February 27, 20187 yr Hi, I wonder if there is anyone who able to properly set up Let's Encrypt feature with nginx? I followed suggested steps but I couldn't make it happen. - activate Let's Encrypt in the settings - as admin, goto Configuration -> select your distro -> select Webserver -> select your software - copy'n'paste the acme.conf part of the configration template - restart/reload webserver Then I run the cron php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updating Let's Encrypt certificates [information] Let's Encrypt certificates have been updated [notice] Checking system's last guid But, when I try to enable Let's Encrypt for a domain, the system automatically uncheck this option after I save. Any idea? Thanks
February 28, 20187 yr Author location /.well-known/acme-challenge { alias /var/www/froxlor/.well-known/acme-challenge; location ~ /.well-known/acme-challenge/(.*) { default_type text/plain; } } And in the panel; Path for Let's Encrypt challenges : /var/www/froxlor
February 28, 20187 yr Not the content, i meant the value of the setting, the path + filename. Settings -> SSL -> Path to the acme.conf snippet, should be /etc/nginx/acme.conf for nginx
February 28, 20187 yr Author Since most of documents suggest /etc/apache2/conf-enabled/acme.conf, I didn't change it from the panel. Instead of changing it, I've created that path and put the acme conf inside of /etc/apache2/conf-enabled/. For the nginx, the path name really matter?
February 28, 20187 yr Well If you use nginx, why would you set the path to apache2? Well whats in the Error Log? Anything?
February 28, 20187 yr Author Since your all documents using that apache2 folder, I followed your steps. Nevermind, as I said, I've changed the path as you suggested. There is no error. How can I check logs for this unexpected operations?
February 28, 20187 yr Its just defaults values...that's why these are settings, so you can adjust them according to your needs. You can test two things 1) create file called test in /var/www/froxlor/.well-known/acme-challenge and write "Hello" into it. Then try to open http://the-domain-that-should-get-the-certificate.tld/.well-known/acme-challenge/test in your browser - you should see "Hello" - if not, the alias is not set up correctly. 2) when you are sure the alias works, run the lets encrypt cronjob with --debug flag to see what's happening. When the output is just the three lines you posted earlier, then there is no domain with let's encrypt enabled to generate a certificate for...edit that domain, validate that is has at least on SSL-enabled IP address assigned and that let's encrypt is checked
February 28, 20187 yr Author http://maas.im/.well-known/acme-challenge/test seem okay. I guess I missed the point to add SSL-Enabled IP address. I have only one IP address, so I've added the same IP address with SSL. However, I am not sure how should I fill the rest of inputs. Path to the SSL Certificate: Path to the SSL Keyfile: Path to the SSL CA certificate: Path to the SSL CertificateChainFile: Since I didn't fill them properly, when I run the cron I'm getting an error; [error] maas.im :: certificate file "/etc/nginx/nginx.pem" does not exist! Cannot create ssl-directives Can your help me about it? #Edit: Now; I'm getting [error] 9323#0: *94691 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking when requested https://maas.im
February 28, 20187 yr Author In the /etc/nginx/sites-enabled/10_froxlor_ipandport_SERVERIP.443.conf I've commented the line server { #listen IP:443 default_server; Has solved my problem. So, how can I set this line from the panel as comment out? I guess If I run the cron, the line will be activated again.
March 1, 20187 yr Author Thanks man! To be clear for further visitors, I've unchecked "Create vHost-Container:" under Edit IP/Port for SSL IP
March 1, 20187 yr Ah nginx Yeah, damn. It's not possible to have a server {} block without a listen. So, either deactivate the complete vhost-container or find an error message why this is working when you comment out the listen from the vhost - do you have any manually created vhosts - maybe another one with default_server? Or non-IP specifi (just the port), like in the /etc/nginx/sites-available/default file? On a standard Debian i never had this issue, maybe just run a2dissite default?
March 1, 20187 yr Author Actually, I do not have any manually created vhosts. I guess the reason is "default_server" word in de default configuration which is generated by Froxlor for the IP. So, disabling vhosts-container has been solved this problem for me. I do not have even a2dissite
Archived
This topic is now archived and is closed to further replies.