Jump to content
Froxlor Forum
  • 0
irisdina

Kein LE mehr aktueller Git Vers.?

Question

habe heute mal wieder ein "git pull" gemacht und eine neue domain in froxlor gepackt.
habe aber festgestellt, das keine LE Cert erstellt wird bzw. nicht richtig wohl. da die Browser alle sagen sie, seite sei Unsicher "Feherhaftes oder Fehlendes Cert"

in der nginx vhost conf sind die cert, sind die cert pfade richtig drin.

 

cert.thumb.JPG.efa449722ba8ab38912d2942a36d0653.JPG

 

Cronjob wurde manuell gestartet

 

php scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Requesting/renewing Let's Encrypt certificates
[information] Creating certificate for xxxxxxxxxx.eu
[information] Adding SAN entry: xxxxxxxxxx.eu
[information] Adding SAN entry: www.xxxxxxxxxx.eu
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Wed 04 Dec 2019 10:12:50 PM CET] Installing from online archive.
[Wed 04 Dec 2019 10:12:50 PM CET] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Wed 04 Dec 2019 10:12:51 PM CET] Extracting master.tar.gz
[Wed 04 Dec 2019 10:12:51 PM CET] Installing to /root/.acme.sh
[Wed 04 Dec 2019 10:12:51 PM CET] Installed to /root/.acme.sh/acme.sh
[Wed 04 Dec 2019 10:12:51 PM CET] Good, bash is found, so change the shebang to use bash as preferred.
[Wed 04 Dec 2019 10:12:51 PM CET] OK
[Wed 04 Dec 2019 10:12:51 PM CET] Install success!
[Wed 04 Dec 2019 10:12:51 PM CET] Upgrade success!
[Wed 04 Dec 2019 10:12:51 PM CET] Removing cron job
[Wed 04 Dec 2019 10:12:52 PM CET] Lets find script dir.
[Wed 04 Dec 2019 10:12:52 PM CET] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed 04 Dec 2019 10:12:52 PM CET] _script='/root/.acme.sh/acme.sh'
[Wed 04 Dec 2019 10:12:52 PM CET] _script_home='/root/.acme.sh'
[Wed 04 Dec 2019 10:12:52 PM CET] Using config home:/root/.acme.sh
[Wed 04 Dec 2019 10:12:52 PM CET] Using server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 04 Dec 2019 10:12:52 PM CET] Running cmd: issue
[Wed 04 Dec 2019 10:12:52 PM CET] _main_domain='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] _alt_domains='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] Using config home:/root/.acme.sh
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed 04 Dec 2019 10:12:52 PM CET] DOMAIN_PATH='/root/.acme.sh/xxxxxxxxxx.eu_ecc'
[Wed 04 Dec 2019 10:12:52 PM CET] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 04 Dec 2019 10:12:52 PM CET] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed 04 Dec 2019 10:12:52 PM CET] GET
[Wed 04 Dec 2019 10:12:52 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed 04 Dec 2019 10:12:52 PM CET] timeout=
[Wed 04 Dec 2019 10:12:52 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:52 PM CET] ret='0'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_NEW_AUTHZ
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_VERSION='2'
[Wed 04 Dec 2019 10:12:52 PM CET] _on_before_issue
[Wed 04 Dec 2019 10:12:52 PM CET] _chk_main_domain='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] _chk_alt_domains='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] Le_LocalAddress
[Wed 04 Dec 2019 10:12:52 PM CET] d='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] Check for domain='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] _currentRoot='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:52 PM CET] d='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] Check for domain='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] _currentRoot='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:52 PM CET] d
[Wed 04 Dec 2019 10:12:52 PM CET] _saved_account_key_hash is not changed, skip register account.
[Wed 04 Dec 2019 10:12:52 PM CET] Read key length:
[Wed 04 Dec 2019 10:12:52 PM CET] Using config home:/root/.acme.sh
[Wed 04 Dec 2019 10:12:52 PM CET] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed 04 Dec 2019 10:12:52 PM CET] Use length 384
[Wed 04 Dec 2019 10:12:52 PM CET] Using ec name: secp384r1
[Wed 04 Dec 2019 10:12:52 PM CET] _createcsr
[Wed 04 Dec 2019 10:12:52 PM CET] d='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] d
[Wed 04 Dec 2019 10:12:52 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed 04 Dec 2019 10:12:52 PM CET] payload='{"identifiers": [{"type":"dns","value":"xxxxxxxxxx.eu"},{"type":"dns","value":"www.xxxxxxxxxx.eu"}]}'
[Wed 04 Dec 2019 10:12:52 PM CET] RSA key
[Wed 04 Dec 2019 10:12:52 PM CET] HEAD
[Wed 04 Dec 2019 10:12:52 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 04 Dec 2019 10:12:52 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
[Wed 04 Dec 2019 10:12:53 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:53 PM CET] POST
[Wed 04 Dec 2019 10:12:53 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed 04 Dec 2019 10:12:53 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:54 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:54 PM CET] code='201'
[Wed 04 Dec 2019 10:12:54 PM CET] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/11716275/64509659'
[Wed 04 Dec 2019 10:12:54 PM CET] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11716275/64509659'
[Wed 04 Dec 2019 10:12:54 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25258627'
[Wed 04 Dec 2019 10:12:54 PM CET] payload
[Wed 04 Dec 2019 10:12:54 PM CET] POST
[Wed 04 Dec 2019 10:12:54 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25258627'
[Wed 04 Dec 2019 10:12:54 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:55 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:55 PM CET] code='200'
[Wed 04 Dec 2019 10:12:55 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25258628'
[Wed 04 Dec 2019 10:12:55 PM CET] payload
[Wed 04 Dec 2019 10:12:55 PM CET] POST
[Wed 04 Dec 2019 10:12:55 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/25258628'
[Wed 04 Dec 2019 10:12:55 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:55 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:55 PM CET] code='200'
[Wed 04 Dec 2019 10:12:55 PM CET] d='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:55 PM CET] _w='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:55 PM CET] _currentRoot='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:56 PM CET] entry='"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258627/3ebB0g","token":"Ttvw2E-36airL3Sd38NfVUB-4r9c7FB-FpINP6UTcJk","validationRecord":[{"url":"http://xxxxxxxxxx.eu/.well-known/acme-challenge/Ttvw2E-36airL3Sd38NfVUB-4r9c7FB-FpINP6UTcJk","hostname":"xxxxxxxxxx.eu","port":"80","addressesResolved":["88.99.92.97","2a01:4f8:10a:1ca0::2"],"addressUsed":"2a01:4f8:10a:1ca0::2"'
[Wed 04 Dec 2019 10:12:56 PM CET] token='Ttvw2E-36airL3Sd38NfVUB-4r9c7FB-FpINP6UTcJk'
[Wed 04 Dec 2019 10:12:56 PM CET] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258627/3ebB0g'
[Wed 04 Dec 2019 10:12:56 PM CET] keyauthorization='Ttvw2E-36airL3Sd38NfVUB-4r9c7FB-FpINP6UTcJk.4llaoQT_WVQRsyuuLc0BJGmqmtRbm-9egrbkq30uo1g'
[Wed 04 Dec 2019 10:12:56 PM CET] xxxxxxxxxx.eu is already verified.
[Wed 04 Dec 2019 10:12:56 PM CET] keyauthorization='verified_ok'
[Wed 04 Dec 2019 10:12:56 PM CET] dvlist='xxxxxxxxxx.eu#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258627/3ebB0g#http-01#/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:56 PM CET] d='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:56 PM CET] _w='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:56 PM CET] _currentRoot='/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:56 PM CET] entry='"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258628/5orHRw","token":"qvwUCzK0zDLPq5mvkp6XEogLwb_wg0UYS2QRGPs7-YQ","validationRecord":[{"url":"http://www.xxxxxxxxxx.eu/.well-known/acme-challenge/qvwUCzK0zDLPq5mvkp6XEogLwb_wg0UYS2QRGPs7-YQ","hostname":"www.xxxxxxxxxx.eu","port":"80","addressesResolved":["88.99.92.97","2a01:4f8:10a:1ca0::2"],"addressUsed":"2a01:4f8:10a:1ca0::2"'
[Wed 04 Dec 2019 10:12:56 PM CET] token='qvwUCzK0zDLPq5mvkp6XEogLwb_wg0UYS2QRGPs7-YQ'
[Wed 04 Dec 2019 10:12:56 PM CET] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258628/5orHRw'
[Wed 04 Dec 2019 10:12:56 PM CET] keyauthorization='qvwUCzK0zDLPq5mvkp6XEogLwb_wg0UYS2QRGPs7-YQ.4llaoQT_WVQRsyuuLc0BJGmqmtRbm-9egrbkq30uo1g'
[Wed 04 Dec 2019 10:12:56 PM CET] www.xxxxxxxxxx.eu is already verified.
[Wed 04 Dec 2019 10:12:56 PM CET] keyauthorization='verified_ok'
[Wed 04 Dec 2019 10:12:56 PM CET] dvlist='www.xxxxxxxxxx.eu#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258628/5orHRw#http-01#/var/www/html/xxxxxxxxxx'
[Wed 04 Dec 2019 10:12:56 PM CET] d
[Wed 04 Dec 2019 10:12:56 PM CET] vlist='xxxxxxxxxx.eu#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258627/3ebB0g#http-01#/var/www/html/xxxxxxxxxx,www.xxxxxxxxxx.eu#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/25258628/5orHRw#http-01#/var/www/html/xxxxxxxxxx,'
[Wed 04 Dec 2019 10:12:56 PM CET] d='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:56 PM CET] xxxxxxxxxx.eu is already verified, skip http-01.
[Wed 04 Dec 2019 10:12:56 PM CET] d='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:56 PM CET] www.xxxxxxxxxx.eu is already verified, skip http-01.
[Wed 04 Dec 2019 10:12:56 PM CET] ok, let's start to verify
[Wed 04 Dec 2019 10:12:56 PM CET] pid
[Wed 04 Dec 2019 10:12:56 PM CET] No need to restore nginx, skip.
[Wed 04 Dec 2019 10:12:56 PM CET] _clearupdns
[Wed 04 Dec 2019 10:12:56 PM CET] dns_entries
[Wed 04 Dec 2019 10:12:56 PM CET] skip dns.
[Wed 04 Dec 2019 10:12:56 PM CET] i='2'
[Wed 04 Dec 2019 10:12:56 PM CET] j='9'
[Wed 04 Dec 2019 10:12:56 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11716275/64509659'
[Wed 04 Dec 2019 10:12:56 PM CET] payload='{"csr": "MIIBdzCB_QIBADAhMR8wHQYDVQQDDBZiYW5kbWFpZC1ldXJvcGVmYW5zLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4KfE9-fnkEbwkmDMqLWU-jub9OzGktAJralMd-Q99voKmVWlEqAxApuYrOWhHex5jxuunW3SH0yezxODfR91VsbYSnPiaaxSpWhlFoOrIGmZijzR2AkjESgVcUSrL2eroF0wWwYJKoZIhvcNAQkOMU4wTDALBgNVHQ8EBAMCBeAwPQYDVR0RBDYwNIIWYmFuZG1haWQtZXVyb3BlZmFucy5ldYIad3d3LmJhbmRtYWlkLWV1cm9wZWZhbnMuZXUwCgYIKoZIzj0EAwIDaQAwZgIxAJsRB9-_5syNT8mXQiyisw_xfatqSzrgmmVVN3vpw6EhIb1AkagUnYX4DMnDXgLsPwIxAJWMQFdsLhiDNcamBUBf5AMVStzz-ipCblL7nMRWnmiV7QhYLYla-Y-UnqRFlrhhDg"}'
[Wed 04 Dec 2019 10:12:56 PM CET] POST
[Wed 04 Dec 2019 10:12:56 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11716275/64509659'
[Wed 04 Dec 2019 10:12:56 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:57 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:57 PM CET] code='200'
[Wed 04 Dec 2019 10:12:57 PM CET] Order status is valid.
[Wed 04 Dec 2019 10:12:57 PM CET] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa927c748422c16f48ef004a263be5238be6'
[Wed 04 Dec 2019 10:12:57 PM CET] url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa927c748422c16f48ef004a263be5238be6'
[Wed 04 Dec 2019 10:12:57 PM CET] payload
[Wed 04 Dec 2019 10:12:57 PM CET] POST
[Wed 04 Dec 2019 10:12:57 PM CET] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa927c748422c16f48ef004a263be5238be6'
[Wed 04 Dec 2019 10:12:57 PM CET] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Wed 04 Dec 2019 10:12:58 PM CET] _ret='0'
[Wed 04 Dec 2019 10:12:58 PM CET] code='200'
[Wed 04 Dec 2019 10:12:58 PM CET] Found cert chain
[Wed 04 Dec 2019 10:12:58 PM CET] _end_n='28'
[Wed 04 Dec 2019 10:12:58 PM CET] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa927c748422c16f48ef004a263be5238be6'
[Wed 04 Dec 2019 10:12:58 PM CET] v2 chain.
[Wed 04 Dec 2019 10:12:58 PM CET] _on_issue_success
[debug] https://github.com/Neilpang/acme.sh
v2.8.4
[Wed 04 Dec 2019 10:12:52 PM CET] Creating domain key
[Wed 04 Dec 2019 10:12:52 PM CET] The domain key is here: /root/.acme.sh/xxxxxxxxxx.eu_ecc/xxxxxxxxxx.eu.key
[Wed 04 Dec 2019 10:12:52 PM CET] Multi domain='DNS:xxxxxxxxxx.eu,DNS:www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:52 PM CET] Getting domain auth token for each domain
[Wed 04 Dec 2019 10:12:55 PM CET] Getting webroot for domain='xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:56 PM CET] Getting webroot for domain='www.xxxxxxxxxx.eu'
[Wed 04 Dec 2019 10:12:56 PM CET] xxxxxxxxxx.eu is already verified, skip http-01.
[Wed 04 Dec 2019 10:12:56 PM CET] www.xxxxxxxxxx.eu is already verified, skip http-01.
[Wed 04 Dec 2019 10:12:56 PM CET] Verify finished, start to sign.
[Wed 04 Dec 2019 10:12:56 PM CET] Lets finalize the order, Le_OrderFinalize: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11716275/64509659
[Wed 04 Dec 2019 10:12:57 PM CET] Download cert, Le_LinkCert: https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa927c748422c16f48ef004a263be5238be6

 

*nachtrag*

habe testweise manuell das cert mit *certbot* für diese eine Domain erstellt und die pfade in der vhost conf angepasst, browser meckern jetzt nicht mehr

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Joa, hast wohl die STAGING API aktiviert für Let's Encrypt?!

Einstellungen -> SSL -> Let's Encrypt environment, sollte auf (Live) stehen

Share this post


Link to post
Share on other sites
  • 0
56 minutes ago, d00p said:

Joa, hast wohl die STAGING API aktiviert für Let's Encrypt?!

Einstellungen -> SSL -> Let's Encrypt environment, sollte auf (Live) stehen

geändert, funzt wieder. kA warum ich dass auf "Staging" stehen hatte.

ich kann jetzt wieder ein kaffee trinken ^^

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...