Jump to content
Froxlor Forum
  • 0

[Let's Encrypt] No registration exists matching provided key


Gamerboy59

Question

Hello,

I'm trying to use lets encrypt with froxlor. I always get an error when froxlor tried to generate the certificate.

Feb 18 19:05:03 ger2 Froxlor: [ Action cronjob] [error] Could not get Let's Encrypt certificate for test.gamerboy59.blue: No challenges received for test.gamerboy59.blue. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
From what I figured out till now this might be because of a wrong email. I didn't find anything about email stuff in the csr part of the lescript yet but I found a site discussing the error: https://www.svennd.be/lets-encrypt-on-any-linux-distro/ (one of the last parts).

 

I already tried deleting the domain and customer and set it up again but no success. Maybe you can have a look in it though it's still beta and developed anyway.

 

Regards.

Link to comment
Share on other sites

19 answers to this question

Recommended Posts

tried that, tried it again, but even after removing all certificate data from the domain, deactivating ssl for the domain and then re-enabling it and setting LE enabled - it keeps telling me the same...

 

please advise,

hk

Link to comment
Share on other sites

Same problem for me,
Could not get Let's Encrypt certificate for krolika.net: No challenges received for krolika.net. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

and only for some domains.

I removed the old certificates (files and from database), still does not work.

Standalone letsencrypt-auto obtained certificates for these domains without problems.

Link to comment
Share on other sites

Hello,

 

Because I'm interessted in Let's Encrypt and want to support Froxlor I upgraded my system to 0.9.35-rc1 to check the BETA state of Let's Encrypt. The result was not good.

After some houres of testing I had the same error message like in the first message.

 

Froxlor: [ Action *****] [error] Could not get Let's Encrypt certificate for *****.de: No challenges received for *****.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}

 

I want to share my experience with other froxlor users.

 

For me the 0.9.35-rc1 was not enought. I made LE working with the git repo from today (0.9.35-rc1 (DB: 201603070)) on Debian Jessie with Apache2.4

 

  • It is important to compare the changes at the configuration files. Do not copy and paste the content of "/etc/apache2/conf-enabled/acme.conf" from the website. Use your config generator in froxlor because the PATH to your froxlor. (per example "/var/www/froxlor/.well-known/acme-challenge" instead of "/.well-known/acme-challenge")
  • Check your syslog oder Logfiles in Froxlor Webinterface (if enabled). Maybe you have to deactivate SSL Redirect temporary for the LE registration
  • I tried a lot of combinations for the default SSL Cert. My working settings are: SSL Cert and SSL Key on SSL IP/Port Settings and the same at Global SSL Settings of Froxlor
  • At Domain settings you have to change from WILDCARD to WWW or NO_ALIAS. If you enable LE but with WILDCARD you get an error message and if you press back all your ip addresses are unselected.
  • For testing I had activated the LE environment for testing at the global SSL settings. After I changed this to the Live environment I doesn't get the error message again.

This was my day from 0.9.34 to a working Froxlor installation with working Let's Encrypt. I'm happy to see that the 0.9.35 is nearly finished.

 

Thank you d00p, you hear from me again if the stable 0.9.35 is released ;)

Link to comment
Share on other sites

Here is a little something to make the whole process more easy:

 

These commands are for copy and paste use if your froxlor is installed in /var/www/froxlor/ and your froxlor database name and user are "froxlor"

 

Let's Encrypt Lib update

wget -q -O /var/www/froxlor/lib/classes/ssl/class.lescript.php "https://raw.githubusercontent.com/Froxlor/Froxlor/master/lib/classes/ssl/class.lescript.php"

empty lekeys for all panel_customers

mysqlpw=$(awk 'NR==5{print $0}' /var/www/froxlor/lib/userdata.inc.php | cut -d \' -f4)
mysql -u froxlor -p$mysqlpw
use froxlor
UPDATE panel_customers SET leprivatekey='';
quit

Cronjob + Debug

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

if successful

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php

DONE

Link to comment
Share on other sites

Was hat denn LetsEncrypt mit FROXLOR zu tun? Ich habe z.B. ne Debian8 Kiste auf der läuft FROXLOR out of the Box, dort habe ich auch letsencrypt von git ohne Eingriff in die Webserverkonfiguration erfolgreich testen können. Beides für sich geht also, sogar auf einer Kiste.

 

Hat FROXLOR jetzt LetsEncrypt-Support eingebaut, den ich übersehe und der streikt?

 

Aber mal ehrlich, will man wirklich aller n Monate zur Zertifizierungsstelle Wackeln und Zertifikate erneuern?

Link to comment
Share on other sites

Same problem, nothing helps until now.

 

If I clear the lepublickey and leprivatekey I receive the following message at executing

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Starting new account registration
[information] letsencrypt Sending registration to letsencrypt server
[information] letsencrypt Sending signed request to /acme/new-reg
PHP Notice:  Array to string conversion in /var/www/froxlor/lib/classes/ssl/class.lescript.php on line 79
[error] Could not get Let's Encrypt certificate for ?????.de: Account not initialized, probably due to rate limiting. Whole response: Array
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I execute this once more, I didn't receive the Exception, but the same error:

[information] Updating Let's Encrypt certificates
[debug] Updating ?????.de
[debug] Adding SAN entry: ?????.de
[debug] Adding SAN entry: www.?????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ?????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for ?????.de: No challenges received for ?????.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

This also happens, if I use a never with SSL used domain.

 

Things I already did:

  • Tested the /.well-known URL: works
  • Cleared the SSL-Fields at the customer panel (for those I already had a SSL certificate for)
  • Cleared lepublickey, leprivatekey in the panel_customers table
  • Cleared domain_ssl_settings at the matching domain (for those I already had a SSL certificate for)
  • allow_url_fopen = On --> Yep
  • Checked acme.conf --> seems to work, I can reach the URL
  • Disabled SSL redirect
  • Domain-settings are not at wildcard

 

Running at Debian 7.11 with 2.2.22 and would welcome a solution or tipp.

Link to comment
Share on other sites

Okay, patched and cleared everything again. Now I get:

[information] Updating Let's Encrypt certificates
[debug] Updating ????.de
[debug] Adding SAN entry: ????.de
[debug] Adding SAN entry: www.????.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ????.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for ????.de
[information] letsencrypt Token for ????.de saved at /var/www/froxlor/certs//.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc and should be available at http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc
[error] Could not get Let's Encrypt certificate for ????.de: Please check http://????.de/.well-known/acme-challenge/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/????.de\/.well-known\/acme-challenge\/BRYebjH5zEKhwJn_D1ef9REQ2VZ2FIRzTAUAkexianc): failed to open stream: HTTP request failed! HTTP\/1.1 404 Not Found\r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":172}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

If I take a look into the acme.conf, there's the path: /var/www/froxlor/.well-known/acme-challenge, no "certs" in it.

And if I take a look into the given path it exists but it is empty. It's comprehensible that the path he want's to look up isn't reachable.

The used path was from the server configuration tool. So I fixed the path to this in the log, now it works! :)

Link to comment
Share on other sites

Hello,

 

I'm experiencing the same problem. "No registration exists matching provided key"

 

I'm using the latest git version of Froxlor ( 0.9.35.1 (DB: 201603150) ) and try the create the certs against the staging area of Let's Encrypt

 

I created the /etc/apache2/conf-enabled/acme.conf file and put the right content in. I can access https: //***.de/.well-known/acme-challenge/test.txt with no problems (except old/wrong cert warning)

 

Her is my Logfile:

Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] Updating ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [debug] letsencrypt generating new key / SAN for ***.de
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Using 'https://acme-staging.api.letsencrypt.org' to generate certificate
Apr  9 20:00:18 servername Froxlor: [ Action kunde] [information] letsencrypt Starting new account registration
Apr  9 20:00:21 servername Froxlor: [ Action kunde] [information] letsencrypt Sending registration to letsencrypt server
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-reg
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt New account certificate registered
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Starting certificate generation process for domains
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Requesting challenge for ***.de
Apr  9 20:00:22 servername Froxlor: [ Action kunde] [information] letsencrypt Sending signed request to /acme/new-authz
Apr  9 20:00:23 servername Froxlor: [ Action kunde] [error] Could not get Let's Encrypt certificate for ***.de: No challenges received for ***.de. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
Apr  9 20:00:23 servername Froxlor: [ Action cronjob] [information] Let's Encrypt certificates have been updated

What I'm doing wrong? I tried with SSL forwarding and without. I also tried with alias www and with no alias at all. Has anyone an idea or tip?

Link to comment
Share on other sites

Hi

I'm stuck in quite a similar limbo, in this case the domain had a startssl cert before, then I simply activated LetsEncrypt and well - it plain doesn't work:

 

/usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[debug] Updating xyzdomaincom
[debug] letsencrypt generating new key / SAN for xyzdomain.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org'to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for xyzdomain.com
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for xyzdomain.com: No challenges received for xyzdomain.com. Whole response: {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
 
 
any help is greatly appreciated.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...