Jump to content
Froxlor Forum
  • 0

Let's Encrypt with nginx


Evren
 Share

Question

Hi,

I wonder if there is anyone who able to properly set up Let's Encrypt feature with nginx?

I followed suggested steps but I couldn't make it happen.

- activate Let's Encrypt in the settings
- as admin, goto Configuration -> select your distro -> select Webserver -> select your software
- copy'n'paste the acme.conf part of the configration template
- restart/reload webserver

Then I run the cron

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

 

[information] Updating Let's Encrypt certificates
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

 

But, when I try to enable Let's Encrypt for a domain, the system automatically uncheck this option after I save.

Any idea?

Thanks

Link to comment
Share on other sites

17 answers to this question

Recommended Posts

  • 0
location /.well-known/acme-challenge {
	alias /var/www/froxlor/.well-known/acme-challenge;

	location ~ /.well-known/acme-challenge/(.*) {
		default_type text/plain;
	}
}

And  in the panel;

Path for Let's Encrypt challenges : /var/www/froxlor

 

Link to comment
Share on other sites

  • 0

Since most of documents suggest /etc/apache2/conf-enabled/acme.conf, I didn't change it from the panel. Instead of changing it, I've created that path and put the acme conf inside of /etc/apache2/conf-enabled/. 

For the nginx, the path name really matter?

Link to comment
Share on other sites

  • 0

Its just defaults values...that's why these are settings, so you can adjust them according to your needs.

You can test two things

1) create file called test in /var/www/froxlor/.well-known/acme-challenge and write "Hello" into it. Then try to open http://the-domain-that-should-get-the-certificate.tld/.well-known/acme-challenge/test in your browser - you should see "Hello" - if not, the alias is not set up correctly.

2) when you are sure the alias works, run the lets encrypt cronjob with --debug flag to see what's happening. When the output is just the three lines you posted earlier, then there is no domain with let's encrypt enabled to generate a certificate for...edit that domain, validate that is has at least on SSL-enabled IP address assigned and that let's encrypt is checked

Link to comment
Share on other sites

  • 0

http://maas.im/.well-known/acme-challenge/test seem okay.

I guess I missed the point to add SSL-Enabled IP address. 

I have only one IP address, so I've added the same IP address with SSL. However, I am not sure how should I fill the rest of inputs.

Path to the SSL Certificate:

Path to the SSL Keyfile:

Path to the SSL CA certificate:

Path to the SSL CertificateChainFile: 

 

Since I didn't fill them properly, when I run the cron I'm getting an error;

[error] maas.im :: certificate file "/etc/nginx/nginx.pem" does not exist! Cannot create ssl-directives

Can your help me about it?

 

#Edit: Now; I'm getting [error] 9323#0: *94691 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking when requested https://maas.im

Link to comment
Share on other sites

  • 0

In the /etc/nginx/sites-enabled/10_froxlor_ipandport_SERVERIP.443.conf

I've commented the line 

server {
        #listen    IP:443 default_server;

Has solved my problem. So, how can I set this line from the panel as comment out? I guess If I run the cron, the line will be activated again.

Link to comment
Share on other sites

  • 0

Ah nginx :P Yeah, damn. It's not possible to have a server {} block without a listen. So, either deactivate the complete vhost-container or find an error message why this is working when you comment out the listen from the vhost - do you have any manually created vhosts - maybe another one with default_server? Or non-IP specifi (just the port), like in the /etc/nginx/sites-available/default file?

On a standard Debian i never had this issue, maybe just run a2dissite default?

Link to comment
Share on other sites

  • 0

Actually, I do not have any manually created vhosts. I guess the reason is "default_server" word in de default configuration which is generated by Froxlor for the IP. So, disabling vhosts-container has been solved this problem for me.  I do not have even a2dissite :)

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...