hippi777
commented
7 years ago i have some progress, but https still not working...
so i've disabled the cron and changed from https://acme-v01.api.letsencrypt.org to https://acme-staging.api.letsencrypt.org and started to experimenting around...
i've found that the "Fetching http://mydomain.com/.well-known/acme-challenge/ofSNtbf_rnButySaGFu0Rls40W6D9WfGiomd0W-h_h8: Timeout" message was my fault, because i had an ipv6 assigned to my domain that was invalid (from previous usage), and acme wanted to fetch from that ip. so i've deleted it, and then i got back to the point where i was before when i got a dev server previously with a domain name... this is the same issue as this: https://petersproblems.wordpress.com/2017/07/27/vestacp-letsencrypt-error-invalid-response-from-httpmydomain-com-well-knownacme-challenge/ and i've found that what acme gives back is an error page for response from well-known... so i overcame it with that previously mentioned false && in v-check-letsencrypt-domain like this:
# Adding location wrapper for request challenge
if false && [ "$WEB_SYSTEM" = 'nginx' ] || false && [ "$PROXY_SYSTEM" = 'nginx' ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$thumb'";' >> $conf
echo '}' >> $conf
fi
else
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
echo "$token.$thumb" > $acme/$token
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
fi
# Restarting web server
if false && [ -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-web
check_result $? "Proxy restart failed" >/dev/null
else
$BIN/v-restart-proxy
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fithis means that it could be deleted without any problem (nothing else would be affected, as i observed the codes) or fixed, but i think even restarting the server didnt help any for that nginx hack on the go...
as you can see, i have an other fix above, this line:
echo "$token.$thumb" > $acme/$token
insetead of:
echo "$token" > $acme/$token.$thumb
just as well applied this:
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
instead of:
exponent=$(openssl pkey -inform perm -in "$key" -noout -text_pub |\
in v-add-letsencrypt-user
i hope i didn't change anything else
so i obtained the cert finally, i deleted it (i had problems for the 1st time with deleting, but i've tracked it down and deleted stuffs manually) switched back from staging (test) ecma api, now turn in/out letsencrypt works without error, and i can see the issued cert, key and pem files as well, but https still not working...
twoup
hostz-frank
Operating System (OS/VERSION):
debian 8
VestaCP Version:
latest
Installed Software (what you got with the installer):
default
Steps to Reproduce:
nginx allowed (but not on the virtual host) + issue letsencrypt cert
Related Issues/Forum Threads:
a lot
Other Notes:
so i have problems with issuing a cert, therefore i started to track down the issue. in v-check-letsencrypt-domain at line 90 if nginx is enabled then theres an unnecessary hack to give a standard response for anything in acme-challenge dir, i can see the files have been created up to this point, but when i wanna access acme-challenge directory, then i get a 403 forbidden response.
i've tried to switch to the else branch of the two if's related to nginx by writing false &&, but i've got nothing valuable result, and finally i got this error: https://community.letsencrypt.org/t/unexpected-error-429/15713/4 the link says it should be the limit of 300 pending requests/week, right because this cron: sudo /usr/local/vesta/bin/v-update-sys-queue letsencrypt so maybe next time i can get more info, but the point above seems like the point of gettingevery time an error like: Error: Fetching http://mydomain.com/.well-known/acme-challenge/ofSNtbf_rnButySaGFu0Rls40W6D9WfGiomd0W-h_h8: Timeout
i hope i could spot on anything valuable, and thx for any help! :)