Open matthijskooijman opened 5 years ago
si-dge
commented
5 years ago I have the same problem. Tried "$rdomain fix" and reinstall panel, but it did not work
{ "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 }
luckydevilru
commented
5 years ago I have the same problem.
Beaudinn
commented
5 years ago Me to
luckydevilru
commented
5 years ago лог при получении сертификата сторонним скриптом. letsencrypt.log
si-dge
commented
5 years ago I advise to check your domain DNS access. This solved my problem
luckydevilru
commented
5 years ago i have a default template settings
/usr/local/vesta/data/templates/dns
ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'
luckydevilru
commented
5 years ago I advise to check your domain DNS access. This solved my problem
The website is access if go to http
matthijskooijman
commented
5 years ago I filed this issue to track better error reporting in Vesta. IMHO this is not the right place to get help with an individual setup and figuring why your letsencrypt challenge is failing (but I'm not the maintainer of this repo, so I do not have the final word, of course).
si-dge
commented
5 years ago I advise to check your domain DNS access. This solved my problem
The website is access if go to http
I mean that you need to check Vesta possibility adding valid DNS record. If you install SSL for wildcard domain from Vesta, it try create TXT record for LetsEncrypt confirmation this domain.
For example, add some TXT record in panel:8083/add/dns/ and check that by
dig TXT yourdomain.ru
after some time.
Answer will be similar:
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> TXT yourdomain.ru ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18336 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;yourdomain.ru. IN TXT
;; ANSWER SECTION: yourdomain.ru. 599 IN TXT "v=spf1 redirect=qwa.com ip4:xxx.xxx.xxx.xxx ~all" yourdomain.ru. 599 IN TXT "your text here"
;; Query time: 46 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue May 28 14:07:18 +04 2019 ;; MSG SIZE rcvd: 102
luckydevilru
commented
5 years ago Its works fine.
luckydevilru
commented
5 years ago i solved it. the problem was in old
/usr/local/vesta/data/templates/web/nginx/CUSTOM.stpl
/usr/local/vesta/data/templates/web/nginx/CUSTOM.tpl
need to change this : listen 11.22.33.44:443; ssl on; to : listen 11.22.33.44:443 ssl; listen 443 ssl;
FUCKING PIECE OF SHIT - 3 DAYS IN BULL ASSHOLE
Operating System (OS/VERSION):
Debian stretch
VestaCP Version:
0.9.8-24 from Debian (with 25706abfb30e5b01d6fb604a78df5d2d4da8a7b4 manually backported).
Steps to Reproduce:
Enable letsencrypt for a domain and make verification fail (e.g. by having a .htaccess that hijacks
.well-knownrequests).Letsencrypt will fail, but only with a very generic error message:
It would be more useful if the actual error from letsencrypt was shown.
I dug around a bit, and found that (in this particular case) this request is done twice. First it returns a pending status, then it returns "400 Invalid Request" and "Unable to update challenge :: authorization must be pending"
This error message is not quite useful yet (and confused me before), but perhaps this is just the way for letsencrypt to let you know something has failed. It seems you can do a GET request to the challenge URL to get the actual status and any error messages. I did this by adding
curl -s -i "$url"just before this line (to be ran when an error is returned by letsencrypt). This is rough, but at least allowed me to see the actual error and fix things.It would be good if something like this was added (but of course not showing raw curl output, but properly parsing the result). I won't be able to work on this myself, but wanted to share my findings for others to use.
Below, I'll add the relevant curl output from my particular case.
The first time this request is made, it returns:
The second time, it returns:
Finally, the GET request I added returns:
Here, the "detail" element seems relevant to show to the user, but possibly it is better to (also) show the entire response.