Jump to content
Froxlor Forum
  • 0

keine auto certs


みゆき

Question

Hi,

Hab mittlweile ein prob mit frox und certs.

Und zwar, wenn ich ne neue Domain in Frox eintrage, erstellt er mir keine certs mehr, bzw. macht auch in den vhots keine Weiterleitung auf den port 443 von 80.

Bestehende certs (3stk) die schon drin ist, gehen oh. probleme nur wenn ich neue domains hinzufüge zickt es um, kA ob es daran liegt dass ich mal den hostnamen manuell geändert hatte (

)

gibs ne Möglichkeit, dass man manuell frox dazu bringen kann, alle certs neu zu erstellen?

Link to comment
Share on other sites

8 answers to this question

Recommended Posts

1) hat denn die domain überhaupt eine SSL fähige IP?

2) ist denn Let's Encrypt für die Domain auch aktiviert?

3) hast du den letsencrypt cronjob mal manuell mit debug flag ausgeführt um evtl. probleme zu sehen?

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

4) was hat das Ändern des Froxlor Hostnames damit zu tun? Das geht übrigens nicht so ohne weiteres...

Link to comment
Share on other sites

3 hours ago, d00p said:

1) hat denn die domain überhaupt eine SSL fähige IP?

2) ist denn Let's Encrypt für die Domain auch aktiviert?

3) hast du den letsencrypt cronjob mal manuell mit debug flag ausgeführt um evtl. probleme zu sehen?


php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

4) was hat das Ändern des Froxlor Hostnames damit zu tun? Das geht übrigens nicht so ohne weiteres...

1. ja, sonst würden meine Domains die ich von Anfang an drin habe nicht per ssl gehen und vor einiger Zeit ging es auch noch oh. probleme, als ich ne neue Domain dazu gemacht habe.

2. Ja ist es, wurden die gleiche einstellungen gemacht wie bei den anderen domains

 

Quote

32.

 [information] Updating Let's Encrypt certificates
[information] Updating xxxxxxx.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for xxxxxxx.com
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for .xxxxxxx.com: No challenges received for xxxxxxx.com. Whole response: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status":429}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

 

Habe jetzt mal manuell ein cert für die domian mit certbot erstellt, ging oh. probleme und keine fehler ausgabe etc.

Link to comment
Share on other sites

Hab es jetzt noch mal probier, bei 3 von 6 erstellt er mir die certs, bei den anderen 3 nicht, kA why er dies nicht macht.

Hab auch die neuste git vers. gezogen. Angefangen hatte es vor einigen Tagen mit der .eu Domain, mittlerweile sind eine .com und eine .de betroffen davon. Manuell kann ich die certs erstellen, nur über frox macht er dies nicht.

 

Quote

[information] Updating Let's Encrypt certificates
[information] Updating *******.eu
[information] Adding SAN entry: *******.eu
[information] Adding SAN entry: www.*******.eu
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for *******.eu
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for *******.eu
[information] letsencrypt Token for *******.eu saved at /*******/.well-known/acme-challenge/XpoDOxvRGrkACGDcV7YYrXQt4noURj9ottzBLYvMp_o and should be available at http://*******.eu/.well-known/acme-challenge/XpoDOxvRGrkACGDcV7YYrXQt4noURj9ottzBLYvMp_o
[error] letsencrypt Please check http://*******.eu/.well-known/acme-challenge/XpoDOxvRGrkACGDcV7YYrXQt4noURj9ottzBLYvMp_o - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/*******.eu\/.well-known\/acme-challenge\/XpoDOxvRGrkACGDcV7YYrXQt4noURj9ottzBLYvMp_o): failed to open stream: Connection refused","file":"\/usr\/share\/nginx\/***********\/lib\/classes\/ssl\/class.lescript.php","line":232}
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/Zgf3PAAEtXCGoBht5Oop_r4TU-2zF03QxqUdRsDO8Jc/1509732674
[information] letsencrypt Verification ended with status: valid
[information] letsencrypt Requesting challenge for www.*******.eu
[information] letsencrypt Sending signed request to /acme/new-authz
[error] Could not get Let's Encrypt certificate for *******.eu: No challenges received for www.*******.eu. Whole response: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status":429}
[information] Updating *******.de
[information] Adding SAN entry: *******.de
[information] Adding SAN entry: www.*******.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for *******.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for *******.de
[information] letsencrypt Token for *******.de saved at /*******/.well-known/acme-challenge/MxNqDUR1KkoizevcghayCggh8Qi8axzSy7Dk94MD7ak and should be available at http://*******.de/.well-known/acme-challenge/MxNqDUR1KkoizevcghayCggh8Qi8axzSy7Dk94MD7ak
[error] letsencrypt Please check http://*******.de/.well-known/acme-challenge/MxNqDUR1KkoizevcghayCggh8Qi8axzSy7Dk94MD7ak - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/*******.de\/.well-known\/acme-challenge\/MxNqDUR1KkoizevcghayCggh8Qi8axzSy7Dk94MD7ak): failed to open stream: Connection refused","file":"\/usr\/share\/nginx\/***********\/lib\/classes\/ssl\/class.lescript.php","line":232}
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/QE7xs4Bc8j8xQiCnEkYulqJplvx9kz_GPMpSFGGnzLw/1509860515
[information] letsencrypt Verification ended with status: valid
[information] letsencrypt Requesting challenge for www.*******.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for www.*******.de
[information] letsencrypt Token for www.*******.de saved at /*******/.well-known/acme-challenge/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k and should be available at http://www.*******.de/.well-known/acme-challenge/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k
[error] letsencrypt Please check http://www.*******.de/.well-known/acme-challenge/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/www.*******.de\/.well-known\/acme-challenge\/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k): failed to open stream: Connection refused","file":"\/usr\/share\/nginx\/***********\/lib\/classes\/ssl\/class.lescript.php","line":232}
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/hJfIrvWP4tkgGjr0lmiBN2NZI7lAV8B2lcjqYFvpsbE/1509866067
[information] letsencrypt Verification pending, sleeping 1s
[error] Could not get Let's Encrypt certificate for *******.de: Verification ended with error: {"identifier":{"type":"dns","value":"www.*******.de"},"status":"invalid","expires":"2017-07-16T15:59:42Z","challenges":[{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/hJfIrvWP4tkgGjr0lmiBN2NZI7lAV8B2lcjqYFvpsbE\/1509866062","token":"MMjMujuJ1zwgGGwIaTBssuXutlui-3M_3UWFeFcABCY"},{"type":"tls-sni-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/hJfIrvWP4tkgGjr0lmiBN2NZI7lAV8B2lcjqYFvpsbE\/1509866066","token":"BY9SLAuY-TQApKgGM-JXbKwYzR82pG7fs8keiymvdhA"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Fetching http:\/\/www.*******.de\/.well-known\/acme-challenge\/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k: Error getting validation data","status":400},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/hJfIrvWP4tkgGjr0lmiBN2NZI7lAV8B2lcjqYFvpsbE\/1509866067","token":"0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k","keyAuthorization":"0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k.78CKKrCVyOkLTY6gfednJ3-QBvKpRwTuhuygKrDSGkE","validationRecord":[{"url":"http:\/\/www.*******.de\/.well-known\/acme-challenge\/0zRpvlqT6CUg2V7nYhQRIY-9J-Ot1FL10q-NAC8M88k","hostname":"www.*******.de","port":"80","addressesResolved":["**.**.**-**"],"addressUsed":"**.**.**-**","addressesTried":[]}]}],"combinations":[[0],[1],[2]]}
[information] Updating *******.com
[information] Adding SAN entry: *******.com
[information] Adding SAN entry: www.*******.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for *******.com
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for *******.com
[information] letsencrypt Token for *******.com saved at /*******/.well-known/acme-challenge/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80 and should be available at http://*******.com/.well-known/acme-challenge/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80
[error] letsencrypt Please check http://*******.com/.well-known/acme-challenge/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80 - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/*******.com\/.well-known\/acme-challenge\/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80): failed to open stream: Connection refused","file":"\/usr\/share\/nginx\/***********\/lib\/classes\/ssl\/class.lescript.php","line":232}
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/BXC8ki34flAY-DDpocwX-ZiSMHXibs4qcTWpVm9T8hQ/1509866242
[information] letsencrypt Verification pending, sleeping 1s
[error] Could not get Let's Encrypt certificate for *******.com: Verification ended with error: {"identifier":{"type":"dns","value":"*******.com"},"status":"invalid","expires":"2017-07-16T15:59:47Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Fetching http:\/\/*******.com\/.well-known\/acme-challenge\/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80: Error getting validation data","status":400},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/BXC8ki34flAY-DDpocwX-ZiSMHXibs4qcTWpVm9T8hQ\/1509866242","token":"2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80","keyAuthorization":"2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80.78CKKrCVyOkLTY6gfednJ3-QBvKpRwTuhuygKrDSGkE","validationRecord":[{"url":"http:\/\/*******.com\/.well-known\/acme-challenge\/2M20yGxtZQCTjIwvgWzR5xcMKYAW5Lq3l1n0brkqv80","hostname":"*******.com","port":"80","addressesResolved":["**.**.**-**"],"addressUsed":"**.**.**-**","addressesTried":[]}]},{"type":"tls-sni-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/BXC8ki34flAY-DDpocwX-ZiSMHXibs4qcTWpVm9T8hQ\/1509866246","token":"XI6aEbOefbSkB3RTP2T6rIRRhlYVl_qwN_4yzeQ9B2I"},{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/BXC8ki34flAY-DDpocwX-ZiSMHXibs4qcTWpVm9T8hQ\/1509866251","token":"CdyG0euaujfBblun9LpYbuE4wBMaCF88_zHaPaZqGfY"}],"combinations":[[0],[2],[1]]}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

 

Link to comment
Share on other sites

On 7.7.2017 at 3:16 PM, irisdina said:

{"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status":429}

rateLimit erreicht, zuviele versuche. 

On 9.7.2017 at 6:08 PM, irisdina said:

failed to open stream: Connection refused"

Steht doch da, connection refused, lets encrypt kann nicht verbinden. 

Prüfe doch zunächst manuell ob es funktioniert. Leg eine Datei "test" mit dem Inhalt "Hallo" in den Ordner /var/www/froxlor/.well-known/acme-challenge/ und rufe dann http://domain.tld/.well-known/acme-challenge/test auf und schau ob "Hallo" im Browser steht.

Link to comment
Share on other sites

3 hours ago, d00p said:

rateLimit erreicht, zuviele versuche. 

Steht doch da, connection refused, lets encrypt kann nicht verbinden. 

Prüfe doch zunächst manuell ob es funktioniert. Leg eine Datei "test" mit dem Inhalt "Hallo" in den Ordner /var/www/froxlor/.well-known/acme-challenge/ und rufe dann http://domain.tld/.well-known/acme-challenge/test auf und schau ob "Hallo" im Browser steht.

Ja, die Test Datei kann ich aufrufen.

Heute Nacht, hat er auch zwei weitere Certs erstellt, fehlt aktuell nur noch eine DE Domain, wo dass fehlt.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...