Jump to content
Froxlor Forum

ajp

Members
  • Posts

    4
  • Joined

  • Last visited

ajp's Achievements

Newbie

Newbie (1/14)

  • Dedicated Rare
  • Week One Done
  • First Post
  • Conversation Starter

Recent Badges

0

Reputation

  1. Hi folks I am so sorry, I should have explained previously that the domain name I used in the logs was changed. My bad. I didn't want to use it without the permission of the domain owner. The actual domain name resolves correctly to the server. This was a domain with an existing LE SSL certificate, which expired. When trying to renew, the error came about, (pointing to the correct domain), saying the /.well-known/acme-challenge/file was returning a 404. The server does the same for a new domain. When trying to get the SSL certificate, the callback fetch returns a 404. The test file is also not accessible from the browser, which is why I said to me it looks like apache is having an issue loading the acme.conf, which exists and is correct. The apache config has not been manually modified in any and is as per the froxlor configuration instructions.
  2. The DNS is external to the server and resolves to the server. In the backup logs the content is showed. To verify this i created an .htaccess file that directs all traffic to the index.php file and the content showed in the backup cron output (I later removed the .htacess). I am testing on a site that is empty except for an index.html I have tried removing the acme.sh directory and setting the SSL one by one. - The renew worked for still valid domains - The rewew failed for expired domains - The rewew failed for new domains As I mentioned before, the one thing I did notice is that the site owner is not www-data, while the file owner of the directory /var/www/froxlor/.well-known/acme-challenge is www-data. I have verified the access of the directory and that it has 'r' and 'x' permission for each component in the path, I have added a cleaned up version of the backup log below [information] Creating certificate for aeroweb.con [information] Adding common-name: aeroweb.con [Wed 22 Jun 2022 09:12:32 AM UTC] Lets find script dir. [Wed 22 Jun 2022 09:12:32 AM UTC] _SCRIPT_='/root/.acme.sh/acme.sh' [Wed 22 Jun 2022 09:12:32 AM UTC] _script='/root/.acme.sh/acme.sh' [Wed 22 Jun 2022 09:12:32 AM UTC] _script_home='/root/.acme.sh' [Wed 22 Jun 2022 09:12:32 AM UTC] Using config home:/root/.acme.sh [Wed 22 Jun 2022 09:12:32 AM UTC] Using server: https://acme-v02.api.letsencrypt.org/directory [Wed 22 Jun 2022 09:12:32 AM UTC] Running cmd: issue [Wed 22 Jun 2022 09:12:32 AM UTC] _main_domain='aeroweb.con' [Wed 22 Jun 2022 09:12:32 AM UTC] _alt_domains='no' [Wed 22 Jun 2022 09:12:32 AM UTC] Using config home:/root/.acme.sh [Wed 22 Jun 2022 09:12:32 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed 22 Jun 2022 09:12:32 AM UTC] DOMAIN_PATH='/root/.acme.sh/aeroweb.con' [Wed 22 Jun 2022 09:12:32 AM UTC] Le_NextRenewTime [Wed 22 Jun 2022 09:12:32 AM UTC] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Wed 22 Jun 2022 09:12:32 AM UTC] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Wed 22 Jun 2022 09:12:32 AM UTC] GET [Wed 22 Jun 2022 09:12:32 AM UTC] url='https://acme-v02.api.letsencrypt.org/directory' [Wed 22 Jun 2022 09:12:32 AM UTC] timeout= [Wed 22 Jun 2022 09:12:32 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:33 AM UTC] ret='0' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_AUTHZ [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed 22 Jun 2022 09:12:33 AM UTC] _on_before_issue [Wed 22 Jun 2022 09:12:33 AM UTC] _chk_main_domain='aeroweb.con' [Wed 22 Jun 2022 09:12:33 AM UTC] _chk_alt_domains [Wed 22 Jun 2022 09:12:33 AM UTC] Le_LocalAddress [Wed 22 Jun 2022 09:12:33 AM UTC] d='aeroweb.con' [Wed 22 Jun 2022 09:12:33 AM UTC] Check for domain='aeroweb.con' [Wed 22 Jun 2022 09:12:33 AM UTC] _currentRoot='/var/www/froxlor' [Wed 22 Jun 2022 09:12:33 AM UTC] d [Wed 22 Jun 2022 09:12:33 AM UTC] _saved_account_key_hash is not changed, skip register account. [Wed 22 Jun 2022 09:12:33 AM UTC] Read key length:4096 [Wed 22 Jun 2022 09:12:33 AM UTC] _createcsr [Wed 22 Jun 2022 09:12:33 AM UTC] d [Wed 22 Jun 2022 09:12:33 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed 22 Jun 2022 09:12:33 AM UTC] payload='{"identifiers": [{"type":"dns","value":"aeroweb.con"}]}' [Wed 22 Jun 2022 09:12:33 AM UTC] RSA key [Wed 22 Jun 2022 09:12:33 AM UTC] HEAD [Wed 22 Jun 2022 09:12:33 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed 22 Jun 2022 09:12:33 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ' [Wed 22 Jun 2022 09:12:34 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:34 AM UTC] POST [Wed 22 Jun 2022 09:12:34 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed 22 Jun 2022 09:12:34 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:36 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:36 AM UTC] code='201' [Wed 22 Jun 2022 09:12:36 AM UTC] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/450484450/99996481836' [Wed 22 Jun 2022 09:12:36 AM UTC] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/450484450/99996481836' [Wed 22 Jun 2022 09:12:36 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122387738876' [Wed 22 Jun 2022 09:12:36 AM UTC] payload [Wed 22 Jun 2022 09:12:36 AM UTC] POST [Wed 22 Jun 2022 09:12:36 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122387738876' [Wed 22 Jun 2022 09:12:36 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:36 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:36 AM UTC] code='200' [Wed 22 Jun 2022 09:12:36 AM UTC] d='aeroweb.con' [Wed 22 Jun 2022 09:12:37 AM UTC] _w='/var/www/froxlor' [Wed 22 Jun 2022 09:12:37 AM UTC] _currentRoot='/var/www/froxlor' [Wed 22 Jun 2022 09:12:37 AM UTC] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw","token":"DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic"' [Wed 22 Jun 2022 09:12:37 AM UTC] token='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic' [Wed 22 Jun 2022 09:12:37 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:37 AM UTC] keyauthorization='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg' [Wed 22 Jun 2022 09:12:37 AM UTC] dvlist='aeroweb.con#DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw#http-01#/var/www/froxlor' [Wed 22 Jun 2022 09:12:37 AM UTC] d [Wed 22 Jun 2022 09:12:37 AM UTC] vlist='aeroweb.con#DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw#http-01#/var/www/froxlor,' [Wed 22 Jun 2022 09:12:37 AM UTC] d='aeroweb.con' [Wed 22 Jun 2022 09:12:37 AM UTC] ok, let's start to verify [Wed 22 Jun 2022 09:12:37 AM UTC] d='aeroweb.con' [Wed 22 Jun 2022 09:12:37 AM UTC] keyauthorization='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg' [Wed 22 Jun 2022 09:12:37 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:37 AM UTC] _currentRoot='/var/www/froxlor' [Wed 22 Jun 2022 09:12:37 AM UTC] wellknown_path='/var/www/froxlor/.well-known/acme-challenge' [Wed 22 Jun 2022 09:12:37 AM UTC] writing token:DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic to /var/www/froxlor/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic [Wed 22 Jun 2022 09:12:37 AM UTC] Changing owner/group of .well-known to www-data:www-data [Wed 22 Jun 2022 09:12:37 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:37 AM UTC] payload='{}' [Wed 22 Jun 2022 09:12:37 AM UTC] POST [Wed 22 Jun 2022 09:12:37 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:37 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:38 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:38 AM UTC] code='200' [Wed 22 Jun 2022 09:12:38 AM UTC] trigger validation code: 200 [Wed 22 Jun 2022 09:12:38 AM UTC] sleep 2 secs to verify again [Wed 22 Jun 2022 09:12:40 AM UTC] checking [Wed 22 Jun 2022 09:12:40 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:40 AM UTC] payload [Wed 22 Jun 2022 09:12:40 AM UTC] POST [Wed 22 Jun 2022 09:12:40 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:40 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:41 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:41 AM UTC] code='200' [Wed 22 Jun 2022 09:12:41 AM UTC] aeroweb.con:Verify error:102.37.45.140: Invalid response from http://aeroweb.con/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic: 404 [Wed 22 Jun 2022 09:12:41 AM UTC] Debug: get token url. [Wed 22 Jun 2022 09:12:41 AM UTC] GET [Wed 22 Jun 2022 09:12:41 AM UTC] url='http://aeroweb.con/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic' [Wed 22 Jun 2022 09:12:41 AM UTC] timeout=1 [Wed 22 Jun 2022 09:12:41 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' [Wed 22 Jun 2022 09:12:41 AM UTC] ret='0' [Wed 22 Jun 2022 09:12:41 AM UTC] Debugging, skip removing: /var/www/froxlor/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic [Wed 22 Jun 2022 09:12:41 AM UTC] pid [Wed 22 Jun 2022 09:12:41 AM UTC] No need to restore nginx, skip. [Wed 22 Jun 2022 09:12:41 AM UTC] _clearupdns [Wed 22 Jun 2022 09:12:41 AM UTC] dns_entries [Wed 22 Jun 2022 09:12:41 AM UTC] skip dns. [Wed 22 Jun 2022 09:12:41 AM UTC] _on_issue_err [Wed 22 Jun 2022 09:12:41 AM UTC] Please add '--debug' or '--log' to check more details. [Wed 22 Jun 2022 09:12:41 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Wed 22 Jun 2022 09:12:41 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:41 AM UTC] payload='{}' [Wed 22 Jun 2022 09:12:41 AM UTC] POST [Wed 22 Jun 2022 09:12:41 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw' [Wed 22 Jun 2022 09:12:41 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed 22 Jun 2022 09:12:42 AM UTC] _ret='0' [Wed 22 Jun 2022 09:12:42 AM UTC] code='400' [Wed 22 Jun 2022 09:12:42 AM UTC] socat doesn't exist. [Wed 22 Jun 2022 09:12:42 AM UTC] Diagnosis versions: openssl:openssl OpenSSL 1.1.1f 31 Mar 2020 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: [debug] https://github.com/acmesh-official/acme.sh v3.0.5 [Wed 22 Jun 2022 09:12:33 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed 22 Jun 2022 09:12:33 AM UTC] Single domain='aeroweb.con' [Wed 22 Jun 2022 09:12:33 AM UTC] Getting domain auth token for each domain [Wed 22 Jun 2022 09:12:36 AM UTC] Getting webroot for domain='aeroweb.con' [Wed 22 Jun 2022 09:12:37 AM UTC] Verifying: aeroweb.con [Wed 22 Jun 2022 09:12:38 AM UTC] Pending, The CA is processing your order, please just wait. (1/30) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> <hr> <address>Apache/2.4.41 (Ubuntu) Server at aeroweb.con Port 80</address> </body></html> [error] Could not find file 'aeroweb.con.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not get Let's Encrypt certificate for aeroweb.con: https://github.com/acmesh-official/acme.sh v3.0.5 [Wed 22 Jun 2022 09:12:33 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed 22 Jun 2022 09:12:33 AM UTC] Single domain='aeroweb.con' [Wed 22 Jun 2022 09:12:33 AM UTC] Getting domain auth token for each domain [Wed 22 Jun 2022 09:12:36 AM UTC] Getting webroot for domain='aeroweb.con' [Wed 22 Jun 2022 09:12:37 AM UTC] Verifying: aeroweb.con [Wed 22 Jun 2022 09:12:38 AM UTC] Pending, The CA is processing your order, please just wait. (1/30) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> <hr> <address>Apache/2.4.41 (Ubuntu) Server at aeroweb.con Port 80</address> </body></html> [error] Could not find file 'aeroweb.con.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/aeroweb.con/' [error] Could not get Let's Encrypt certificate for aeroweb.con: [information] Let's Encrypt certificates have been updated
  3. The acme points from the vhosts /.well-known/acme-challenge to /var/www/froxlor/.well-known/acme-challenge where the challenge files are present, and where I created the test file. As I mentioned, accessing the test file outside of the cron job resulted in a 404. I am using apache on Ubuntu 20.04 and config is as per the froxlor configuration.
  4. Since a week now, I am unable to create or renew any expired Lets encrypt certificate. The only significant event on the server was an update of froxlor to the latest When running the cronjob, it reports a 404 not found when trying to access the file http://domain.name/.well-known/acme-challenge/ . The acme.conf is present and installed as per the instructions. I am also unable to access the test file http://domain.name/.well-known/acme-challenge/test that I manually created. I tried creating a symlink from the vhost RootDir to the acme-challenge directory in /var/www/froxlor without success. I tried adding the alias, on the sites-available file and froxlor vhost settings without success.. I even tried creating an index.php that strips out the last URL segment and render the file contents from /var/www/froxlor but this did not work because of permissions. This last attempt led me to believe that perhaps this is related to access controls. I tried adding the vhost user to the www-group without success. - the vhost root directory '/var/customers/webs/aeroweb/aeroweb.com/ is owned by a user aeroweb:aeroweb - the acme challenge directory /var/www/froxlor/.well-known/acme-challenge/ is owned by www-data:www-data The logs show a file not found error. While this may not be a froxlor issue, I am at a loss oh how to proceed further, and hope that someone would have solved this or assist in looking at something else I may have overlooked. Any assistance is appreciated.
×
×
  • Create New...