Jump to content
Froxlor Forum
  • 0
Gamerboy59

[Let's Encrypt] No registration exists matching provided key

Question

Hello,

I'm trying to use lets encrypt with froxlor. I always get an error when froxlor tried to generate the certificate.

Feb 18 19:05:03 ger2 Froxlor: [ Action cronjob] [error] Could not get Let's Encrypt certificate for test.gamerboy59.blue: No challenges received for test.gamerboy59.blue. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
From what I figured out till now this might be because of a wrong email. I didn't find anything about email stuff in the csr part of the lescript yet but I found a site discussing the error: https://www.svennd.be/lets-encrypt-on-any-linux-distro/ (one of the last parts).

 

I already tried deleting the domain and customer and set it up again but no success. Maybe you can have a look in it though it's still beta and developed anyway.

 

Regards.

Share this post


Link to post
Share on other sites

19 answers to this question

Recommended Posts

  • 0

Der Fehler besteht auch weiterhin mit der aktuellen Version von git. Was kann ich tun, damit die Zertifikate automatisch generiert werden oder welche Informationen benötigt ihr noch?

Share this post


Link to post
Share on other sites
  • 0

Was hat denn LetsEncrypt mit FROXLOR zu tun? Ich habe z.B. ne Debian8 Kiste auf der läuft FROXLOR out of the Box, dort habe ich auch letsencrypt von git ohne Eingriff in die Webserverkonfiguration erfolgreich testen können. Beides für sich geht also, sogar auf einer Kiste.

 

Hat FROXLOR jetzt LetsEncrypt-Support eingebaut, den ich übersehe und der streikt?

 

Aber mal ehrlich, will man wirklich aller n Monate zur Zertifizierungsstelle Wackeln und Zertifikate erneuern?

Share this post


Link to post
Share on other sites
  • 0

Hat FROXLOR jetzt LetsEncrypt-Support eingebaut, den ich übersehe und der streikt?

 ja haben wir eingebaut, ist im aktuellen git

Share this post


Link to post
Share on other sites
  • 0

Hello,

 

Because I'm interessted in Let's Encrypt and want to support Froxlor I upgraded my system to 0.9.35-rc1 to check the BETA state of Let's Encrypt. The result was not good.

After some houres of testing I had the same error message like in the first message.

 

Froxlor: [ Action *****] [error] Could not get Let's Encrypt certificate for *****.de: No challenges received for *****.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

 

I want to share my experience with other froxlor users.

 

For me the 0.9.35-rc1 was not enought. I made LE working with the git repo from today (0.9.35-rc1 (DB: 201603070)) on Debian Jessie with Apache2.4

 

  • It is important to compare the changes at the configuration files. Do not copy and paste the content of "/etc/apache2/conf-enabled/acme.conf" from the website. Use your config generator in froxlor because the PATH to your froxlor. (per example "/var/www/froxlor/.well-known/acme-challenge" instead of "/.well-known/acme-challenge")
  • Check your syslog oder Logfiles in Froxlor Webinterface (if enabled). Maybe you have to deactivate SSL Redirect temporary for the LE registration
  • I tried a lot of combinations for the default SSL Cert. My working settings are: SSL Cert and SSL Key on SSL IP/Port Settings and the same at Global SSL Settings of Froxlor
  • At Domain settings you have to change from WILDCARD to WWW or NO_ALIAS. If you enable LE but with WILDCARD you get an error message and if you press back all your ip addresses are unselected.
  • For testing I had activated the LE environment for testing at the global SSL settings. After I changed this to the Live environment I doesn't get the error message again.

This was my day from 0.9.34 to a working Froxlor installation with working Let's Encrypt. I'm happy to see that the 0.9.35 is nearly finished.

 

Thank you d00p, you hear from me again if the stable 0.9.35 is released ;)

Share this post


Link to post
Share on other sites
  • 0

Hello,

 

I'm experiencing the same problem. "No registration exists matching provided key"

 

I'm using the latest git version of Froxlor ( 0.9.35.1 (DB: 201603150) ) and try the create the certs against the staging area of Let's Encrypt

 

I created the /etc/apache2/conf-enabled/acme.conf file and put the right content in. I can access https: //***.de/.well-known/acme-challenge/test.txt with no problems (except old/wrong cert warning)

 

Her is my Logfile:

Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] Updating ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] letsencrypt generating new key / SAN for ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Using 'https://acme-staging.api.letsencrypt.org' to generate certificate
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Starting new account registration
Apr  9 20:00:21 servername Froxlor: [ Action kunde] [information] letsencrypt Sending registration to letsencrypt server
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-reg
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt New account certificate registered
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Starting certificate generation process for domains
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Requesting challenge for ***.de
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-authz
Apr  9 20:00:23 servername Froxlor: [ Action kunde] [error] Could not get Let's Encrypt certificate for ***.de: No challenges received for ***.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
Apr  9 20:00:23 servername Froxlor: [ Action cronjob] [information] Let's Encrypt certificates have been updated

What I'm doing wrong? I tried with SSL forwarding and without. I also tried with alias www and with no alias at all. Has anyone an idea or tip?

Share this post


Link to post
Share on other sites
  • 0

Hi

I'm stuck in quite a similar limbo, in this case the domain had a startssl cert before, then I simply activated LetsEncrypt and well - it plain doesn't work:

 

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating xyzdomaincom
[debug] letsencrypt generating new key / SAN for xyzdomain.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org'to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for xyzdomain.com
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for xyzdomain.com: No challenges received for xyzdomain.com. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
 
 
any help is greatly appreciated.

Share this post


Link to post
Share on other sites
  • 0

Try removing any former ssl-certificates before enabling LE on a domain, if any exist

Share this post


Link to post
Share on other sites
  • 0

tried that, tried it again, but even after removing all certificate data from the domain, deactivating ssl for the domain and then re-enabling it and setting LE enabled - it keeps telling me the same...

 

please advise,

hk

Share this post


Link to post
Share on other sites
  • 0

Same problem for me,
Could not get Let's Encrypt certificate for krolika.net: No challenges received for krolika.net. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

and only for some domains.

I removed the old certificates (files and from database), still does not work.

Standalone letsencrypt-auto obtained certificates for these domains without problems.

Share this post


Link to post
Share on other sites
  • 0

Same problem, nothing helps until now.

 

If I clear the lepublickey and leprivatekey I receive the following message at executing

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Starting new account registration
[information] letsencrypt Sending registration to letsencrypt server
[information] letsencrypt Sending signed request to /acme/new-reg
PHP Notice:  Array to string conversion in /var/www/froxlor/lib/classes/ssl/class.lescript.php on line 79
[error] Could not get Let's Encrypt certificate for ?????.de: Account not initialized, probably due to rate limiting. Whole response: Array
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I execute this once more, I didn't receive the Exception, but the same error:

[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ?????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for ?????.de: No challenges received for ?????.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

This also happens, if I use a never with SSL used domain.

 

Things I already did:

  • Tested the /.well-known URL: works
  • Cleared the SSL-Fields at the customer panel (for those I already had a SSL certificate for)
  • Cleared lepublickey, leprivatekey in the panel_customers table
  • Cleared domain_ssl_settings at the matching domain (for those I already had a SSL certificate for)
  • allow_url_fopen = On --> Yep
  • Checked acme.conf --> seems to work, I can reach the URL
  • Disabled SSL redirect
  • Domain-settings are not at wildcard

 

Running at Debian 7.11 with 2.2.22 and would welcome a solution or tipp.

Share this post


Link to post
Share on other sites
  • 0

Okay, patched and cleared everything again. Now I get:

[information] Updating Let's Encrypt certificates
[debug] Updating ????.de
[debug] Adding SAN entry: ????.de
[debug] Adding SAN entry: www.????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for ????.de
[information] letsencrypt Token for ????.de saved at /var/www/froxlor/certs//.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc and should be available at http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc
[error] Could not get Let's Encrypt certificate for ????.de: Please check http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/????.de\/.well-known\/acme-challenge\/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc): failed to open stream: HTTP request failed! HTTP\/1.1 404 Not Found\r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":172}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I take a look into the acme.conf, there's the path: /var/www/froxlor/.well-known/acme-challenge, no "certs" in it.

And if I take a look into the given path it exists but it is empty. It's comprehensible that the path he want's to look up isn't reachable.

The used path was from the server configuration tool. So I fixed the path to this in the log, now it works! :)

Share this post


Link to post
Share on other sites
  • 0

Here is a little something to make the whole process more easy:

 

These commands are for copy and paste use if your froxlor is installed in /var/www/froxlor/ and your froxlor database name and user are "froxlor"

 

Let's Encrypt Lib update

wget -q -O /var/www/froxlor/lib/classes/ssl/class.lescript.php "https://raw.githubusercontent.com/Froxlor/Froxlor/master/lib/classes/ssl/class.lescript.php"

empty lekeys for all panel_customers

mysqlpw=$(awk 'NR==5{print $0}' /var/www/froxlor/lib/userdata.inc.php | cut -d \' -f4)
mysql -u froxlor -p$mysqlpw
use froxlor
UPDATE panel_customers SET leprivatekey='';
quit

Cronjob + Debug

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

if successful

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php

DONE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
    • By juca
      Hi,
      I was wondering if it possible to specify different custom configurations for HTTP and HTTPS traffic. 
      I have a couple of sites that would need to keep HTTP traffic active. Basically what I would like to do is the following:
      for HTTP:
      ProxyPreserveHost On ProxyRequests off ### HTTP Proxy AllowCONNECT 443 563 ProxyPass / http://localhost:16080/ ProxyPassReverse / http://localhost:16080/  
      for HTTPS:
      ###SSL Proxy ProxyPreserveHost On ProxyRequests off SSLProxyEngine on SSLProxyVerify none  SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://localhost:16443/ ProxyPassReverse / https://localhost:16433/ is this possible?
       
    • By j4mb4l4j4
      Hallo, ich hätte eine Frage da ich aktuell in folgendes Problem laufe.
      Froxlor version: 0.9.39.5 (DB: 201805290)
      Meine Domains bekommen aktuell keine neuen Zertifikate mehr, da der Cronjob der die Letsencrypt Zertifikate erzeugt einen Fehler wirft.
      Gemäß Syspanel bekomme ich die Meldung (customer = mein Kunde, my.domain.com = meine Domain):
      25.03.19 18:51:38 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 17:48:28 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 17:35:04 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 25.03.19 16:47:52 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 16:43:53 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 25.03.19 16:43:53 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 16:30:27 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 20.03.19 16:55:42 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Could not resolve host: acme-v02.api.letsencrypt.org 20.03.19 16:50:50 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Could not resolve host: acme-v02.api.letsencrypt.org 20.03.19 16:50:20 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Operation timed out after 0 milliseconds with 0 out of 0 bytes received 09.03.19 16:12:36 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 09.03.19 14:52:02 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 01.03.19 14:54:10 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 01.03.19 05:30:01 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error Leider bekomme ich wenn ich folgenden Befehl ausführe auch keine Meldung, es hängt einfach und passiert nix:
      root@server:/var/run# php -q /var/www/my.domain.com/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updating Let's Encrypt certificates [information] Updating my.domain.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Requesting challenge for my.domain.com Leider sehe ich keine weitere Möglichkeit zum Debugging.
      Wo müsste ich ansetzen um mehr Logs zu bekommen, bzw. kennt jemand den Fehler und kann mir sagen was ich falsch mache ?
      Irgendwie verstehe ich nicht was das Problem ist.
      Auf einem anderen Server mit anderer IP und Froxlor habe ich genau das gleiche Problem.
      Ich kann erfolgreich pingen und telnetten:
      root@server:/var/run# telnet acme-v02.api.letsencrypt.org 443 Trying 2a02:26f0:eb:186::3a8e... Connected to e14990.dscx.akamaiedge.net. Escape character is '^]'. ^CConnection closed by foreign host.  

    • By princeofnaxos
      After migrating from syscp, all SSL hosts have empty host files. A comment is there, saying "# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated".
      Looking in lib/Froxlor/Cron/Http/Apache.php, I see that $domain['ssl_cert_file'] must be empty in order to get that message. But where in the domain form should I enter the certificate's filename? There is nothing under "Webserver SSL settings" that looks like that.
       




×
×
  • Create New...