[BlueOnyx:22620] Re: Let's Encrypt - updates are public

Thu Jan 24 10:18:51 -05 2019

Hello,

I did enable the debugging and tried the command manually.
www.andalusier.com is working successful.
andalusier.com is failing.
I did diable .htaccess and I did disable Web Alias Redirects in Blueonyx.
However it did fail everytime and now I get a  " Error creating new authz ::
too many failed authorizations recently: see
https://letsencrypt.org/docs/rate-limits/ "
So I have to wait until the next try.

Befor I did see the message:

[Thu Jan 24 16:09:55 CET 2019] www.andalusier.com is already verified, skip
http-01.
[Thu Jan 24 16:09:55 CET 2019] Verifying: andalusier.com
[Thu Jan 24 16:09:59 CET 2019] andalusier.com:Verify error:Invalid response
from
http://andalusier.com/.well-known/acme-challenge/kNXfA_VaIgnbxkQPWrZt0KKPD9x
XYpuDxZtEbVQK9x0:

Maybe it is helpful for you if I create a support ticket from the server and
you have a look at it?

Best regards,
Dirk

---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel

-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
Stauber
Gesendet: Donnerstag, 24. Januar 2019 15:02
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:22615] Re: Let's Encrypt - updates are public

Hi Dirk,

> I cannot see an error but certificate is not renewed.
> Can you please advise what to do?

Open /usr/sausalito/handlers/base/ssl/le_install.pl in an editor and find
the line ...

$DEBUG = "0";

.. and change that to this:

$DEBUG = "1";

Then run "tail -f /var/log/messages" while you do another renewal via the
GUI.

It will show you a lot more info about what's going on during the renewal.
It will also show you which exact command the GUI was using to try the
renewal.

It will look somewhat like this:

/usr/sausalito/acme/acme.sh  --apache --issue -d 5209r2.smd.net  -w
/home/.sites/143/site2/web --keylength 4096 --days 60 --cert-file
/home/.sites/143/site2/certs/certificate --key-file
/home/.sites/143/site2/certs/key  --fullchain-file
/home/.sites/143/site2/certs/nginx_cert_ca_combined --ca-file
/home/.sites/143/site2/certs/ca-certs --auto-upgrade 1  --accountemail
mstauber at blueonyx.it --force

Copy that command and all parameters and run it manually.

For testing purpose add "--staging --debug" to it. The --staging will run
the command against the Let's Encrypt testing sandbox so that you don't
exhaust your amount of tries against the life system. And the "--debug"
produces a more verbose diagnostic output.

Please note: If run with "--staging" you will get a certificate as well, but
it'll not be a trusted certificate.

One of the more likely causes of ACME failing (same as with CertBot) is that
your certificate request was for a domain name and multiple aliases. And
Let's Encrypt was unable to connect to
http://<alias>/.acme/<verification-file> because either you had "Web Alias
Redirects" ticked for that Vsite, a .htaccess did a redirect or the DNS A
Record for that alias wasn't working.

If (by a rare chance) you're missing /usr/sausalito/acme/acme.sh then please
do the following:

rpm -e --nodeps blueonyx-le-acme
yum reinstall blueonyx-le-acme

Let me know what a manual run of acme.sh with the renewal parameters yields
if you can't get it working.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5526 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20190124/1206bfad/attachment.p7s>