Jump to content
Froxlor Forum
  • 0
Gamerboy59

[Let's Encrypt] No registration exists matching provided key

Question

Hello,

I'm trying to use lets encrypt with froxlor. I always get an error when froxlor tried to generate the certificate.

Feb 18 19:05:03 ger2 Froxlor: [ Action cronjob] [error] Could not get Let's Encrypt certificate for test.gamerboy59.blue: No challenges received for test.gamerboy59.blue. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
From what I figured out till now this might be because of a wrong email. I didn't find anything about email stuff in the csr part of the lescript yet but I found a site discussing the error: https://www.svennd.be/lets-encrypt-on-any-linux-distro/ (one of the last parts).

 

I already tried deleting the domain and customer and set it up again but no success. Maybe you can have a look in it though it's still beta and developed anyway.

 

Regards.

Share this post


Link to post
Share on other sites

19 answers to this question

Recommended Posts

  • 0

Der Fehler besteht auch weiterhin mit der aktuellen Version von git. Was kann ich tun, damit die Zertifikate automatisch generiert werden oder welche Informationen benötigt ihr noch?

Share this post


Link to post
Share on other sites
  • 0

Was hat denn LetsEncrypt mit FROXLOR zu tun? Ich habe z.B. ne Debian8 Kiste auf der läuft FROXLOR out of the Box, dort habe ich auch letsencrypt von git ohne Eingriff in die Webserverkonfiguration erfolgreich testen können. Beides für sich geht also, sogar auf einer Kiste.

 

Hat FROXLOR jetzt LetsEncrypt-Support eingebaut, den ich übersehe und der streikt?

 

Aber mal ehrlich, will man wirklich aller n Monate zur Zertifizierungsstelle Wackeln und Zertifikate erneuern?

Share this post


Link to post
Share on other sites
  • 0

Hat FROXLOR jetzt LetsEncrypt-Support eingebaut, den ich übersehe und der streikt?

 ja haben wir eingebaut, ist im aktuellen git

Share this post


Link to post
Share on other sites
  • 0

Hello,

 

Because I'm interessted in Let's Encrypt and want to support Froxlor I upgraded my system to 0.9.35-rc1 to check the BETA state of Let's Encrypt. The result was not good.

After some houres of testing I had the same error message like in the first message.

 

Froxlor: [ Action *****] [error] Could not get Let's Encrypt certificate for *****.de: No challenges received for *****.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

 

I want to share my experience with other froxlor users.

 

For me the 0.9.35-rc1 was not enought. I made LE working with the git repo from today (0.9.35-rc1 (DB: 201603070)) on Debian Jessie with Apache2.4

 

  • It is important to compare the changes at the configuration files. Do not copy and paste the content of "/etc/apache2/conf-enabled/acme.conf" from the website. Use your config generator in froxlor because the PATH to your froxlor. (per example "/var/www/froxlor/.well-known/acme-challenge" instead of "/.well-known/acme-challenge")
  • Check your syslog oder Logfiles in Froxlor Webinterface (if enabled). Maybe you have to deactivate SSL Redirect temporary for the LE registration
  • I tried a lot of combinations for the default SSL Cert. My working settings are: SSL Cert and SSL Key on SSL IP/Port Settings and the same at Global SSL Settings of Froxlor
  • At Domain settings you have to change from WILDCARD to WWW or NO_ALIAS. If you enable LE but with WILDCARD you get an error message and if you press back all your ip addresses are unselected.
  • For testing I had activated the LE environment for testing at the global SSL settings. After I changed this to the Live environment I doesn't get the error message again.

This was my day from 0.9.34 to a working Froxlor installation with working Let's Encrypt. I'm happy to see that the 0.9.35 is nearly finished.

 

Thank you d00p, you hear from me again if the stable 0.9.35 is released ;)

Share this post


Link to post
Share on other sites
  • 0

Hello,

 

I'm experiencing the same problem. "No registration exists matching provided key"

 

I'm using the latest git version of Froxlor ( 0.9.35.1 (DB: 201603150) ) and try the create the certs against the staging area of Let's Encrypt

 

I created the /etc/apache2/conf-enabled/acme.conf file and put the right content in. I can access https: //***.de/.well-known/acme-challenge/test.txt with no problems (except old/wrong cert warning)

 

Her is my Logfile:

Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] Updating ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] letsencrypt generating new key / SAN for ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Using 'https://acme-staging.api.letsencrypt.org' to generate certificate
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Starting new account registration
Apr  9 20:00:21 servername Froxlor: [ Action kunde] [information] letsencrypt Sending registration to letsencrypt server
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-reg
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt New account certificate registered
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Starting certificate generation process for domains
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Requesting challenge for ***.de
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-authz
Apr  9 20:00:23 servername Froxlor: [ Action kunde] [error] Could not get Let's Encrypt certificate for ***.de: No challenges received for ***.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
Apr  9 20:00:23 servername Froxlor: [ Action cronjob] [information] Let's Encrypt certificates have been updated

What I'm doing wrong? I tried with SSL forwarding and without. I also tried with alias www and with no alias at all. Has anyone an idea or tip?

Share this post


Link to post
Share on other sites
  • 0

Hi

I'm stuck in quite a similar limbo, in this case the domain had a startssl cert before, then I simply activated LetsEncrypt and well - it plain doesn't work:

 

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating xyzdomaincom
[debug] letsencrypt generating new key / SAN for xyzdomain.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org'to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for xyzdomain.com
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for xyzdomain.com: No challenges received for xyzdomain.com. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
 
 
any help is greatly appreciated.

Share this post


Link to post
Share on other sites
  • 0

Try removing any former ssl-certificates before enabling LE on a domain, if any exist

Share this post


Link to post
Share on other sites
  • 0

tried that, tried it again, but even after removing all certificate data from the domain, deactivating ssl for the domain and then re-enabling it and setting LE enabled - it keeps telling me the same...

 

please advise,

hk

Share this post


Link to post
Share on other sites
  • 0

Same problem for me,
Could not get Let's Encrypt certificate for krolika.net: No challenges received for krolika.net. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

and only for some domains.

I removed the old certificates (files and from database), still does not work.

Standalone letsencrypt-auto obtained certificates for these domains without problems.

Share this post


Link to post
Share on other sites
  • 0

Same problem, nothing helps until now.

 

If I clear the lepublickey and leprivatekey I receive the following message at executing

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Starting new account registration
[information] letsencrypt Sending registration to letsencrypt server
[information] letsencrypt Sending signed request to /acme/new-reg
PHP Notice:  Array to string conversion in /var/www/froxlor/lib/classes/ssl/class.lescript.php on line 79
[error] Could not get Let's Encrypt certificate for ?????.de: Account not initialized, probably due to rate limiting. Whole response: Array
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I execute this once more, I didn't receive the Exception, but the same error:

[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ?????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for ?????.de: No challenges received for ?????.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

This also happens, if I use a never with SSL used domain.

 

Things I already did:

  • Tested the /.well-known URL: works
  • Cleared the SSL-Fields at the customer panel (for those I already had a SSL certificate for)
  • Cleared lepublickey, leprivatekey in the panel_customers table
  • Cleared domain_ssl_settings at the matching domain (for those I already had a SSL certificate for)
  • allow_url_fopen = On --> Yep
  • Checked acme.conf --> seems to work, I can reach the URL
  • Disabled SSL redirect
  • Domain-settings are not at wildcard

 

Running at Debian 7.11 with 2.2.22 and would welcome a solution or tipp.

Share this post


Link to post
Share on other sites
  • 0

Okay, patched and cleared everything again. Now I get:

[information] Updating Let's Encrypt certificates
[debug] Updating ????.de
[debug] Adding SAN entry: ????.de
[debug] Adding SAN entry: www.????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for ????.de
[information] letsencrypt Token for ????.de saved at /var/www/froxlor/certs//.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc and should be available at http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc
[error] Could not get Let's Encrypt certificate for ????.de: Please check http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/????.de\/.well-known\/acme-challenge\/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc): failed to open stream: HTTP request failed! HTTP\/1.1 404 Not Found\r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":172}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I take a look into the acme.conf, there's the path: /var/www/froxlor/.well-known/acme-challenge, no "certs" in it.

And if I take a look into the given path it exists but it is empty. It's comprehensible that the path he want's to look up isn't reachable.

The used path was from the server configuration tool. So I fixed the path to this in the log, now it works! :)

Share this post


Link to post
Share on other sites
  • 0

Here is a little something to make the whole process more easy:

 

These commands are for copy and paste use if your froxlor is installed in /var/www/froxlor/ and your froxlor database name and user are "froxlor"

 

Let's Encrypt Lib update

wget -q -O /var/www/froxlor/lib/classes/ssl/class.lescript.php "https://raw.githubusercontent.com/Froxlor/Froxlor/master/lib/classes/ssl/class.lescript.php"

empty lekeys for all panel_customers

mysqlpw=$(awk 'NR==5{print $0}' /var/www/froxlor/lib/userdata.inc.php | cut -d \' -f4)
mysql -u froxlor -p$mysqlpw
use froxlor
UPDATE panel_customers SET leprivatekey='';
quit

Cronjob + Debug

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

if successful

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php

DONE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By logicbloke
      Hi,
      I'm just wondering what the difference is between the following 2 folders:
      Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?
       
      If anyone can shed some more light on this, it will be very much appreciated.
       
      Many thanks!
    • By Matteo
      I am installing Froxlor 10 on Debian 10 with MySQL and Apache2 on a home web server.
      I get to the installation screen by going to localhost/froxlor and I get
      "Welcome to Froxlor"
      "It seems that Froxlor has not been installed yet."
      "Click on the link below to start the installation."
      I click "Start Install" and get to this page:
      Checking system requirements...
      All requirements are satisfied [green] and this is at the bottom:
      All requirements are satisfied
        Clicking the link to continue takes me to:
      Database connection
      MySQL-Hostname:
      Database name:
      Username for the unprivileged MySQL-account:
      Password for the unprivileged MySQL-account:
      Username for the MySQL-root-account:
      Password for the MySQL-root-account:
       
      Administrator Account
      Administrator Username:
      Administrator Password:
      Administrator-Password (confirm):
      Enable the official newsfeed
      (https://inside.froxlor.org/news/):
       
      Server settings
      Server name (FQDN, no ip-address):
      Server IP:
      Webserver Apache 2.4:
      HTTP username:
      HTTP groupname:
       
      [With all the correct fields and passwords filled in...]
      Clicking the [continue] button takes me to the success screen...:
      Froxlor install - setup
      Checking MySQL-root access... OK Creating backup of old database... OK  Preparing database... OK Creating database and username... OK Testing if database and user have been created correctly... OK Importing data... OK Adjusting settings... OK Inserting new values... OK Creating admin-account... OK Creating configfile... File was saved in /... Froxlor was installed successfully.
        Clicking the login button takes me to this:
      "Welcome to Froxlor"
      "It seems that Froxlor has not been installed yet."
      "Click on the link below to start the installation."
      And the process starts all over again...
      It doesn't matter which browser I use - Chrome, Firefox - the result is the same.
      I am a new Linux user, so some help would be appreciated.
      Thank you.
       
    • By Marcel -//- AdSoleWare
      Hello.
      I manually installed Froxlor on Debian 8 and tried setting up. i installed php 7.3 in as it was the only missing point. i restarted apache2 and now it wont start. I need help
       
      Error Log:
       
    • By Michael Groß
      Hallo zusammen,
      ich kämpfe momentan mit der SSL Konfiguration von meinem Froxlor-Server.
      Bedauerlicherweise befindet sich der Webserver hinter einer Firewall und hat eine private IP Adresse zugewiesen bekommen. 
      Die Firewall leitet entsprechend den Traffic von außerhalb auf den Server weiter (HTTP ist das alles kein Problem).
      Nun habe ich vorhin SSL aktivieren wollen und hierzu kann ich leider keine private IP Adresse eintragen (lässt Froxlor nicht zu).
      Entsprechend habe ich die public IP eingetragen, was aber auch nicht funktioniert, da durch das NAT der Firewall die private IP angesprochen wird - somit funktioniert dies nicht.
      Habt ihr eine Idee, wie man das umbauen kann?
      An sich brauche ich nur die private IP Adresse als SSL Adresse eintragen - vermute aber, dass dadurch Let's Encrypt auch nicht mehr richtig laufen wird.
      Viele Grüße
      Michael
      PS: Ein 1:1 NAT wäre noch eine Möglichkeit, da ich die Public IP aber für diverse Server verwende, fällt das auch raus. Müsste dann eine neue Public IP kaufen, welche ich dann mit einem 1:1 NAT auf den Webserver laufen lasse (wäre noch eine Möglichkeit)
    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
×
×
  • Create New...