Der Webserver auf dem Froxlor läuft hat folgende Domain: server01.foobar.de
Wenn ich in Froxlor unter Domains neue Subdomains der Hauptdomain á la kunde01.server01.foobar.de anlege und diese mit einem LE Zertifikat versehe klappt alles wunderbar. Die Subdomain ist erreichbar und nutzt auch das LE Zertifikat, also alles supi. Hier mal ein Log davon:
[information] Updating Let's Encrypt certificates
[information] Updating bgi.server01.foobar.de
[information] Adding SAN entry: bgi.server01.foobar.de
[information] Adding SAN entry: www.server01.foobar.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for bgi.server01.foobar.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for bgi.server01.foobar.de
[information] letsencrypt Token for bgi.server01.foobar.de saved at /var/www/html/admin/.well-known/acme-challenge/qJXI1m71z6zNbBI8Kw6aAIQ0KSUdHOdslRdJkNAKK08 and should be available at http://bgi.server01.foobar.de/.well-known/acme-challenge/qJXI1m71z6zNbBI8Kw6aAIQ0KSUdHOdslRdJkNAKK08
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/3T81eUeRxEGz8WhVa2475kI-yhLXYtzKLgeoV5ljHIk/4443522996
[information] letsencrypt Verification ended with status: valid
[information] letsencrypt Requesting challenge for www.bgi.server01.foobar.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for www.bgi.server01.foobar.de
[information] letsencrypt Token for www.bgi.server01.foobar.de saved at /var/www/html/admin/.well-known/acme-challenge/jjhl_yq1vkExcDlpfwRoNZwPAttsxG9nfoADZFyXCxk and should be available at http://www.server01.foobar.de/.well-known/acme-challenge/jjhl_yq1vkExcDlpfwRoNZwPAttsxG9nfoADZFyXCxk
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/4QwDCB0eOO0Bds93Uy6jMxllj4_KYbQ0A9QekMWJQD4/4443523233
[information] letsencrypt Verification ended with status: valid
[information] letsencrypt Sending signed request to /acme/new-cert
[information] letsencrypt Got certificate! YAY!
[information] letsencrypt Requesting chained cert at https://acme-v01.api.letsencrypt.org/acme/issuer-cert
[information] letsencrypt Done, returning new certificates and key
[information] Updated Let's Encrypt certificate for bgi.server01.foobar.de
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
Jetzt versuche ich allerdings vergeblich eine "fremde" domain (z.B. "foobar.com") mit einem LE Zertifikat zu versehen, welches mir nicht gelingen will.
Das anlegen und Routing der "fremden" Domain klappt wunderbar, wenn ich auf "foobar.com" gehe lande ich auf dem Verzeichnis des Kunden (auf dem oben genannten Webserver), also also so wie es sein soll.
Sobald ich aber SSL über LE aktiviere kommt das:
sudo php /var/www/html/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[information] Updating foobar.com
[information] Adding SAN entry: foobar.com
[information] Adding SAN entry: www.foobar.com
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for foobar.com
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for foobar.com
[information] letsencrypt Token for foobar.com saved at /var/www/html/admin/.well-known/acme-challenge/X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg and should be available at http://foobar.com/.well-known/acme-challenge/X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/rhkE-c3pd34xE7gS91gHvnMbaFehG87wZRmPwPKYhXM/4471937125
[information] letsencrypt Verification pending, sleeping 1s
[error] Could not get Let's Encrypt certificate for foobar.com: Verification ended with error: {"identifier":{"type":"dns","value":"foobar.com"},"status":"invalid","expires":"2018-05-09T16:18:45Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/rhkE-c3pd34xE7gS91gHvnMbaFehG87wZRmPwPKYhXM\/4471937124","token":"AJ31D_2MN66MMI-Dam7rneBoAVVmc7xBjXUydY6stXA"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/foobar.com\/.well-known\/acme-challenge\/X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg: \"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Frameset\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-frameset.dtd\">\n\n<html>\n<head>\"","status":403},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/rhkE-c3pd34xE7gS91gHvnMbaFehG87wZRmPwPKYhXM\/4471937125","token":"X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg","keyAuthorization":"X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg.N6g2YmnoPmmrzkZwk66oq--kiBaKuIiGrRHDyluSZrE","validationRecord":[{"url":"http:\/\/foobar.com\/.well-known\/acme-challenge\/X3_E2yMxYlK5YMxB8oOIVi77HIHyHNeH07TAoWJGwQg","hostname":"foobar.com","port":"80","addressesResolved":["84.200.25.15","2001:8d8:100f:f000::208"],"addressUsed":"2001:8d8:100f:f000::208"}]}],"combinations":[[1],[0]]}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
Also der zentrale Fehler ist meiner Meinung nach: urn:acme:error:unauthorized
Probiert habe ich bereits das erstellen einer Datei unter:
Question
H0di
Webserver: Apache/2.4.25 (Debian)
PHP-Version: 7.1.13-1+0~20180105151623.14+stretch~1.gbp1086fa
MySQL-Server-Version: 5.5.5-10.1.26-MariaDB-0+deb9u1
Kernel: 4.9.0-5-amd64 (x86_64)
Installierte Version: 0.9.39.5 (DB: 201802130)
Der Webserver auf dem Froxlor läuft hat folgende Domain: server01.foobar.de
Wenn ich in Froxlor unter Domains neue Subdomains der Hauptdomain á la kunde01.server01.foobar.de anlege und diese mit einem LE Zertifikat versehe klappt alles wunderbar. Die Subdomain ist erreichbar und nutzt auch das LE Zertifikat, also alles supi. Hier mal ein Log davon:
[information] Updating Let's Encrypt certificates [information] Updating bgi.server01.foobar.de [information] Adding SAN entry: bgi.server01.foobar.de [information] Adding SAN entry: www.server01.foobar.de [information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate [information] letsencrypt Using existing account key [information] letsencrypt Starting certificate generation process for domains [information] letsencrypt Requesting challenge for bgi.server01.foobar.de [information] letsencrypt Sending signed request to /acme/new-authz [information] letsencrypt Got challenge token for bgi.server01.foobar.de [information] letsencrypt Token for bgi.server01.foobar.de saved at /var/www/html/admin/.well-known/acme-challenge/qJXI1m71z6zNbBI8Kw6aAIQ0KSUdHOdslRdJkNAKK08 and should be available at http://bgi.server01.foobar.de/.well-known/acme-challenge/qJXI1m71z6zNbBI8Kw6aAIQ0KSUdHOdslRdJkNAKK08 [information] letsencrypt Sending request to challenge [information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/3T81eUeRxEGz8WhVa2475kI-yhLXYtzKLgeoV5ljHIk/4443522996 [information] letsencrypt Verification ended with status: valid [information] letsencrypt Requesting challenge for www.bgi.server01.foobar.de [information] letsencrypt Sending signed request to /acme/new-authz [information] letsencrypt Got challenge token for www.bgi.server01.foobar.de [information] letsencrypt Token for www.bgi.server01.foobar.de saved at /var/www/html/admin/.well-known/acme-challenge/jjhl_yq1vkExcDlpfwRoNZwPAttsxG9nfoADZFyXCxk and should be available at http://www.server01.foobar.de/.well-known/acme-challenge/jjhl_yq1vkExcDlpfwRoNZwPAttsxG9nfoADZFyXCxk [information] letsencrypt Sending request to challenge [information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/4QwDCB0eOO0Bds93Uy6jMxllj4_KYbQ0A9QekMWJQD4/4443523233 [information] letsencrypt Verification ended with status: valid [information] letsencrypt Sending signed request to /acme/new-cert [information] letsencrypt Got certificate! YAY! [information] letsencrypt Requesting chained cert at https://acme-v01.api.letsencrypt.org/acme/issuer-cert [information] letsencrypt Done, returning new certificates and key [information] Updated Let's Encrypt certificate for bgi.server01.foobar.de [information] Let's Encrypt certificates have been updated [notice] Checking system's last guid
Jetzt versuche ich allerdings vergeblich eine "fremde" domain (z.B. "foobar.com") mit einem LE Zertifikat zu versehen, welches mir nicht gelingen will.
Das anlegen und Routing der "fremden" Domain klappt wunderbar, wenn ich auf "foobar.com" gehe lande ich auf dem Verzeichnis des Kunden (auf dem oben genannten Webserver), also also so wie es sein soll.
Sobald ich aber SSL über LE aktiviere kommt das:
Also der zentrale Fehler ist meiner Meinung nach: urn:acme:error:unauthorized
Probiert habe ich bereits das erstellen einer Datei unter:
/var/www/html/froxlor/.well-known/acme-challenge/test
mit dem Inhalt "BUBU"
welche unter der domain foobar.com dann auch erreichbar wird, siehe:
curl -ikL http://foobar.com/.well-known/acme-challenge/test HTTP/1.1 200 OK Date: Wed, 02 May 2018 16:55:48 GMT Server: Apache/2.4.25 (Debian) Last-Modified: Wed, 02 May 2018 16:54:29 GMT ETag: "5-56b3bf0b66e3f" Accept-Ranges: bytes Content-Length: 5 BUBU
Jetzt bin ich mit meinem Latein aber am Ende, hat jemand eine Idee?
Danke!
Link to comment
Share on other sites
3 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.