Wordpress Install with letsEncrypt Alma 8.7

The following test environment information is needed relevant to your EL8 server installation. Please provide the info in BBCODE CODE/CODEB tags for better formatting.

1. Hetzner CX21

cminfo versions

1st:
130.00beta01.b246 #Thu Nov 17 21:43:33 UTC 2022
..
last 10:
130.00beta01.b251 #Mon Dec 5 16:19:16 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:16:30 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:18:26 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:22:27 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:34:16 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:35:45 UTC 2022
130.00beta01.b251 #Wed Dec 7 12:47:13 UTC 2022
130.00beta01.b251 #Wed Dec 7 13:22:08 UTC 2022
130.00beta01.b251 #Wed Dec 7 13:27:57 UTC 2022
130.00beta01.b251 #Wed Dec 7 17:49:20 UTC 2022

lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
BIOS Vendor ID: QEMU
CPU family: 6
Model: 85
Model name: Intel Xeon Processor (Skylake, IBRS)
BIOS Model name: Not Specified
Stepping: 4
CPU MHz: 2099.998
BogoMIPS: 4199.99
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0,1
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs ibpb fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku ospke md_clear

free -mlt

total used free shared buff/cache available
Mem: 3635 585 1752 8 1298 2799
Low: 3635 1883 1752
High: 0 0 0
Swap: 1023 0 1023
Total: 4659 585 2776


df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 1.8G 0 1.8G 0% /dev
tmpfs tmpfs 1.8G 0 1.8G 0% /dev/shm
tmpfs tmpfs 1.8G 8.6M 1.8G 1% /run
tmpfs tmpfs 1.8G 0 1.8G 0% /sys/fs/cgroup
/dev/sda1 ext4 38G 9.2G 27G 26% /
/dev/loop0 ext4 3.9G 112K 3.7G 1% /tmp
/dev/sda14 vfat 64M 5.8M 59M 10% /boot/efi
tmpfs tmpfs 364M 0 364M 0% /run/user/0

---

All set up and installed WP on option 22

Looks like Letsencrypt failed as have no https, also not ever done a WP option 22 install the following

my domain.co.uk goes to a CMM install page
Nothing else works I https or www or wp-login

Code:

-----------------------------------------------------------

issue & install letsencrypt ssl certificate for mydomain.co.uk
-----------------------------------------------------------
testcert value = wplived
wp routine detected use reissue instead via --force
/root/.acme.sh/acme.sh --force --issue -d mydomain.co.uk -d www.mydomain.co.uk --days 60 -w /home/nginx/domains/mydomain.co.uk/public -k 2048 --useragent centminmod--acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-071222-175410.log --log-level 2 --preferred-chain  "ISRG"
[Wed Dec  7 17:54:17 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Dec  7 17:54:17 UTC 2022] Create account key ok.
[Wed Dec  7 17:54:17 UTC 2022] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Dec  7 17:54:19 UTC 2022] Registered
[Wed Dec  7 17:54:19 UTC 2022] ACCOUNT_THUMBPRINT='OR2eW1oFzjwgp-P2pS8y5zJAVKbPK0EDEvcGO6jMyHE'
[Wed Dec  7 17:54:19 UTC 2022] Creating domain key
[Wed Dec  7 17:54:19 UTC 2022] The domain key is here: /root/.acme.sh/mydomain.co.uk/mydomain.co.uk.key
[Wed Dec  7 17:54:19 UTC 2022] Multi domain='DNS:mydomain.co.uk,DNS:www.mydomain.co.uk'
[Wed Dec  7 17:54:19 UTC 2022] Getting domain auth token for each domain
[Wed Dec  7 17:54:21 UTC 2022] Getting webroot for domain='mydomain.co.uk'
[Wed Dec  7 17:54:22 UTC 2022] Getting webroot for domain='www.mydomain.co.uk'
[Wed Dec  7 17:54:22 UTC 2022] Verifying: mydomain.co.uk
[Wed Dec  7 17:54:23 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Dec  7 17:54:25 UTC 2022] mydomain.co.uk:Verify error:157.90.160.221: Fetching http://mydomain.co.uk/.well-known/acme-challenge/pNS_4lWXLc3hQ6yVDfx5etFxDNVwulIC9xcdkyHeHjQ: Connection refused
[Wed Dec  7 17:54:26 UTC 2022] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-071222-175410.log
LECHECK = 1

config file

Code:

#### Installed by Centminmod##############
CENTOS_ALPHATEST='y'
NGINX_VERSION='1.23.2'
NGINX_ONETWOTHREE_COMPAT='y'
DEVTOOLSETTEN='n'
DEVTOOLSETELEVEN='y'
SELFSIGNEDSSL_ECDSA='y'
PHPFINFO='y'

MARCH_TARGETNATIVE='n'
##########################################

#####################################################
# CSF FIREWALL
# PORTFLOOD Configuration
# https://community.centminmod.com/threads/14708/
# Setting CSFPORTFLOOD_OVERRIDE='y' allows you to
# override default CSF Firewall PORTFLOOD values set
# by Centmin Mod initial install. If end user made
# custom changes to PORTFLOOD values, the override
# will not work. Override only works if end user has
# not made custom changes to PORTFLOOD values to ensure
# end users customisations do not get overwritten
CSFPORTFLOOD_OVERRIDE='y'
# max hit count value allowed is 20
PORTFLOOD_COUNT=20
# lowering interval in seconds allows for more
# port flood hits against default TCP port 21
PORTFLOOD_INTERVAL=300
#####################################################

# enable letsencrypt ssl certificate + dual RSA+ECDSA ssl certs https://centminmod.com/acmetool/
# https://community.centminmod.com/threads/official-acmetool-sh-testing-thread-for-centmin-mod-123-09beta01.8290/
LETSENCRYPT_DETECT='y'
DUALCERTS='y'

# Add custom curl to update curl to 8.x latest
# https://community.centminmod.com/threads/update-addons-customcurl-sh-custom_curlrpm-y-routine-in-123-09beta01.17503/
CUSTOM_CURLRPM=y

# Force SSL to only using TLSv1.2 or TLSv1.2 + TLSv1.3 (when using OpenSSL 1.1.1 or BoringsSSL)
#https://community.centminmod.com/threads/add-ssl_protocol_modern-variable-in-123-09beta01.19715/#post-83781
SSL_PROTOCOL_MODERN='y'

# Enable Rclone and Dropbox to enable sharing Logs
#https://community.centminmod.com/threads/centmin-mod-nginx-1-21-5-pcre2-beta-testing.22326/#post-91386
#RCLONE_ENABLE='y'
#DROPBOX_SEND='y'

#replace older PCRE2 8.x library with 10.x library
#https://community.centminmod.com/threads/centmin-mod-nginx-1-21-5-pcre2-beta-testing.22326/#post-91354
NGINX_PCRE_TWO='y'

# dynamically tune nginx ssl_session_cache in /usr/local/nginx/conf/ssl_include.conf based on system detected memory
# https://community.centminmod.com/posts/76615/
NGINX_SSLCACHE_ALLOWOVERRIDE='y'

# override Nginx default OCSP response cache refresh time 1h (3600 seconds) to 24hrs (86400 seconds)
# https://community.centminmod.com/threads/19515/
#NGINX_STAPLE_CACHE_OVERRIDE='y'
#NGINX_STAPLE_CACHE_TTL='86400'

# SET_DEFAULT_MYSQLCHARSET='utf8mb4' to override MariaDB MySQL
# default characterset and collation from default utf8 to utf8mb4
# https://community.centminmod.com/threads/17949/
# SET_DEFAULT_MYSQLCHARSET='utf8mb4'

# enable nginx backlog override https://community.centminmod.com/threads/17620/
#AUTOHARDTUNE_NGINXBACKLOG='y'

# enable zstd compressed logrotation for nginx & php-fpm https://community.centminmod.com/threads/16374/
ZSTD_LOGROTATE_NGINX='y'
ZSTD_LOGROTATE_PHPFPM='y'

# enable ECC 256bit ECDSA self-signed SSL certificate generation https://community.centminmod.com/posts/82177/
#SELFSIGNEDSSL_ECDSA='y'

# COMMENTED OUT DEFAULT - enable nginx zero downtime on the fly nginx binary upgrades https://community.centminmod.com/threads/8000/
# NGINX_ZERODT='y'

# COMMENTED OUT - REQUIRES CENTOS KERNEL 5.1 or ABOVE - CHECK VERSION FIRST WITH uname -r
# CARE WHEN UPGRADING KERNEL - BEST NOT TO DO ON A LIVE SERVER
# SEE https://community.centminmod.com/threads/add-nginx_iouring_patch-variable-support-in-123-09beta01.18075/#post-76552
#NGINX_IOURING_PATCH='y'

# enable brotli compression https://community.centminmod.com/threads/10688/
NGXDYNAMIC_BROTLI='y'
NGINX_LIBBROTLI='y'
NGINX_BROTLIDEP_UPDATE='y'

# enable IPv6 Detection for the server https://community.centminmod.com/threads/invitation-to-test-native-nginx-ipv6-vhost-config-support-in-130-00beta01.23463/#post-95207
VPS_IPSIX_CHECK_DISABLE='n'
VPS_IPSIX_CHECK_DISABLE_DEBUG='y'

#enable MariaDB 10.4,5 & 6
ENABLE_MARIADBTENFOURUPGRADE='y'
ENABLE_MARIADBTENFIVEUPGRADE='y'
ENABLE_MARIADBTENSIXUPGRADE='y'

# boost PHP 7 performance by enabling Profile Guided Optimisation flag
# https://centminmod.com/perf/
# will dramatically increase PHP-FPM compile/install times but result in
# 5-20% faster PHP 7+ performance. PHP_PGO='y' only works with servers with
# 2+ or more cpu threads. However, you can force PHP PGO optimisations with
# 1 cpu thread servers via PHP_PGO_ALWAYS='y'
#PHP_PGO_ALWAYS='y'
#PHP_PGO='y'

# php compression extensions https://community.centminmod.com/posts/70777/
#PHP_BROTLI='y'
#PHP_LZFOUR='y'
#PHP_LZF='y'
#PHP_ZSTD='y'

# php file info
#PHPFINFO='y'

# enable centmin.sh menu option 22 WordPress Cache Enabler Query String inclusions
# https://community.centminmod.com/posts/85927/
# WPCLI_CE_QUERYSTRING_INCLUDED='y'

# Set PHP version
# PHP versions - https://www.php.net/downloads.php
# https://community.centminmod.com/threads/php-8-0-0-ga-stable-release.20739/#post-87309
#PHP_VERSION='8.1.7'

# PHP version checks
# https://community.centminmod.com/threads/add-optional-php-version-check-in-123-09beta01.19334/
DMOTD_PHPCHECK='y'

# Enable VHost Stats
# see https://community.centminmod.com/threads/add-ngxdynamic_vhoststats-option-support-for-nginx-module-vts-module.12913/#post-54842
#NGINX_VHOSTSTATS=y

#Enable Max Mind GeoIP
#see https://community.centminmod.com/threads/how-to-enable-geoip-2-lite-nginx-module-support.17165/
MM_LICENSE_KEY='licensekeyhere'
NGINX_GEOIPTWOLITE='y'
NGXDYNAMIC_GEOIPTWOLITE='y'

#Cloudflare SSL Options
#https://centminmod.com/letsencrypt-freessl.html#dns
#CF_DNSAPI_GLOBAL='y'
#CF_Token="xxxxxxxxxxx"
#CF_Account_ID="xxxxxxxxxxx"

 

Also checking the IPv6 you posted here

https://community.centminmod.com/th...fig-support-in-130-00beta01.23463/#post-95207
so could my above error be the same as here

https://community.centminmod.com/threads/set-up-new-site-with-live-le-ssl.23457/#post-95126

If so how to fix ?

 

Ok looks like the the IPv6

reading Tracy Perrys post here #12

Hetzner server needs the ipv6 set up manually according to the docs

nano /etc/sysconfig/network-scripts/ifcfg-eth0

Code:

# Created by cloud-init on instance boot automatically, do not edit.
#
BOOTPROTO=dhcp
DEFROUTE=yes
DEVICE=eth0
DNS1=2a01:4ff:ff00::add:1
DNS2=2a01:4ff:ff00::add:2
HWADDR=96:00:01:ad:03:35
IPV6ADDR=2aXX:4fX:1cXX:a4XX::1/64
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFAULTGW=fe80::1
IPV6_FORCE_ACCEPT_RA=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

So looks like as Tracy said a /64 range

But knowing naff all about IPv6 what do I set that to ?

 

Sorted IPv6 but disabled it and still no joy

However one issue I have just noticed Nginx isnt happy

Code:

nginx -t
nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_http_geoip2_module.so" failed (/usr/local/nginx/modules/ngx_http_geoip2_module.so: cannot open shared object file: No such file ordirectory) in /usr/local/nginx/conf/dynamic-modules.conf:12
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

If I comment out the GeoIP in custom config - recompile nginx - it still fails

Code:

cd /usr/local/nginx/modules/
ls -lah
total 9.1M
drwxr-xr-x.  2 root root 4.0K Dec  5 16:14 .
drwxr-xr-x. 11 root root 4.0K Dec  4 19:55 ..
-rwxr-xr-x   1 root root 107K Dec  4 19:55 ndk_http_module.so
-rwxr-xr-x   1 root root 7.4M Dec  4 19:55 ngx_http_brotli_filter_module.so
-rwxr-xr-x   1 root root  77K Dec  4 19:55 ngx_http_brotli_static_module.so
-rwxr-xr-x   1 root root 525K Dec  4 19:55 ngx_http_echo_module.so
-rwxr-xr-x   1 root root 124K Dec  4 19:55 ngx_http_fancyindex_module.so
-rwxr-xr-x   1 root root 233K Dec  4 19:55 ngx_http_headers_more_filter_module.so
-rwxr-xr-x   1 root root 128K Dec  4 19:55 ngx_http_image_filter_module.so
-rwxr-xr-x   1 root root 577K Dec  4 19:55 ngx_http_set_misc_module.so

 

Its not behind cloudflare

Done that - still not issuing a lets encrypt - however it may be something to do with Nginx not running due to the GEOip issue

See above as Nginx wont run as its got a geoip issue post 4 above

 

Have you fixed something, just did that and now all working, could swear blind I did that late last night and still had the nginx error for geoip......

Thanks

 

Yes thanks @eva2000 and @wmtech

Site all installed and running with letsencrypt - just got to reenable ipv6 now and add it to dns