search

alexalouit / ISPConfig-letsencrypt

Let's Encrypt support for ISPConfig
68 stars 23 forks source link

Some domains work, some worked and stopped working with LE https certs #29

Closed zenny closed 8 years ago

zenny commented 8 years ago

Hi,

In my case some domains worked fine, but some domains which were working alright till yesterday have failed to work with LE certs.

I tried as explained in the troubleshooting in README.md file, but no go.

It gives errors like:

# cat /var/log/letsencrypt/letsencrypt.log

"Failed authorization procedure. www-domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.domain.com/.well-known/acme-challenge/<String>
# cat /var/log/ispconfig/cron.log

chattr: Inappropriate ioctl for device while reading flags on /var/www/clients/client2/web9

Removed certs for the affected domains, re-generated certs, unchecked SSL & Let's Encrypt options, saved, rechecked both again and saved. But no go.

Thanks!

zenny commented 8 years ago

Update: Strange things are happening as happened never before. The LE certs for the different domain name is loaded. See http://picpaste.com/hOcLup9S.png

zenny commented 8 years ago

Like stated earlier, a mismatched domain certificate gets issued for more than one vhosts with nginx.

After failing to create from the ISPconfig domain with mismatched certificates, I tried to to get the certs directly with from command line as stated at https://github.com/alexalouit/ISPConfig-letsencrypt#troubleshooting, yet no go:

 # ./letsencrypt-auto certonly --webroot -w /var/www/clients/client2/web9/web -d nykultur.com -d www.nykultur.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.nykultur.com
   Type:   urn:acme:error:unauthorized
   Detail: Invalid response from http://www.nykultur.com/.well-known
   /acme-challenge/K5uXT0XFJoWY26UHYA8_5mL8qKbmmbTqUNtdmSmAEcI
   [81.216.202.218]: 404

   Domain: nykultur.com
   Type:   urn:acme:error:unauthorized
   Detail: Invalid response from http://nykultur.com/.well-known/acme-
   challenge/wMInTLU4uDPWzNLD2T4KPepCjB_YRsfyZRBSrb76RXo
   [81.216.202.218]: 404

Even the relevant files and directores in /etc/letsencrypt/{archive | live | renewal} are not created. Tried in standalone mode also by stopping the nginx server, no go.

Any help appreciated.

alexalouit commented 8 years ago

Let's Encrypt is up to date? I see you use nginx, check if a rule prevents Let's Encrypt to access the file under .well-known. Can you post the nginx vhost configuration file? For different domain mapping, that's weird. Have you subdomain, or alias domain?

zenny commented 8 years ago

§1 Let's encrypt is up-to-date.

§2 Added:

location ~ /.well-known {
      allow all;
}

in the nginx directive too. But didn't work, so removed.

§3 Finally checked with the vhosts configurations (thanks for the pointer) and it was not generated (SSL parts even if teh SSL and LetsEncrypt were checked in ISPConfig). So manually added the SSL lines in the vhosts files and it worked.

And also seen the vhosts for arspopuli has random domains for server_name. Strange!

Now it is solved it seems!