Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

yeah letsencrypt won't support IDN domains until after November 30, 2016 Upcoming Features - Let's Encrypt - Free SSL/TLS Certificates so still good idea to add acmetool.sh support for when IDN domains are supported

 

Which method did you use ? exact command line or menu option ?

make sure you domain and server it it is on is online and available i.e. domain dns is propagated and nginx/php is running.

also post the full log from /root/centminlogs for the run. You can copy and post contents of log to pastebin.com or gist.github.com

to find the log list the logs in ascending date order

Code (Text):

ls -lahrt /root/centminlogs

 

strange is this a test fresh site ? seems testcert value = wptest so you ran centmin.sh menu option 22 for wordpress auto install with http + https vhost setup right (option 1)?
would of been something like

Code (Text):

-------------------------------------------------------------
Setup full Nginx vhost + Wordpress + WP Plugins
-------------------------------------------------------------

Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: n
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

You have 4 options:
1. issue staging test cert with HTTP + HTTPS
2. issue staging test cert with HTTPS default
3. issue live cert with HTTP + HTTPS
4. issue live cert with HTTPS default
Enter option number 1-4: 1

/root/centminlogs/*wordpress_addvhost.log would have a log for wordpress part too

 

@prometheus for centmin.sh menu option 22 runs, you get an wordpress uninstall script generated at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} is your domain name. You can run that to wipe the entire domain vhost structure and files and try again if it was domain dns propagation issues. i.e. if you only updated dns a few moments before running the command, then dns might have not propagated to letsencrypt's dns resolvers. But then would be a dns message error not can't connect so might not be the case.

 

weird, in persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information

Code (Text):

ACMEDEBUG='y'

and uninstall the domain via uninstall script for wordpress and try again.

 

that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost. So what you're seeing is after letsencrypt verification failed to connect to your domain/server not before.

 

need contents of your nginx vhost files to double check

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

• Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
• Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
• Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
• Vhost public web root will be at /home/nginx/domains/newdomain.com/public
• Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

 

oh this time used used testcert = wplived so selected https default with live cert

that creates a 302 redirect for http to https and seems before letsencrypt ssl cert is available, letsencrypt verification server is following the 302 redirect to https and self-signed ssl certificate which could be failing

going to ask on letsencrypts support forums Letsencrypt webroot verification follows http to https redirect for self-signed cert? - Issuance Tech - Let's Encrypt Community Support

might need to revise the https default routines so i do the 302 https default redirect after letsencrypt verification

 

@prometheus what exact version of centos 6 you using ?

Code (Text):

 cat /etc/redhat-release

could be due to your CA-bundle being out of date as in your log there's curl 60 error which is from libcurl - Error Codes

have you checked if your centos 6 server has any yum updates like for ca-certificates yum package ?

might need to add a check in my acmetool.sh for system ca-certificates updates available

 

still need some answers to @prometheus directed questions, but i've made a few updates to acmetool.sh 1.0.1 release Beta Branch - acmetool.sh 1.0.1 fix for wordpress HTTPS default | Centmin Mod Community as well as in/wpsetup.inc routine in 123.09beta01 branch too.

FYI, my test server i use for acmetool.sh is also behind cloudflare but only for DNS only not caching.

 

1st post of thread regarding LETSENCRYPT_DETECT='y' set in persistent config requirement