[froxlor - letsencrypt installation question]

46 minutes ago, d00p said:

You sure the domain points to the server? Also check ipv6/AAAA records. 

yes, it is vps server

one ipv4 and few websites on same ip and server

[froxlor - letsencrypt installation question]

On 12/18/2019 at 10:42 AM, d00p said:

Create a file test in /var/www/froxlor/.well-known/acme-challenge, wirte e.g. "hello" into that file. Now try to access http://kaptan.xyz/.well-known/acme-challenge/test - if it says "hello" in the browser you should be good to go, if not, check your /etc/apache2/conf-enabled/acme.conf file

I created a file;  test in /var/www/froxlor/.well-known/acme-challenge

/etc/apache2/conf-enabled/acme.conf

Alias "/.well-known/acme-challenge" "/var/www/froxlor/.well-known/acme-challenge"
<Directory "/var/www/froxlor/.well-known/acme-challenge">
Require all granted
</Directory>

When i tried to access http://kaptan.xyz/.well-known/acme-challenge/test i got 404 error. Restarted apache but still the same issue exists..

[froxlor - letsencrypt installation question]

On 12/13/2019 at 7:03 PM, d00p said:

It says it's getting a 404, so be sure the domain is setup correctly regarding DNS and that you've configured the required acme alias for your Webserver from the configuration templates.

I can access webpage via domain kaptan.xyz but still i cannot install ssl

[froxlor - letsencrypt installation question]

On 12/7/2019 at 7:01 PM, d00p said:

So I guess, you've activated Let's Encrypt for the domain but it runs into errors. Try executing the following command manually on the shell to see any issues:

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug

 

Still the same issue, execution results one message above

[froxlor - letsencrypt installation question]

[information] TasksCron: Searching for tasks to do
[information] Task4 started - Rebuilding froxlor_bind.conf
[information] Cleaning dns zone files from /etc/bind/domains/
[debug] domId    domain                                  ismainbutsubto parent d                       omain                           list of child domain ids                         
[debug] 19       kaptan.xyz                              0              -                              
[debug] 23       nurettinyildirim.com                    0              -                                                        
[information] `/etc/bind/domains/kaptan.xyz.zone` written
[debug] Generating dns config for kaptan.xyz
[information] `/etc/bind/domains/nurettinyildirim.com.zone` written
[debug] Generating dns config for nurettinyildirim.com
[information] froxlor_bind.conf written
[information] Bind daemon reloaded
[information] Task4 finished
[information] Running Let's Encrypt cronjob prior to regenerating webserver conf                       ig files
[information] Requesting/renewing Let's Encrypt certificates
[information] Creating certificate for kaptan.xyz
[information] Adding SAN entry: kaptan.xyz
[information] Adding SAN entry: www.kaptan.xyz
[information] Checking for LetsEncrypt client upgrades before renewing certifica                       tes:
[Thu Dec 12 23:30:39 +03 2019] Installing from online archive.
[Thu Dec 12 23:30:39 +03 2019] Downloading https://github.com/Neilpang/acme.sh/a                       rchive/master.tar.gz
[Thu Dec 12 23:30:40 +03 2019] Extracting master.tar.gz
[Thu Dec 12 23:30:40 +03 2019] Installing to /root/.acme.sh
[Thu Dec 12 23:30:40 +03 2019] Installed to /root/.acme.sh/acme.sh
[Thu Dec 12 23:30:40 +03 2019] Good, bash is found, so change the shebang to use                        bash as preferred.
[Thu Dec 12 23:30:41 +03 2019] OK
[Thu Dec 12 23:30:41 +03 2019] Install success!
[Thu Dec 12 23:30:41 +03 2019] Upgrade success!
[Thu Dec 12 23:30:41 +03 2019] Removing cron job
[Thu Dec 12 23:30:41 +03 2019] Lets find script dir.
[Thu Dec 12 23:30:41 +03 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Dec 12 23:30:41 +03 2019] _script='/root/.acme.sh/acme.sh'
[Thu Dec 12 23:30:41 +03 2019] _script_home='/root/.acme.sh'
[Thu Dec 12 23:30:41 +03 2019] Using config home:/root/.acme.sh
[Thu Dec 12 23:30:41 +03 2019] Using server: https://acme-v02.api.letsencrypt.or                       g/directory
[Thu Dec 12 23:30:41 +03 2019] Running cmd: issue
[Thu Dec 12 23:30:41 +03 2019] _main_domain='kaptan.xyz'
[Thu Dec 12 23:30:41 +03 2019] _alt_domains='www.kaptan.xyz'
[Thu Dec 12 23:30:41 +03 2019] Using config home:/root/.acme.sh
[Thu Dec 12 23:30:41 +03 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.                       org/directory'
[Thu Dec 12 23:30:41 +03 2019] DOMAIN_PATH='/root/.acme.sh/kaptan.xyz'
[Thu Dec 12 23:30:41 +03 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsen                       crypt.org/directory
[Thu Dec 12 23:30:41 +03 2019] _init api for server: https://acme-v02.api.letsen                       crypt.org/directory
[Thu Dec 12 23:30:41 +03 2019] GET
[Thu Dec 12 23:30:41 +03 2019] url='https://acme-v02.api.letsencrypt.org/directo                       ry'
[Thu Dec 12 23:30:41 +03 2019] timeout=
[Thu Dec 12 23:30:41 +03 2019] _CURL='curl -L --silent --dump-header /root/.acme                       .sh/http.header  -g '
[Thu Dec 12 23:30:41 +03 2019] ret='0'
[Thu Dec 12 23:30:42 +03 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt                       .org/acme/key-change'
[Thu Dec 12 23:30:42 +03 2019] ACME_NEW_AUTHZ
[Thu Dec 12 23:30:42 +03 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.                       org/acme/new-order'
[Thu Dec 12 23:30:42 +03 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencryp                       t.org/acme/new-acct'
[Thu Dec 12 23:30:42 +03 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencryp                       t.org/acme/revoke-cert'
[Thu Dec 12 23:30:42 +03 2019] ACME_AGREEMENT='https://letsencrypt.org/documents                       /LE-SA-v1.2-November-15-2017.pdf'
[Thu Dec 12 23:30:42 +03 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.                       org/acme/new-nonce'
[Thu Dec 12 23:30:42 +03 2019] ACME_VERSION='2'
[Thu Dec 12 23:30:42 +03 2019] Le_NextRenewTime
[Thu Dec 12 23:30:42 +03 2019] _on_before_issue
[Thu Dec 12 23:30:42 +03 2019] _chk_main_domain='kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] _chk_alt_domains='www.kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] Le_LocalAddress
[Thu Dec 12 23:30:42 +03 2019] d='kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] Check for domain='kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] _currentRoot='/root/.acme.sh/'
[Thu Dec 12 23:30:42 +03 2019] d='www.kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] Check for domain='www.kaptan.xyz'
[Thu Dec 12 23:30:42 +03 2019] _currentRoot='/root/.acme.sh/'
[Thu Dec 12 23:30:42 +03 2019] d
[Thu Dec 12 23:30:42 +03 2019] _saved_account_key_hash is not changed, skip regi                       ster account.
[Thu Dec 12 23:30:42 +03 2019] Read key length:4096
[Thu Dec 12 23:30:42 +03 2019] Using config home:/root/.acme.sh
[Thu Dec 12 23:30:42 +03 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.                       org/directory'
[Thu Dec 12 23:30:42 +03 2019] Use length 4096
[Thu Dec 12 23:30:42 +03 2019] Using RSA: 4096
[Thu Dec 12 23:30:43 +03 2019] _createcsr
[Thu Dec 12 23:30:43 +03 2019] d='www.kaptan.xyz'
[Thu Dec 12 23:30:43 +03 2019] d
[Thu Dec 12 23:30:43 +03 2019] url='https://acme-v02.api.letsencrypt.org/acme/ne                       w-order'
[Thu Dec 12 23:30:43 +03 2019] payload='{"identifiers": [{"type":"dns","value":"                       kaptan.xyz"},{"type":"dns","value":"www.kaptan.xyz"}]}'

Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d  10 Sep 2019
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARE                       NT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,S                       CTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNI                       X
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP                       6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4                       ,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCT                       P
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP                       6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SC                       TP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SC                       TP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET                       ,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=F                       D,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,                       CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET                       ,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=F                       D,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4                       ,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4                       ,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,S                       CTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,S                       CTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,S                       CTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,S                       CTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARE                       NT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TC                       P
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TC                       P
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
[debug] https://github.com/Neilpang/acme.sh
v2.8.4
[Thu Dec 12 23:30:42 +03 2019] Creating domain key
[Thu Dec 12 23:30:43 +03 2019] The domain key is here: /root/.acme.sh/kaptan.xyz                       /kaptan.xyz.key
[Thu Dec 12 23:30:43 +03 2019] Multi domain='DNS:kaptan.xyz,DNS:www.kaptan.xyz'
[Thu Dec 12 23:30:43 +03 2019] Getting domain auth token for each domain
[Thu Dec 12 23:30:46 +03 2019] Getting webroot for domain='kaptan.xyz'
[Thu Dec 12 23:30:46 +03 2019] Getting webroot for domain='www.kaptan.xyz'
[Thu Dec 12 23:30:46 +03 2019] Verifying: kaptan.xyz
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at kaptan.xyz Port 80</address>
</body></html>
[error] Could not get Let's Encrypt certificate for kaptan.xyz:
https://github.com/Neilpang/acme.sh
v2.8.4
[Thu Dec 12 23:30:42 +03 2019] Creating domain key
[Thu Dec 12 23:30:43 +03 2019] The domain key is here: /root/.acme.sh/kaptan.xyz                       /kaptan.xyz.key
[Thu Dec 12 23:30:43 +03 2019] Multi domain='DNS:kaptan.xyz,DNS:www.kaptan.xyz'
[Thu Dec 12 23:30:43 +03 2019] Getting domain auth token for each domain
[Thu Dec 12 23:30:46 +03 2019] Getting webroot for domain='kaptan.xyz'
[Thu Dec 12 23:30:46 +03 2019] Getting webroot for domain='www.kaptan.xyz'
[Thu Dec 12 23:30:46 +03 2019] Verifying: kaptan.xyz
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at kaptan.xyz Port 80</address>
</body></html>
[information] No new certificates or certificates due for renewal found
[information] apache::createIpPort: creating ip/port settings for  37xxxxx:80
[debug] 37xxxxx:80 :: inserted listen-statement
[debug] 37xxxxx:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  37xxxxx:443
[debug] 37xxxxx:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 19                       , customer kaptan
[information] apache::createVirtualHosts: creating vhost container for domain 18                       , customer kaptan
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\                       ApacheFcgi
[notice] Creating passwd file
[notice] Writing 7 entries to passwd file
[notice] Succesfully wrote passwd file
[notice] Creating group file
[notice] Writing 7 entries to group file
[notice] Succesfully wrote group file
[notice] Creating shadow file
[notice] Writing 7 entries to shadow file
[notice] Succesfully wrote shadow file
[notice] Checking system's last guid

Here is the information, still ssl not activated

[froxlor - letsencrypt installation question]

On 12/2/2019 at 7:49 AM, d00p said:

Means the issuer of the certificate is not trusted. I doubt that this happens with a legit Let's Encrypt certificate. Check what Certificate is being used

Under customer > domains > ssl certificates i got There are no domains with SSL certificate error

[froxlor - letsencrypt installation question]

Thanks but how can i fix " SEC_ERROR_UNKNOWN_ISSUER " error? thanks

[froxlor - letsencrypt installation question]

Hello all,

 

I'm using one of my websites with Trust safe Pro ssl certificate, but for the other small websites i would like to use let's encrypt.

SSL already working and activated in my vserver. But when i tried to activate let's encrypt from froxlor , i cannot access ssl copy-paste area under the domain/ssl tab. I successfully created ssl certificates under root with cronjob (domain.conf , domain.csr, domain.csr.conf , domain.key)

Also it is not showing ssl certificates under froxlor ssl tab.

When i tried to reach my website i got ; SEC_ERROR_UNKNOWN_ISSUER error in mozilla.

 

How can i fix it? Thanks!

 

I used https://myridia.com/dev_posts/view/1696 page for installation