Closed shimikano closed 1 year ago
It shouldn't be requesting an ecc certificate by default.
Try updating the acme.sh script
curl -o /config/.acme.sh/acme.sh https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
Remove the /config/.acme.sh/domain.com and /config/.acme.sh/domain.com_ecc and try again.
This might fix it, I'll look at updating the script as ecc certs were just recently added to acme.sh client.
From: shimikano @.>
Sent: Sunday, February 5, 2023 11:25 AM
To: j-c-m/ubnt-letsencrypt @.>
Cc: Subscribed @.***>
Subject: [j-c-m/ubnt-letsencrypt] _ecc
suffix in the certificate leads to failure of reload command (Issue #47)
Hi and thank you for this script!
Plainly following the instructions, I ran into No such file or directory errors in context of the reload cmd, since the certificate files ended up being stored at /config/.acme.sh/subdomain.example.com_ecc (note the _ecc suffix) instead of the expected /config/.acme.sh/subdomain.example.com.
Here's the complete output:
$ sudo /config/scripts/renew.acme.sh -d subdomain.example.com [...] [Sun Feb 5 18:53:19 CET 2023] Your cert is in: /config/.acme.sh/subdomain.example.com_ecc/subdomain.example.com.cer [Sun Feb 5 18:53:19 CET 2023] Your cert key is in: /config/.acme.sh/subdomain.example.com_ecc/subdomain.example.com.key [Sun Feb 5 18:53:19 CET 2023] The intermediate CA cert is in: /config/.acme.sh/subdomain.example.com_ecc/ca.cer [Sun Feb 5 18:53:19 CET 2023] And the full chain certs is there: /config/.acme.sh/subdomain.example.com_ecc/fullchain.cer [Sun Feb 5 18:53:20 CET 2023] Run reload cmd: cat /config/.acme.sh/subdomain.example.com/subdomain.example.com.cer /config/.acme.sh/subdomain.example.com/subdomain.example.com.key > /config/ssl/server.pem; cp /config/.acme.sh/subdomain.example.com/ca.cer /config/ssl/ca.pem cat: can't open '/config/.acme.sh/subdomain.example.com/subdomain.example.com.cer': No such file or directory cat: can't open '/config/.acme.sh/subdomain.example.com/subdomain.example.com.key': No such file or directory cp: can't stat '/config/.acme.sh/subdomain.example.com/ca.cer': No such file or directory [Sun Feb 5 18:53:20 CET 2023] Reload error for : [Sun Feb 5 18:53:20 CET 2023] Stopping temporary ACME challenge service. [Sun Feb 5 18:53:21 CET 2023] Starting GUI service.
I temporarily worked around this by symlinking subdomain.example.com to subdomain.example.com_ecc, but of course, this is not a stable solution.
What would you propose to do?
Thank you.
— Reply to this email directly, view it on GitHubhttps://github.com/j-c-m/ubnt-letsencrypt/issues/47, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABLFTF4NNMC75MAZO6KVJF3WV7WDLANCNFSM6AAAAAAUR5ETNQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>
It looks like it is default now to ec-256 (ecc) for new certs. I will need to update the script.
For now I have forced RSA-2048 keys, re-run the install to fetch the newest script.
I can confirm that commit 9689bb6 (using variables in the reload command) solves the issue.
Thank you.
Hi and thank you for this script!
Plainly following the instructions, I ran into
No such file or directory
errors in context of the reload cmd, since the certificate files ended up being stored at/config/.acme.sh/subdomain.example.com_ecc
(note the_ecc
suffix) instead of the expected/config/.acme.sh/subdomain.example.com
.Here's the complete output:
I temporarily worked around this by symlinking
subdomain.example.com
tosubdomain.example.com_ecc
, but of course, this is not a stable solution.What would you propose to do?
Thank you.