for a couple of my test domains...

    -John
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    it's related to probably your mistaken centmin.sh menu option 2 run before running acmetool.sh as you created the nginx vhost first and then ran acmetool.sh webroot mode which removes the http version of vhost file and setups up redirect in https vhost file. The act of setting up via menu option 2 first probably messed with creating of the proper http to https redirect so when a site doesn't exist (http version) nginx defaults to the default host which is main hostname which has web root at /usr/local/nginx/html.

    This happens for any domain which has DNS pointing to Centmin Mod based server's IP address but does not have a valid nginx vhost setup for the domain - the domain will be served via the main hostname which has web root at /usr/local/nginx/html.
     
    Last edited: Aug 20, 2016
  8. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    The certs location defaults to Los Angeles, US and some wrong info. Where can I change this?
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    That is for self-signed SSL certificate in original Centmin Mod Nginx generation routine separate from acmetool.sh. You would only see such cert after an acmetool.sh run if Letsencrypt ssl certificate validation failed so Centmin Mod falls back to the self-signed SSL certificate originally created to setup the Nginx HTTPS vhost for domain.com.ssl.conf. If Letsencrypt ssl certificate validation succeeded, acmetool.sh will replace the self-signed SSL certificate in original Centmin Mod Nginx generation routine with the one provided by Letsencrypt.

    If you still want to override these temp self-signed SSL certs details, you should be able to via creating your Centmin Mod persistent config file or append to an existing persistent config file at /etc/centminmod/custom_config.inc and place in it or append to existing contents the following. Comments with hash # in front just for info. Then any new fresh launches of centmin.sh or acmetool.sh will use these overridden values.
    Code (Text):
    ###############################################################
    # Settings for centmin.sh menu option 2 and option 22 for
    # the details of the self-signed SSL certificate that is auto
    # generated. The default values where vhostname variable is
    # auto added based on what you input for your site name
    #
    # -subj "/C=US/ST=California/L=Los Angeles/O=${vhostname}/OU=${vhostname}/CN=${vhostname}"
    #
    # You can only customise the first 5 variables for
    # C = Country 2 digit code
    # ST = state
    # L = Location as in city
    # 0 = organisation
    # OU = organisational unit
    #
    # if left blank # defaults to same as vhostname that is your domain
    # if set it overrides that
    SELFSIGNEDSSL_C='US'
    SELFSIGNEDSSL_ST='California'
    SELFSIGNEDSSL_L='Los Angeles'
    SELFSIGNEDSSL_O=''
    SELFSIGNEDSSL_OU=''
    ###############################################################

    FYI, Letsencrypt SSL certificates do not have any of the location info as they are domain validated certs which do no require such.
     
    • Informative Informative x 1
  10. pamamolf

    pamamolf Well-Known Member

    2,767
    245
    63
    May 31, 2014
    Ratings:
    +436
    Local Time:
    1:51 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Does that works also for phpmyadmin https so it can look more valid?
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    not yet, acmetool.sh specifically excludes phpmyadmin.sh created vhost/https vhost for now. Once acmetool.sh is 100% working and stable may rewrite phpmyadmin.sh to create a separate vhost off the main hostname, so that acmetool.sh can work on it.
     
    • Like Like x 1
  12. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    What should be the correct way to use it with wordpress auto installer?

    I chose generate self signed certificate - N , Use letsencrypt - Y and it still did not make a certificate.

    Am I supposed to run acmetool.sh to replace it manually later?
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    when you answer yes to create letsencrypt ssl cert, it overrides and auto creates self-signed cert first then replaces with letsencrypt ssl cert if letsencrypt domain validation succeeds.

    so using centmin.sh menu option 22 for wordpress auto installer should be all that is needed, just that your domain validation failed and didn't get letsencrypt ssl cert. The /root/centminlogs should have a log for the menu option 22 run which you can check too. Might want to use gist.github.com or pastebin.com to share contents of such logs
     
  14. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    Hmm.. No need for gist or pastebin. Found it shortly. It was this

    Code:
    [Fri Aug 19 20:34:54 UTC 2016] site.com:Verify error:Invalid response from http://site.com/.well-known/acme-challenge/gxDgabl2lSsGkGJpukkkAzLkUFhoq4QuOtYf8CCOGO0: \
    Happens whether I try it for a subdomain, or TLD. Any idea?
     
    • Informative Informative x 1
  15. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    Am I the only one getting this? This was on a clean install.. @eva2000
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    Strange just tested centmin.sh menu option 22 in 123.09beta01 beta with acmetool.sh in place and it worked fine

    initial centmin.sh menu option 22 run for auto installing wordpress + letsencrypt ssl certificate
    Code (Text):
    ./centmin.sh
    
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 domain1.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 22
    --------------------------------------------------------
    ------------------------------------------------------------
    Installing wpcli.sh
    ------------------------------------------------------------
    installing...
    
    Error: /usr/bin/wp not found !!! Downloading now......
    2016-08-19 21:03:13 URL:https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar [4967063/4967063] -> "/usr/bin/wp" [1]
    Download done.
    
    Error: /root/wpcli/wp-completion.bash not found !!! Downloading now......
    2016-08-19 21:03:13 URL:https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash [495/495] -> "/root/wpcli/wp-completion.bash" [1]
    Download done.
    
    
    -------------------------------------------------------------
    PHP binary:     /usr/local/bin/php
    PHP version:    5.6.23
    php.ini used:   /usr/local/lib/php.ini
    WP-CLI root dir:        phar://wp-cli.phar
    WP-CLI packages dir:
    WP-CLI global config:
    WP-CLI project config:
    WP-CLI version: 0.24.1
    -------------------------------------------------------------
    
    -------------------------------------------------------------
    wp-cli install completed
    Read http://wp-cli.org/ for full usage info
    
    -------------------------------------------------------------
    Please log out of SSH session and log back in
    You can then call wp-cli via command: wp
    i.e. wp --info --allow-root
    -------------------------------------------------------------

    the wordpress install and nginx vhost generation step. I opted for letsencrypt option 1 = issue staging test cert with HTTP + HTTPS
    Code (Text):
    -------------------------------------------------------------
    Setup full Nginx vhost + Wordpress + WP Plugins
    -------------------------------------------------------------
    
    Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 1
    
    Theme Setup:
    Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]: n
    
    Wordpress Setup:
    Set custom WP Admin Display Name ? [y/n]: y
    Enter Custom WP Admin Display Name: George
    Install Wordpress in subdirectory /blog ? [y/n]: n
    Disable Auto Generated WP Admin Username / Password ? [y/n]: n
    Disable wp-login.php password protection ? (less security) [y/n]: y
    Enter email address for Admin User for Wordpress Installation: emailusername@domain1.com
    
    Default is to install KeyCDN WP Cache Enabler Plugin
    as it's more stable and reliable than WP Super Cache.
    To install KeyCDN Cache Enabler, answer = n to next question
    
    Do you want to install WP Super Cache instead ? [y/n]: n
    Create FTP username for vhost domain (enter username): FTPUSERNAME
    Do you want to auto generate FTP password (recommended) [y/n]: y
    

    letsencrypt validation succeeded and issued the ssl cert
    Code (Text):
    -------------------------------------------------------------
    ok: /usr/local/src/centminmod/addons/acmetool.sh
    /usr/local/src/centminmod/addons/acmetool.sh issue acme3.domain1.com
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    [Fri Aug 19 21:08:04 UTC 2016] Installing to /root/.acme.sh
    [Fri Aug 19 21:08:04 UTC 2016] Installed to /root/.acme.sh/acme.sh
    [Fri Aug 19 21:08:04 UTC 2016] OK, Close and reopen your terminal to start using acme.sh
    [Fri Aug 19 21:08:04 UTC 2016] Installing cron job
    0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Fri Aug 19 21:08:04 UTC 2016] Good, bash is installed, change the shebang to use bash as prefered.
    [Fri Aug 19 21:08:04 UTC 2016] OK
    https://github.com/Neilpang/acme.sh
    v2.4.1
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
      root /home/nginx/domains/acme3.domain1.com/public;
    grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
      root /home/nginx/domains/acme3.domain1.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for acme3.domain1.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --staging --issue -d acme3.domain1.com -w /home/nginx/domains/acme3.domain1.com/public -k ec-256 --useragent centminmod-centos7-acmesh-webroot
    [Fri Aug 19 21:08:05 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Fri Aug 19 21:08:08 UTC 2016] Skip register account key
    [Fri Aug 19 21:08:08 UTC 2016] Creating domain key
    [Fri Aug 19 21:08:08 UTC 2016] Use length 256
    [Fri Aug 19 21:08:08 UTC 2016] Using ec name: prime256v1
    [Fri Aug 19 21:08:08 UTC 2016] Single domain='acme3.domain1.com'
    [Fri Aug 19 21:08:08 UTC 2016] Verify each domain
    [Fri Aug 19 21:08:08 UTC 2016] Getting webroot for domain='acme3.domain1.com'
    [Fri Aug 19 21:08:08 UTC 2016] Getting token for domain='acme3.domain1.com'
    [Fri Aug 19 21:08:12 UTC 2016] acme3.domain1.com is already verified, skip.
    [Fri Aug 19 21:08:12 UTC 2016] acme3.domain1.com is already verified, skip http-01.
    [Fri Aug 19 21:08:12 UTC 2016] acme3.domain1.com is already verified, skip http-01.
    [Fri Aug 19 21:08:12 UTC 2016] Verify finished, start to sign.
    [Fri Aug 19 21:08:17 UTC 2016] Cert success.
    -----BEGIN CERTIFICATE-----
    MIIEIjCCAwqgAwIBAgITAPpTbn3cbwcjJk0U4FNRkciVbTANBgkqhkiG9w0BAQsF
    ....
    8LClGx/Z
    -----END CERTIFICATE-----
    [Fri Aug 19 21:08:17 UTC 2016] Your cert is in /root/.acme.sh/acme3.domain1.com_ecc/acme3.domain1.com.cer
    [Fri Aug 19 21:08:17 UTC 2016] The intermediate CA cert is in /root/.acme.sh/acme3.domain1.com_ecc/ca.cer
    [Fri Aug 19 21:08:17 UTC 2016] And the full chain certs is there: /root/.acme.sh/acme3.domain1.com_ecc/fullchain.cer
      ssl_certificate      /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer; 
    

    Once letsencrypt ssl cert is issued, it's installed into the auto generated wordpress nginx vhost files for the domain
    Code (Text):
    -----------------------------------------------------------
    install cert
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --installcert -d acme3.domain1.com --certpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key --ecc
    [Fri Aug 19 21:08:18 UTC 2016] Installing cert to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
    [Fri Aug 19 21:08:18 UTC 2016] Installing CA to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
    [Fri Aug 19 21:08:18 UTC 2016] Installing key to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key
    [Fri Aug 19 21:08:18 UTC 2016] Installing full chain to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key
    [Fri Aug 19 21:08:18 UTC 2016] Run Le_ReloadCmd: /usr/bin/ngxreload
    Reloading nginx configuration (via systemctl):  [  OK  ]
    [Fri Aug 19 21:08:18 UTC 2016] Reload success
    
    letsencrypt ssl certificate setup completed
    ssl certs located at: /usr/local/nginx/conf/ssl/acme3.domain1.com
    
    openssl x509 -noout -text < /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                fa:53:6e:7d:dc:6f:07:23:26:4d:14:e0:53:51:91:c8:95:6d
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: CN=Fake LE Intermediate X1
            Validity
                Not Before: Aug 19 20:08:00 2016 GMT
                Not After : Nov 17 20:08:00 2016 GMT
            Subject: CN=acme3.domain1.com
            Subject Public Key Info:
                Public Key Algorithm: id-ecPublicKey
                    Public-Key: (256 bit)
                    pub:
                        04:23:32:cd:ec:c7:3b:e3:23:86:6a:e3:56:dd:d8:
                        0e:35:fb:fa:6c:a7:16:fb:3d:eb:16:22:1d:a0:96:
                        f5:ef:9b:ac:98:23:7d:22:4c:0d:59:2e:ab:13:ac:
                        92:5a:91:39:21:0a:34:d6:54:04:92:37:d8:0d:ea:
                        19:fd:96:e5:3b
                    ASN1 OID: prime256v1
            X509v3 extensions:
                X509v3 Key Usage: critical
                    Digital Signature
                X509v3 Extended Key Usage:
                    TLS Web Server Authentication, TLS Web Client Authentication
                X509v3 Basic Constraints: critical
                    CA:FALSE
                X509v3 Subject Key Identifier:
                    60:CD:FD:03:19:65:F0:47:20:A1:C9:F0:87:0D:6A:1A:37:99:63:8B
                X509v3 Authority Key Identifier:
                    keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A
    
                Authority Information Access:
                    OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org/
                    CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/
    
                X509v3 Subject Alternative Name:
                    DNS:acme3.domain1.com
                X509v3 Certificate Policies:
                    Policy: 2.23.140.1.2.1
                    Policy: 1.3.6.1.4.1.44947.1.1.1
                      CPS: http://cps.letsencrypt.org
                      User Notice:
                        Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
    

    Nginx vhost auto generated info and paths to web root
    Code (Text):
    -------------------------------------------------------------
    FTP hostname : IPADDR
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for acme3.domain1.com : FTPUSERNAME
    FTP password created for acme3.domain1.com : ****
    -------------------------------------------------------------
    vhost for acme3.domain1.com created successfully
    
    domain: http://acme3.domain1.com
    vhost conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
    
    vhost ssl for acme3.domain1.com created successfully
    
    domain: https://acme3.domain1.com
    vhost ssl conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.csr
    Backup SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.key
    Backup SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.csr
    
    upload files to /home/nginx/domains/acme3.domain1.com/public
    vhost log files directory is /home/nginx/domains/acme3.domain1.com/log
    
    ------------------------------------------------------------
    SSH commands to uninstall created Wordpress install and Nginx vhost:
      /root/tools/wp_uninstall_acme3.domain1.com.sh
    ------------------------------------------------------------
    

    Wordpress install info
    Code (Text):
    ------------------------------------------------------------
    Wordpress Auto Updater created at:
      /root/tools/wp_updater_acme3.domain1.com.sh
    cronjob set for every 8 hours update (3x times per day)
    ------------------------------------------------------------
    
    Wordpress domain: acme3.domain1.com
    Wordpress DB Name: wp89737304db_1724
    Wordpress DB User: wpdb1724u18150
    Wordpress DB Pass: wpdb+Da3RZYDpoTqp23125
    Wordpress Admin User ID: 302658
    Wordpress Admin User: z5VGVkdM9lmC8ZKmoFwp10298
    Wordpress Admin Pass: zYraBXykiHfRwps25911
    Wordpress Admin Email: emailusername@domain1.com
    Wordpress Admin Display Name: George
    
    ...
    ------------------------------------------------------------
    To complete setup:
    1. Enable Permalinks (DO NOT use links with .html extensions for performance reasons) i.e. /%post_id%/%postname%/
    2. Settings Menu > Cache Enabler set options and hit Save Changes
    3. Settings Menu > Optimus set options and hit Save Changes
    4. Appearance > Theme Options (Responsive theme) > Home Page nav bar > Uncheck Overrides Wordpress front page option
    ------------------------------------------------------------
    
    -------------------------------------------------------------
    vhost for acme3.domain1.com wordpress setup successfully
    acme3.domain1.com setup info log saved at:
    /root/centminlogs/centminmod_1.2.3-eva2000.09.001_190816-210306_wordpress_addvhost.log
    -------------------------------------------------------------
    

    Seems to be - letsencrypt servers sometimes have issues validating the domain with specific DNS providers. But can also be due to nginx vhost configuration.

    Which option did you select for letsencrypt configuration from 1-4 options
    Code (Text):
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 1
    
     
    Last edited: Aug 20, 2016
  17. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    I tried with 3 & 4.

    Maybe its this

    Code:
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }
    after commenting and adding
    Code:
    
    location /.well-known {
    allow all;
    }
    
    seemed to work after
     
    • Informative Informative x 1
  18. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
  19. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    7:51 AM
    I just pulled a new php7 default install per usual on a new VPS again to test.

    On a new install and invoking centmin menu #22

    Code:
    \.|
    #location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }

    2nd last line at /usr/local/nginx/conf/wpincludes/site.com/wpsecure_site.com.conf

    Above still blocks ./well-known/* required for letsencrypt verification.

    However, I noticed after editing the line to allow verification and everything runs, the new .conf g
    You left out this part - Creating a new wordpress site (HTTPS default) from menu #22 still creates in /usr/local/nginx/conf/wpincludes/site.com/wpsecure_site.com.conf

    also does not create a site.com.conf in /usr/local/nginx/conf/conf.d so only reads site.com.ssl.conf which is "damaged" because of invalid LE cert as a result of not being able to verify domain due to the following:

    Code:
    location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }
    This is blocking .well-known/* still..
     
    • Informative Informative x 1
  20. eva2000

    eva2000 Administrator Staff Member

    30,563
    6,851
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,268
    Local Time:
    9:51 AM
    Nginx 1.13.x
    MariaDB 5.5
    thanks for heads up though strange as it works here it's due to where the /usr/local/nginx/conf/wpincludes/site.com/wpsecure_site.com.conf is positioned order wise to. Will have to test