Welcome to Centmin Mod Community
Register Now

Install Letsencrypt SSL not working on fresh wordpress install

Discussion in 'Install & Upgrades or Pre-Install Questions' started by rc112, Sep 23, 2017.

  1. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.9.5
    • PHP Version Installed: 7.0.21
    • MariaDB MySQL Version Installed: 10.1.26
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config:
      PHP:
      LETSENCRYPT_DETECT='y'
    Hi I use 22). Add Wordpress Nginx vhost + WP Super Cache and check ssl is issued but I got warning below on Chrome while accessing the site. I spend half a day trying to find the solution on forum but no luck. Anyone knows what is missing? Thanks.

    Code:
    NET::ERR_CERT_AUTHORITY_INVALID
    Subject: demo2.wooshop.com.tw
    Issuer: demo2.wooshop.com.tw
    Expires on: Aug 29, 2117
    Current date: Sep 23, 2017
    PEM encoded chain:
    -----BEGIN CERTIFICATE-----
    MIIDqjCCApICCQCMRyV4kxQgtjANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMC
    VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xvcyBBbmdlbGVzMR0w
    GwYDVQQKDBRkZW1vMi53b29zaG9wLmNvbS50dzEdMBsGA1UECwwUZGVtbzIud29v
    c2hvcC5jb20udHcxHTAbBgNVBAMMFGRlbW8yLndvb3Nob3AuY29tLnR3MCAXDTE3
    MDkyMjE1MjcwN1oYDzIxMTcwODI5MTUyNzA3WjCBlTELMAkGA1UEBhMCVVMxEzAR
    BgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xvcyBBbmdlbGVzMR0wGwYDVQQK
    DBRkZW1vMi53b29zaG9wLmNvbS50dzEdMBsGA1UECwwUZGVtbzIud29vc2hvcC5j
    b20udHcxHTAbBgNVBAMMFGRlbW8yLndvb3Nob3AuY29tLnR3MIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBaLEL3gg0p9R4aogwy63ck/5dFCa8idT/DW
    rk3HzC27r+8evkU75OVq5UhpHk3E4KuqMZg0CmuMkn1MKeQzrPzccDObsmtsOns0
    7oTdL7BL3/4mPtAtHlOZ+dtl30BdjbxeEu4j3/BCGHPD97DxMxeAy7oq8/0Vr9RJ
    QXKxToG0V8TvVL7IxJK3cnjxT8EMy4C3xswPsGJbMKpPqkOig2TKZhx3Rk3S6zB4
    nNfGiohjfwgy8oCUNhAhNNlpqR5lzQvNitF5Xc8teOxPXSRaHlTF1YhVBDCuAWT0
    AXdL3T/cKmBK3DorPOiVZ/N+rClSUffBtFlO+N1I7UPLQ3v7xwIDAQABMA0GCSqG
    SIb3DQEBCwUAA4IBAQCaOhPeCjPwMXJUh0uL50SOHsCxa5EHRPeLVbkYUd8v2FXk
    trUucmzCfjqGua14Q/v/vHPlbLKEwUb6tDwxAytCCRJJgf5AH9oU8RKofgCl4F1G
    eDg9UcFwJP2hr1cpfDJ4SRCwQaYEGcs7bcUj1EJ13p/8y4twa+z2kbZPUawwWBmB
    oUK1bGoyMFJMMMIZECoSCa/maSQonIpTP6K9QHpPNFfpr4PyLq5Tkp6M4xFiDmqc
    kYuwjZ+ANeuz97glTXxhWr7jn+YX3d+4cXlfhFSf6d4gYy6aOkPwXRtcw5LU+mMF
    6ByOBlb4TxJH0mseHcYhEbCCxJHWgvooIL5i8/e2
    -----END CERTIFICATE-----
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,577
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:01 PM
    Nginx 1.13.x
    MariaDB 5.5
    dev ssllabs ssl test is report working Letsencrypt SSL certificate https://dev.ssllabs.com/ssltest/analyze.html?d=demo2.wooshop.com.tw&hideResults=on&latest

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"
    

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    


    Without the answers to above questions and logs, there is nothing to help troubleshoot.
     
  3. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Hi @eva2000 Thanks again for your prompt reply. I ran 22) straight way after installing centminmod. The idee is I think it will build vhost and wp at the same time and it worked out as expected except SSL. Is it a right way to create a wp site?

    After trying and searching, I decided to try ACME.sh so I reissue a ssl to the same domain. Then I got
    a different error: ERR_SPDY_PROTOCOL_ERROR on chrome browser. I got prompted for SSL thing after running option 22. A bit confusing. Is ACME.sh necessary while option 2 and 22 will both prompted with SSL!

    Then I tried to install popular Wordpress SSL plugin:
    Really Simple SSL. After installing I prompt me SSL is there, do you want to start using it. I assume it detect SSL and write something in Wordpress config file. Do you think it is related to WP?

    Thanks so much for your contribution to build the awesome work. I think it is much better than EE and will definitely spread the word in Taiwan community! Thanks.
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,577
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:01 PM
    Nginx 1.13.x
    MariaDB 5.5
    SPDY error in chrome do you have AVAST or anti-virus scanner or proxy/vpn usage on your pc ? see https://community.centminmod.com/threads/spdy-error-after-trying-to-import.12851/

    https://productforums.google.com/forum/#!topic/chrome/sfAqeo4hDy8

    try using internet explorer, firefox or edge web browsers too

    not needed if centmin.sh menu options 2, 22 or nv command are used with LETSENCRYPT_DETECT='y' set in persistent config file at /etc/centminmod/custom_config.inc BEFORE running the commands

    You're weclome. You'll eventually get more tools to play with in Centmin Mod as looking to integrated Nginx Unit https://community.centminmod.com/threads/nginxs-unit.12803/
     
  5. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Hi @eva2000 none of them. I think I will try installing a new WP site. Thanks.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,577
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:01 PM
    Nginx 1.13.x
    MariaDB 5.5
    centmin.sh menu option 22 generates an uninstall script at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} is your domain to uninstall the vhost, so you can try again for same domain
     
  7. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Hi I got the error below while uninstall.
    Code:
    17:56][root@centmin tools]# /root/tools/wp_uninstall_demo2.wooshop.com.tw.sh
    -------------------------------------------------------------------------
    Do you want to uninstall/delete WP install for demo2.wooshop.com.tw
    This will delete all data from /home/nginx/domains/demo2.wooshop.com.tw
    including any non-wordpress data installed at /home/nginx/domains/demo2.wooshop.com.tw
    This script will NOT delete the database, you will have to manually remove the
    database named: wp27932721db_28767
    Please backup your MySQL database called wp27932721db_28767 before deleting
    -------------------------------------------------------------------------
    Uninstall WP Install For demo2.wooshop.com.tw [y/n]: y
    Restarting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code.
     See "systemctl status nginx.service" and "journalctl -xe" for details.
                                                               [FAILED]
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,577
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:01 PM
    Nginx 1.13.x
    MariaDB 5.5
    run nginx config test to see what error is
    Code (Text):
    nginx -t
    
     
  9. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Here is the output

    PHP:
    [19:58][root@centmin hi]# nginx -t
    nginx: [emerg"map" directive is not allowed here in /usr/local/nginx/conf/webp.conf:1
    nginx
    configuration file /usr/local/nginx/conf/nginx.conf test failed
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,577
    6,854
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,275
    Local Time:
    4:01 PM
    Nginx 1.13.x
    MariaDB 5.5
    strange that shouldn't give an error

    in nginx.conf comment out the /usr/local/nginx/conf/webp.conf include file for now
     
  11. rc112

    rc112 New Member

    22
    2
    3
    Sep 22, 2017
    Ratings:
    +2
    Local Time:
    2:01 PM
    Is this correct?

    PHP:
    #map $http_accept $webp_extension {
        
    default "";
        
    "~*webp" ".webp";
    }
    After comment out, I ran uninstall command. Still got the same output as previous one.

    I felt I dont know what is going on. I cannot even SSH?! A bit frustrated!:(
     
    Last edited: Sep 24, 2017