Get the most out of your Centmin Mod LEMP stack
Become a Member

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. erfolgskompass

    erfolgskompass New Member

    13
    1
    3
    Jun 8, 2016
    Ratings:
    +10
    Local Time:
    5:49 PM
    well... I was using the xn-- notation where no error was displayed, but maybe that is the right direction.
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  3. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
    Am getting error
    Verify error:Could not connect to xxxxx.info
    LECHECK = 1
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Which method did you use ? exact command line or menu option ?

    make sure you domain and server it it is on is online and available i.e. domain dns is propagated and nginx/php is running.

    also post the full log from /root/centminlogs for the run. You can copy and post contents of log to pastebin.com or gist.github.com

    to find the log list the logs in ascending date order
    Code (Text):
    ls -lahrt /root/centminlogs
     
  5. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
  6. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    strange is this a test fresh site ? seems testcert value = wptest so you ran centmin.sh menu option 22 for wordpress auto install with http + https vhost setup right (option 1)?
    would of been something like
    Code (Text):
    -------------------------------------------------------------
    Setup full Nginx vhost + Wordpress + WP Plugins
    -------------------------------------------------------------
    
    Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 1

    /root/centminlogs/*wordpress_addvhost.log would have a log for wordpress part too
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @prometheus for centmin.sh menu option 22 runs, you get an wordpress uninstall script generated at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} is your domain name. You can run that to wipe the entire domain vhost structure and files and try again if it was domain dns propagation issues. i.e. if you only updated dns a few moments before running the command, then dns might have not propagated to letsencrypt's dns resolvers. But then would be a dns message error not can't connect so might not be the case.
     
  8. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
    I use cloudflare I dont have problems with other similar scripts.
    I have a domain without cloudflare, it worked but permalinks are not working
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    weird, in persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information
    Code (Text):
    ACMEDEBUG='y'
    and uninstall the domain via uninstall script for wordpress and try again.
     
  10. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
    Maybe the problem is here
    Initializing NSS with certpath: sql:/etc/pki/nssdb
    == Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
    == Info: Certificate is signed by an untrusted issuer: 'CN=armysafety.info,OU=armysafety.info,O=armysafety.info,L=Los Angeles,ST=California,C=US'
    == Info: NSS error -8172
    == Info: Closing connection #1
     
  11. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost. So what you're seeing is after letsencrypt verification failed to connect to your domain/server not before.
     
  12. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
    Here is all the debug logs armysafety · GitHub


    And also why permalinks are not working if letsencrypt is enabled?
     
  13. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    need contents of your nginx vhost files to double check

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)
     
  14. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    oh this time used used testcert = wplived so selected https default with live cert

    that creates a 302 redirect for http to https and seems before letsencrypt ssl cert is available, letsencrypt verification server is following the 302 redirect to https and self-signed ssl certificate which could be failing

    going to ask on letsencrypts support forums Letsencrypt webroot verification follows http to https redirect for self-signed cert? - Issuance Tech - Let's Encrypt Community Support :)

    might need to revise the https default routines so i do the 302 https default redirect after letsencrypt verification
     
    Last edited: Sep 17, 2016
  15. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @prometheus what exact version of centos 6 you using ?
    Code (Text):
     cat /etc/redhat-release

    could be due to your CA-bundle being out of date as in your log there's curl 60 error which is from libcurl - Error Codes
    have you checked if your centos 6 server has any yum updates like for ca-certificates yum package ?

    might need to add a check in my acmetool.sh for system ca-certificates updates available
     
  16. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  17. prometheus

    prometheus Member

    39
    4
    8
    Jan 24, 2015
    Greece
    Ratings:
    +9
    Local Time:
    1:49 PM
    1.9.9
    10.1
    I use CentOS release 6.8 (Final) Linode
     
  18. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    8:49 PM
    NA
    Maria DB 5.5
    Hello,
    Does addons/acmetool.sh not work atm? I have installed the beta, but I cannot get acmetool.sh
     
  19. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    8:49 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    1st post of thread regarding LETSENCRYPT_DETECT='y' set in persistent config requirement ;)
     
  20. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    8:49 PM
    NA
    Maria DB 5.5
    Ah, ok I just did that but do I need to reinstall centmin beta to get it to work?