[BlueOnyx:20453] Letsencrypt - chasing shadows!

Colin Jack colin at mainline.co.uk
Wed Jan 4 17:05:04 -05 2017 

I am having a problem installing an LE certificate on any vsites on one of my VPS. (5208R)
No matter what I do – even creating a new blank site with no .htaccess or anything – fail.

“The following error occured during the SSL certificate request: The installation path for the certificates could not be determined.”

I have turned on LE debugging and get this in messages log:

Dependencies Resolved

================================================================================================================================================================
 Package                                Arch                             Version                                    Repository                             Size
================================================================================================================================================================
Installing:
 python-tools                           x86_64                           2.6.6-66.el6_8                             sl-security                           870 k
Installing for dependencies:
 tkinter                                x86_64                           2.6.6-66.el6_8                             sl-security                           257 k

Transaction Summary
================================================================================================================================================================
Install       2 Package(s)

Total size: 1.1 M
Installed size: 3.7 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test


Transaction Check Error:
  file /usr/bin/2to3 from install of python-tools-2.6.6-66.el6_8.x86_64 conflicts with file from package python27-tools-2.7.10-1.el6.x86_64

Apart from that nothing else obvious.

I have looked at Michael’s post [BlueOnyx:19411]:

"Let's Encrypt" (LE) needs to verify that you own the domain name(s). So
during cert requests the LE-client puts a publicly accessible file under
/web/.well-known/acme-challenge/.... of either AdmServ or the Vsite.

LE then accesses that URL via HTTP using *all* the domain names and
aliases that the cert request included.

The cert will only be issued if *all* these calls succeed.

There are a multitude of reasons why these checks might fail:

- Vsite has PHP-FPM enabled
- Missing DNS A record
- An existing .htaccess does a redirect
- The web server alias of a Vsite is borked
- NAT misconfiguration
- Firewall rules

Checked all this.

Help! ☺

Thanks

Colin

More information about the Blueonyx mailing list