search

alexalouit / ISPConfig-letsencrypt

Let's Encrypt support for ISPConfig
68 stars 23 forks source link

cert signed by happy hacking ca although its public beta and i got a beta invite also #14

Closed Thumpxr closed 8 years ago

Thumpxr commented 8 years ago

I have some issues, as i think letsencrypt doesnt use the right server, although its configured in the cli.ini to their acme server.

/etc/letsencrypt/cli.ini content:

# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Always use the staging/testing server
#server = https://acme-staging.api.letsencrypt.org/directory

# Uncomment and update to register with the specified e-mail address
# email = foo@example.com

# Uncomment to use a text interface instead of ncurses
# text = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = dvsni

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html

text = True
agree-tos = True
authenticator = webroot
server https://acme-v01.api.letsencrypt.org/directory
alexalouit commented 8 years ago

Are you sure domain is whitelisted by Let's Encrypt?

Thumpxr commented 8 years ago

I am. They send me a mail on 16.11.15 and whitelisted all my domains.

Date: Wed, 9 Dec 2015 03:33:49 -0800 From: notifications@github.com To: ISPConfig-letsencrypt@noreply.github.com CC: mb.erdmann@gmail.com Subject: Re: [ISPConfig-letsencrypt] cert signed by happy hacking ca although its public beta and i got a beta invite also (#14)

Are you sure domain is whitelisted by Let's Encrypt?

— Reply to this email directly or view it on GitHub.

alexalouit commented 8 years ago

Certificate has he already been generated with the test server? If this was done, it is necessary to remove it (remove /etc/letsencrypt/accounts/DOMAIN, /etc/letsencrypt/archive/DOMAIN and /etc/letsencrypt/renewal/DOMAIN)

Otherwise, a good way to debug is to run the code by hand. Even if the final certificate is delivred, this will not affect ISPConfig, simply uncheck+save and check+save Let's Encrypt field.

debug command: /root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@DOMAIN --domains DOMAIN --webroot-path /var/www/DOMAIN/web -vvvvvvv

MZorzy commented 8 years ago

Thumpxr , u miss a = server https://acme-v01.api.letsencrypt.org/directory -> server = https://acme-v01.api.letsencrypt.org/directory

BUT now on open beta --server is deprecated

alexalouit commented 8 years ago

Oh, I missed that, thank's. fix in 90d6eb0279b1e81959cf34ef1bb72ae5ffbe2599

Thumpxr commented 8 years ago

Thanks. Solved.

Date: Wed, 9 Dec 2015 05:43:31 -0800 From: notifications@github.com To: ISPConfig-letsencrypt@noreply.github.com CC: mb.erdmann@gmail.com Subject: Re: [ISPConfig-letsencrypt] cert signed by happy hacking ca although its public beta and i got a beta invite also (#14)

Oh, I missed that, thank's. fix in 90d6eb0279b1e81959cf34ef1bb72ae5ffbe2599

— Reply to this email directly or view it on GitHub.