[BlueOnyx:21299] LetsEncrypt error on 5208R admserv

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Mon Aug 28 08:37:34 -05 2017 

Hi all,

Having trouble with getting a letsencyrpt cert on the admserv side of a 
BlueOnyx machine.

- 5208R on Aventurin{e}
- build 20140909 for a 5208R in en_US
- fully yum updated

Symptom: when requesting letsencrypt cert from Server Management > 
Security > SSL > 'Let's Encrypt!' the following red error occurs:
The following error occured during the SSL certificate request: The 
installation path for the certificates could not be determined.

 From checking /var/log/messages and /var/log/httpd/access_log, I can 
see that when the callback for the acme-challenge takes place, it gets a 
301 redirect from the server's hostname to the site on the server with 
the same domain, but the www hostname.

In other words, let's say that the server hostname is 
"server.domain.tld".   The server also has a vsite on it, 
www.domain.tld.    When the letsencrypt validation server calls to check 
the file at hostname.domain.tld/.well-known/acme-challenge it gets 
redirected to www.domain.tld...

I have checked the "www" vsite's configuration and find no alias for 
"hostname".  I found nothing in the httpd config files calling for such 
a redirect.

What's going on, and how might I fix it?


This is what happens in /var/log/httpd/access_log
server.domain.tld 66.133.109.36 - - [28/Aug/2017:23:26:40 +1000] "GET 
/.well-known/acme-challenge/x1zHE01T2TiHAiyhJrJqZ6KamPshtqqggjR0HcTTMgE 
HTTP/1.1" 301 366 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation 
server; +https://www.letsencrypt.org)"
server.domain.tld 66.133.109.36 - - [28/Aug/2017:23:26:40 +1000] "GET 
/.well-known/acme-challenge/x1zHE01T2TiHAiyhJrJqZ6KamPshtqqggjR0HcTTMgE 
HTTP/1.1" 404 1295 
"http://bx2.maxi.net.au/.well-known/acme-challenge/x1zHE01T2TiHAiyhJrJqZ6KamPshtqqggjR0HcTTMgE" 
"Mozilla/5.0 (compatible; Let's Encrypt validation server; 
+https://www.letsencrypt.org)"



This is what happens in /var/log/messages:
Aug 28 23:26:37 hostname cced(smd)[588]: client 7:[49:1756]: SET  1 . 
SSL "autoRenewDays" "=" "60" "LEemail" "=" "host at tld.com" "autoRenew" 
"=" "1" "LEwantedAliases" "=" "" "uses_letsencrypt" "=" "1" 
"performLEinstall" "=" "1503926797"
Aug 28 23:26:37 hostname pperld 
/usr/sausalito/handlers/base/ssl/le_install.pl: : Performing LE SSL 
install for System
Aug 28 23:26:37 hostname pperld 
/usr/sausalito/handlers/base/ssl/le_install.pl: : FQDN: hostname.server.tld
Aug 28 23:26:37 hostname pperld 
/usr/sausalito/handlers/base/ssl/le_install.pl: : Web-Aliases:
Aug 28 23:26:37 hostname pperld 
/usr/sausalito/handlers/base/ssl/le_install.pl: : Running: 
/usr/sausalito/letsencrypt/letsencrypt-auto --text --no-self-upgrade 
certonly -a webroot --webroot-path /var/www/html -d hostname.domain.tld 
  --email host at tld.com --rsa-key-size 4096 --agree-tos 
--renew-by-default --user-agent #012BlueOnyx.it
Aug 28 23:26:43 hostname pperld 
/usr/sausalito/handlers/base/ssl/le_install.pl: : Result: IMPORTANT 
NOTES:#012 - The following errors were reported by the server:#012#012 
Domain: hostname.domain.tld#012   Type:   unauthorized#012   Detail: 
Invalid response from#012 
http://hostname.domain.tld/.well-known/acme-challenge/x1zHE01T2TiHAiyhJrJqZ6KamPshtqqggjR0HcTTMgE:#012 
   "<HTML>#012   <HEAD>#012   <meta HTTP-EQUIV="REFRESH" content="0; 
url=http://www.domain.tld">#012   <META NAME="Copyright" 
VALUE="Copyright (C) 20"#012#012   To fix these errors, please make sure 
that your domain name was#012   entered correctly and the DNS A/AAAA 
record(s) for that domain#012   contain(s) the right IP address.#012
Aug 28 23:26:43 bx2 cced(smd)[588]: client 
7:handlers/base/ssl/le_install.pl: SET  1 . SSL LEclientRet = "IMPORTANT 
NOTES:<br> - The following errors were reported by the server:<br><br> 
Domain: hostname.domain.tld<br>   Type:   unauthorized<br>   Detail: 
Invalid response from<br> 
http://hostname.domain.tld/.well-known/acme-challenge/x1zHE01T2TiHAiyhJrJqZ6KamPshtqqggjR0HcTTMgE:<br> 
   \"<HTML><br>   <HEAD><br>   <meta HTTP-EQUIV=\"REFRESH\" content=\"0; 
url=http://www.domain.tld\"><br>   <META NAME=\"Copyright\" 
VALUE=\"Copyright (C) 20\"<br><br>   To fix these errors, please make 
sure that your domain name was<br>   entered correctly and the DNS 
A/AAAA record(s) for that domain<br>   contain(s) the right IP address.<br>"


-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list