Discover Centmin Mod today
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    no just re-run centmin.sh so it detects the new persistent config variable. Provided you updated 123.09beta01 to latest code via centmin.sh menu option 23 submenu option 2
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @Jake and reminder as per 1st post notes, test on test server first !
     
  3. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    9:38 PM
    NA
    Maria DB 5.5
  4. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x

    Troubleshooting Issues



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    the full log posted to pastebin.com or gist.github.com would help.

    which command or menu option did you run for testing ?

    Also post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Is this option included or not yet?

    as i didn't get any questions like:

    Code:
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  7. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    I just read them but i will again :)

    First try and error :(

    Code:
    [sslvhostsetup] create /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
    
    backup & remove /usr/local/nginx/conf/conf.d/centmintest.com.conf
    create /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
    Reloading nginx configuration (via systemctl):  Job for nginx.service failed because the control process exited with                                                                                                                         error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
    backup & remove /usr/local/nginx/conf/conf.d/centmintest.com.conf
    
    [sslvhostsetup] create /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
    
    backup & remove /usr/local/nginx/conf/conf.d/centmintest.com.conf
    create /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
    Reloading nginx configuration (via systemctl):  Job for nginx.service failed because the control process exited with                                                                                                                         error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
    grep 'root' /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
      root /home/nginx/domains/centmintest.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for centmintest.com
    -----------------------------------------------------------
    testcert value = lived
    /root/.acme.sh/acme.sh --issue -d centmintest.com -d www.centmintest.com -w /home/nginx/domains/centmintest.com/publi                                                                                                                        c -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Thu Sep 22 18:17:20 UTC 2016] Creating account key
    [Thu Sep 22 18:17:21 UTC 2016] Registering account
    [Thu Sep 22 18:17:23 UTC 2016] Registered
    [Thu Sep 22 18:17:23 UTC 2016] Creating domain key
    [Thu Sep 22 18:17:24 UTC 2016] Multi domain='DNS:www.centmintest.com'
    [Thu Sep 22 18:17:24 UTC 2016] Verify each domain
    [Thu Sep 22 18:17:24 UTC 2016] Getting webroot for domain='centmintest.com'
    [Thu Sep 22 18:17:24 UTC 2016] Getting new-authz for domain='centmintest.com'
    [Thu Sep 22 18:17:26 UTC 2016] Getting webroot for domain='www.centmintest.com'
    [Thu Sep 22 18:17:26 UTC 2016] Getting new-authz for domain='www.centmintest.com'
    [Thu Sep 22 18:17:29 UTC 2016] Verifying:centmintest.com
    [Thu Sep 22 18:17:36 UTC 2016] Success
    [Thu Sep 22 18:17:36 UTC 2016] Verifying:www.centmintest.com
    [Thu Sep 22 18:17:44 UTC 2016] Success
    [Thu Sep 22 18:17:44 UTC 2016] Verify finished, start to sign.
    [Thu Sep 22 18:17:47 UTC 2016] Cert success.
    -----BEGIN CERTIFICATE-----
    MIIFFzCCA/+gAwIBAgISA3kNx8xr57sI+d1xxDZD6EAnMA0GCSqGSIb3DQEBCwUA
    MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
    ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA5MjIxNzE4MDBaFw0x
    NjEyMjExNzE4MDBaMBoxGDAWBgNVBAMTD2NlbnRtaW50ZXN0LmNvbTCCASIwDQYJ
    KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMN9sYDCoX6m6AscQ9z1L6VWPIQqF6LW
    juY+kEYuIyCj8xnhankORJU5SHK0ckhiVFw2gwwYWNF+YCfWu6T/2xsYtMOqCljy
    GI/g2NigcA7tymTzTgaiGGE3A/lHdfw/nHBzZBDyiwgX+2Vfqvl+0YP7ND6RRH4w
    BfByL5xrjOFLx3oYF+J/XmXgnW72VTJyWI+XITgSNfF9n/DhhYU7DzMlr8XcG69S
    h+16gJWyP979S8OCOC3iLhsMBLI52FMz7WKdP1RosiM6ZuG2ibQaQlI/WB7X4Ru2
    KbWkju6utriuhFFzav72YbRSOCB2jW+l3KLfVs+EemgDP27eLaXwLJ0CAwEAAaOC
    AiUwggIhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
    BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUeczJYVft8wjQcXijdBEc2nkR
    bIUwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEE
    ZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu
    b3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
    Lm9yZy8wLwYDVR0RBCgwJoIPY2VudG1pbnRlc3QuY29tghN3d3cuY2VudG1pbnRl
    c3QuY29tMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB
    1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsG
    AQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQg
    dXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3
    aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRz
    ZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAIsVGK3X
    BrKrvmIrlAWfUIGsFDz9vbKw4k1b6FQ9ubF4a9AmGND16bEWnmiZOgxrK0YOUQu8
    J5cGWPq62zuutQV7aViNEzTARFKRvxcDYafUVBI59gJeElCXIX5/etLpFKlqiIF4
    iX/gUZM6Xv18TfdRR94Iwi8eIX3JkF1prQuLj/FxdQGvAdXvc0q37l8w5P0obzQx
    3sfl33nR8eLcTtq/fM1QUIMReNjEv00JQYWurwghWb6bfd9TTf4SubLG0dJLUKfh
    M4BCrsWu45MDz3OUoQlVMleUxiC3jy2CNtiJavbOJH3rIgDApjv6OnmqCb3DBzNu
    aFrxe7h682dfK2M=
    -----END CERTIFICATE-----
    [Thu Sep 22 18:17:47 UTC 2016] Your cert is in  /root/.acme.sh/centmintest.com/centmintest.com.cer
    [Thu Sep 22 18:17:47 UTC 2016] Your cert key is in  /root/.acme.sh/centmintest.com/centmintest.com.key
    [Thu Sep 22 18:17:47 UTC 2016] The intermediate CA cert is in  /root/.acme.sh/centmintest.com/ca.cer
    [Thu Sep 22 18:17:47 UTC 2016] And the full chain certs is there:  /root/.acme.sh/centmintest.com/fullchain.cer
    
    switch to HTTPS default after verification
    
    
    setting HTTPS default in /usr/local/nginx/conf/conf.d/centmintest.com.ssl.conf
    
    LECHECK = 0
    tee: /usr/local/nginx/conf/ssl/centmintest.com/acme-vhost-config.txt: No such file or directory
      ssl_certificate      /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.key;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer;
    
    -----------------------------------------------------------
    install cert
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --installcert -d centmintest.com -d www.centmintest.com --certpath /usr/local/nginx/conf/ssl/c                                                                                                                        entmintest.com/centmintest.com-acme.cer --keypath /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.key                                                                                                                         --capath /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchai                                                                                                                        npath /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-fullchain-acme.key
    [Thu Sep 22 18:17:47 UTC 2016] Installing cert to:/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer
    /root/.acme.sh/acme.sh: line 2567: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer: No such file o                                                                                                                        r directory
    [Thu Sep 22 18:17:47 UTC 2016] Installing CA to:/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer
    /root/.acme.sh/acme.sh: line 2574: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer: No such file o                                                                                                                        r directory
    /root/.acme.sh/acme.sh: line 2575: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer: No such file o                                                                                                                        r directory
    [Thu Sep 22 18:17:47 UTC 2016] Installing key to:/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.key
    /root/.acme.sh/acme.sh: line 2591: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.key: No such file o                                                                                                                        r directory
    [Thu Sep 22 18:17:47 UTC 2016] Installing full chain to:/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-ful                                                                                                                        lchain-acme.key
    /root/.acme.sh/acme.sh: line 2600: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-fullchain-acme.key: No s                                                                                                                        uch file or directory
    [Thu Sep 22 18:17:47 UTC 2016] Run Le_ReloadCmd: /usr/bin/ngxreload
    Reloading nginx configuration (via systemctl):  Job for nginx.service failed because the control process exited with                                                                                                                         error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
    [Thu Sep 22 18:17:48 UTC 2016] Reload error for :centmintest.com
    
    letsencrypt ssl certificate setup completed
    ssl certs located at: /usr/local/nginx/conf/ssl/centmintest.com
    
    openssl x509 -noout -text < /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer
    ./acmetool.sh: line 1298: /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer: No such file or directo                                                                                                                        ry
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    letsencrypt ssl cert issued fine
    but nginx has config error causing it to fail to restart

    output for
    Code (Text):
    nginx -t
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Code:
    [root@server addons]# nginx -t
    nginx: [emerg] BIO_new_file("/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer', 'r') error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

    I just install a vps with Centos 7 just to test this and the domain is real :)
     
  10. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    could be bug in acme.sh client that acmetool.sh uses as it failed to install
    /root/.acme.sh/centmintest.com/centmintest.com.cer to /usr/local/nginx/conf/ssl/centmintest.com/centmintest.com-acme.cer for some reason
    output for these 2 commands
    Code (Text):
    ls -lahrt /root/.acme.sh/centmintest.com/
    ls -lahrt /usr/local/nginx/conf/ssl/centmintest.com/
    
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Code:
    [root@server addons]# ls -lahrt /root/.acme.sh/centmintest.com/
    total 36K
    -rw-r--r-- 1 root root 1.7K Sep 22 18:17 centmintest.com.key
    -rw-r--r-- 1 root root  214 Sep 22 18:17 centmintest.com.csr.conf
    -rw-r--r-- 1 root root  985 Sep 22 18:17 centmintest.com.csr
    -rw-r--r-- 1 root root 1.8K Sep 22 18:17 centmintest.com.cer
    drwxr-xr-x 2 root root 4.0K Sep 22 18:17 .
    -rw-r--r-- 1 root root 1.7K Sep 22 18:17 ca.cer
    -rw-r--r-- 1 root root 3.4K Sep 22 18:17 fullchain.cer
    drwx------ 4 root root 4.0K Sep 22 18:17 ..
    -rw-r--r-- 1 root root  900 Sep 22 18:17 centmintest.com.conf
    
    
    [root@server addons]# ls -lahrt /usr/local/nginx/conf/ssl/centmintest.com/
    ls: cannot access /usr/local/nginx/conf/ssl/centmintest.com/: No such file or directory
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    looks like failed to create that directory !
     
  13. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Myabe that's because when i add the vhost i answer to not create self signed certificate so it didn't create the /usr/local/nginx/conf/ssl/centmintest.com/ folder?
     
  14. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    the next question for letsencrypt overrides self-signed and sets to yes

    Troubleshooting Issues



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    the full log posted to pastebin.com or gist.github.com would help.
     
  15. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    What question?

    I just did:

    Code:
    ./acmetool.sh acmeinstall
    ./acmetool.sh issue centmintest.com lived
     
  16. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    question was for centmin.sh menu option 2, 22 - that's why getting the runs full log posted to pastebin.com or gist.github.com would help me know which commands you ran.
     
  17. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok so can i update now centminmod and run installation again to check with your new fix in place?

    Here is the previous error log :

    Code:
    http://pastebin.com/VZQv5QE4
     
  18. eva2000

    eva2000 Administrator Staff Member

    44,453
    10,154
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,712
    Local Time:
    9:38 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    see 1st post in thread on how to use the rm -rf commends at end of the run (in your logs) to delete the nginx vhost to try again

    you should of have an accompany separate log for centminmod_${DT}_nginx_addvhost_nv.log need that too.
     
  19. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Don't think that i have that file :(

    [​IMG]

    Ok i will remove and install it again :)
     
  20. pamamolf

    pamamolf Premium Member Premium Member

    3,808
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    2:38 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    This is from the vhost creation file:

    centminmod_1.2.3-eva2000.09.001_220916-162723_nginx_addvhost.log

    Code:
    http://pastebin.com/0xLFhXMV