MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: Spacedust on 2016-05-04, 11:58:24
-
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --quiet
Version: 1.1-20080819
Missing command line flags. For non-interactive execution, you will need to specify a plugin on the command line. Run with '--help plugins' to see a list of options, and see https://eff.org/letsencrypt-plugins for more detail on what the plugins do and how to use them.
-
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --quiet
Version: 1.1-20080819
Missing command line flags. For non-interactive execution, you will need to specify a plugin on the command line. Run with '--help plugins' to see a list of options, and see https://eff.org/letsencrypt-plugins for more detail on what the plugins do and how to use them.
No. It's work.
Try 'letsencrypt-auto --verbose'.
-
It worked from panel ;)
-
i saw the "letsencrypt" menu exist, i try to klik "add" button, but got error message: "Create Certificate failed".
so what i must do?
i must run:
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
or kloxo-mr 7 do it automatic?
-
i saw the "letsencrypt" menu exist, i try to klik "add" button, but got error message: "Create Certificate failed".
so what i must do?
i must run:
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
or kloxo-mr 7 do it automatic?
Go to 'admin > domains > (select one) > ssl configure > add lets encrypt' or 'admin > clients > (select one) > domains > (select one)> ssl configure > add lets encrypt'.
-
always get this error message (i try from 2 vps).
(https://dl.dropboxusercontent.com/u/1960706/rd/screenshot/lets01.png)
-
Go to 'log manager' and investigate 'letsencrypt' log.
-
there's no letsencrypt log :-(
(https://dl.dropboxusercontent.com/u/1960706/rd/screenshot/log01.jpg)
here's my sysinfo:
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016050403
- Web: hiawatha-10.1.0-f.6.mr.el6.i686
- PHP: php54s-5.4.43-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) i686
- Hostname: serv11.kombathost.com
C. Services:
1. MySQL: MariaDB-server-10.0.25-1.el6.i686
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.i686
- Multiple:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.45-2.w6
* php55m-5.5.32-1.ius.el6
* php56m-5.6.18-1.ius.el6
* php70m-7.0.3-1.w6
- Used: --Use PHP Branch--
3. Web Used: nginxproxy
- Hiawatha: --unused--
- Lighttpd: --uninstalled--
- Nginx: nginx-1.10.0-1.el6.ngx.i386
- Httpd: httpd-2.2.31-1.mr.el6.i386
- PHP Type: php-fpm_event
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: nsd
- Bind: --uninstalled--
- DJBDns: --uninstalled--
- NSD: nsd-4.1.9-1.mr.el6.i686
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
- spam: bogofilter
D. Memory:
total used free shared buffers cached
Mem: 1024 944 79 73 0 524
-/+ buffers/cache: 419 604
Swap: 512 66 445
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 75G 17G 59G 23% /
-
Sorry, not release yet for it.
Use 'file manager' and go to 'admin > server > localhost > select /var/log/letsencrypt'
-
there's no letsenscrypt log too :-(
(https://dl.dropboxusercontent.com/u/1960706/rd/screenshot/file01.png)
-
Inform here 'letsencrypt-auto --verbose'.
-
Inform here 'letsencrypt-auto --verbose'.
[root@serv11 ~]# letsencrypt-auto --verbose
-bash: letsencrypt-auto: command not found
i think letsencrypt not run, how to running it?
-
I also have problem with it, same error, erro log says:
2016-05-09 09:55:18,281:DEBUG:letsencrypt.main:Root logging level set at 20
2016-05-09 09:55:18,283:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-05-09 09:55:18,293:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-05-09 09:55:18,293:DEBUG:letsencrypt.main:Arguments: ['--verbose']
2016-05-09 09:55:18,294:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-05-09 09:55:18,305:DEBUG:letsencrypt.plugins.selection:Requested authenticator None and installer None
2016-05-09 09:55:24,891:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#apache): Error parsing runtime variables
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 104, in prepare
self._initialized.prepare()
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 172, in prepare
self.version)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/parser.py", line 70, in __init__
raise errors.PluginError("Error parsing runtime variables")
PluginError: Error parsing runtime variables
2016-05-09 09:55:24,892:DEBUG:letsencrypt.plugins.selection:No candidate plugin
2016-05-09 09:55:24,892:DEBUG:letsencrypt.plugins.selection:Selected authenticator None and installer None
-
Need install with 'sh /script/letsencrypt-installer'.
-
Need install with 'sh /script/letsencrypt-installer'.
Nothing to do
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.5.0
And when in admin panel trying to create: Alert: Create Certificate failed
-
Need install with 'sh /script/letsencrypt-installer'.
I have tried the results are successful,
Thanks master2...
-
Need install with 'sh /script/letsencrypt-installer'.
great, work perfectly ;)
thanks Pak MR.
btw, untuk perpanjang sertifikat gimana ya? atau kloxo-MR 7 ini otomatis perpanjang?
-
Need install with 'sh /script/letsencrypt-installer'.
great, work perfectly ;)
thanks Pak MR.
btw, untuk perpanjang sertifikat gimana ya? atau kloxo-MR 7 ini otomatis perpanjang?
Sebenarnya hal ini belum selesai. Belum ada perpanjangan otomatis. Nantinya akan ada dengan sendirinya jika sudah tuntas.
Masih ada masalah jika pakai hiawatha sebagai webserver.
-
Om Mustafa,
Bagaimana caranya menggunakan Letsencrypt untuk panel kloxo secara otomatis tanpa harus edit manual via SSH?
-
Pergi ke domain terkait dan pilih 'ssl configure > add lets encrypt'
-
Sebenarnya hal ini belum selesai. Belum ada perpanjangan otomatis. Nantinya akan ada dengan sendirinya jika sudah tuntas.
Masih ada masalah jika pakai hiawatha sebagai webserver.
kalo manual perpanjang gimana caranya ya Pak?
-
Sebenarnya hal ini belum selesai. Belum ada perpanjangan otomatis. Nantinya akan ada dengan sendirinya jika sudah tuntas.
Masih ada masalah jika pakai hiawatha sebagai webserver.
kalo manual perpanjang gimana caranya ya Pak?
Butuh perpanjangan setelah 90 hari. Sementara belum ada. Nanti sudah akan otomatis perpanjangan oleh Kloxo-MR.
-
Pergi ke domain terkait dan pilih 'ssl configure > add lets encrypt'
Om, misalnya saya pakai https://subdomain.domain.tld:7777
cara untuk merubah https pakai Letsencrypt adalah dengan tambahkan subdomain.domain.tld under admin account trus baru akses ke Letsencrypt itu ya?
Bagaimana jika saya aksesnya pakai IP address:7777 misalnya?
-
Letsencrypt tidak bisa untuk IP atau wildcard domains. Jika anda ingin untuk subdomain, tambahkan pada 'SAN' di domain dan kemudian gunakan feature 'add link'.
-
Om Mustafa,
Apakah untuk saat ini hanya apache saja yang di support Letsencrypt?
Saya sudah coba bbrp hari ini tetap error.
Error lognya http://j.mp/1Ta6U0J
pass saya kirim PM.
-
saya pake nginx-proxy, lancar pake letsencrypt
-
Iya om, saya pakai pure NGINX sayangnya. Apakah pengaruh ya.
-
Saya hanya menemukan masalah pada hiawatha (kelihatannya bug) tapi tidak untuk hiawatha-proxy.
-
Cara 'paling aman' untuk sementara, pindah ke apache, lakukan 'add lets encrypt' dan kemudian kembalikan ke semula (misalnya nginx).
-
share dari saya,
saya coba di centos 6.x dgn nginx-proxy lancar,
saya coba di centos 5.x , switch ke web server apache, hiawatha-proxy, nginx-proxy tidak berhasil;
Creating virtual environment...
Running virtualenv with interpreter /usr/bin/python2.7
The --no-site-packages flag is deprecated; it is now the default behavior.
New python executable in /root/.local/share/letsencrypt/bin/python2.7
Also creating executable in /root/.local/share/letsencrypt/bin/python
Installing setuptools...............................done.
Installing pip...............................done.
Installing Python packages...
Had a problem while installing Python packages:
Collecting argparse==1.4.0 (from -r /tmp/tmp.eazMEc1952/letsencrypt-auto-requirements.txt (line 5))
/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
Downloading argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.eazMEc1952/letsencrypt-auto-requirements.txt (line 11))
Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.eazMEc1952/letsencrypt-auto-requirements.txt (line 14))
Downloading cffi-1.4.2.tar.gz (365kB)
Complete output from command python setup.py egg_info:
unable to execute 'gcc44': No such file or directory
unable to execute 'gcc44': No such file or directory
No working compiler found, or bogus compiler options
passed to the compiler from Python's distutils module.
See the error messages above.
(If they are about -mno-fused-madd and you are on OS/X 10.8,
see http://stackoverflow.com/questions/22313407/ .)
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-CydAeu/cffi
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
-
Kelihatannya masalahnya pada versi python. Oleh karena itu sekarang sedang coba untuk ganti program letsencrypt-auto (berbasis python) dengan acme.sh (berbasis bash) sehingga saya berharap bisa compatible untuk CentOS 5 dan 6.
Sembari menunggu konfirmasi dengan 'pembuat' hiawatha tentang masalah gagal akses ke /.well-known.
-
Any solution?
Nothing to do
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.5.0
And when in admin panel trying to create: Alert: Create Certificate failed
CentOS 5
-
Any solution?
Nothing to do
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.5.0
And when in admin panel trying to create: Alert: Create Certificate failed
CentOS 5
Using 'file manager', go to '/var/log/letsencrypt' and investigate log file.
-
Any solution?
And when in admin panel trying to create: Alert: Create Certificate failed
CentOS 5
check log, on my problem, when i check log there's error on webmail.domain.tld, so i remove webmail.domain.tld from <textarea> when create letsenscrypt certificate.
-
Kelihatannya masalahnya pada versi python. Oleh karena itu sekarang sedang coba untuk ganti program letsencrypt-auto (berbasis python) dengan acme.sh (berbasis bash) sehingga saya berharap bisa compatible untuk CentOS 5 dan 6.
Sembari menunggu konfirmasi dengan 'pembuat' hiawatha tentang masalah gagal akses ke /.well-known.
Apakah hal ini termasuk untuk kasus untuk saya om? Atau memang tidak bisa untuk pure nginx?
-
Kelihatannya masalahnya pada versi python. Oleh karena itu sekarang sedang coba untuk ganti program letsencrypt-auto (berbasis python) dengan acme.sh (berbasis bash) sehingga saya berharap bisa compatible untuk CentOS 5 dan 6.
Sembari menunggu konfirmasi dengan 'pembuat' hiawatha tentang masalah gagal akses ke /.well-known.
Apakah hal ini termasuk untuk kasus untuk saya om? Atau memang tidak bisa untuk pure nginx?
Saya hanya menemukan masalah pada hiawatha.
Gunakan 'file manager', pergi ke '/var/log/letsencrypt' and periksa log file.
-
in - Httpd: httpd-2.2.31-1.mr.el6.x86_64
- PHP Type: php-fpm_event
works?
log (mydomain is ok domain) :
2016-05-11 16:04:09,725:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:
Domain: mydomain.org
Type: unauthorized
Detail: Invalid response from http://mydomain.org/.well-known/acme-challenge/9ZL8tFvUv7KkANKhd93Lr9LNVhK1Rvw8elfN4EJbrug [37.59.6.154]: 404
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-05-11 16:04:09,725:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-05-11 16:04:09,725:DEBUG:letsencrypt.plugins.webroot:Removing /var/run/letsencrypt/.well-known/acme-challenge/9ZL8tFvUv7KkANKhd93Lr9LNVhK1Rvw8elfN4EJbrug
2016-05-11 16:04:09,726:DEBUG:letsencrypt.plugins.webroot:All challenges cleaned up, removing /var/run/letsencrypt/.well-known/acme-challenge
2016-05-11 16:04:09,727:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 692, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 509, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py", line 93, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 274, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 246, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 131, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. mydomain.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.org/.well-known/acme-challenge/9ZL8tFvUv7KkANKhd93Lr9LNVhK1Rvw8elfN4EJbrug [37.59.6.154]: 404
In the domain directory it is not creating the file .well-known/acme-challenge/9ZL8tFvUv7KkANKhd93Lr9LNVhK1Rvw8elfN4EJbrug. Is that?
-
See http://intodns.com/mydomain.org
-
it is ok ... no errors in intodns
-
it is ok ... no errors in intodns
What's you mean ok?.
Did mydomain.org your 'real' domain?. If yes, from intodns.com, so many 'red' alert including not match nameserver and no 'a record' for www.
-
Hi, 'mydomain.org' is a example domain, my real domains are other and they are ok in intodns. The error (certificate failed) is with all domains that i have.
All domains are working ok, but letsencrypt isn't working.
-
Any solution?
Nothing to do
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.5.0
And when in admin panel trying to create: Alert: Create Certificate failed
CentOS 5
Using 'file manager', go to '/var/log/letsencrypt' and investigate log file.
2016-05-09 09:55:18,281:DEBUG:letsencrypt.main:Root logging level set at 20
2016-05-09 09:55:18,283:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-05-09 09:55:18,293:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-05-09 09:55:18,293:DEBUG:letsencrypt.main:Arguments: ['--verbose']
2016-05-09 09:55:18,294:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-05-09 09:55:18,305:DEBUG:letsencrypt.plugins.selection:Requested authenticator None and installer None
2016-05-09 09:55:24,891:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#apache): Error parsing runtime variables
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 104, in prepare
self._initialized.prepare()
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 172, in prepare
self.version)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/parser.py", line 70, in __init__
raise errors.PluginError("Error parsing runtime variables")
PluginError: Error parsing runtime variables
2016-05-09 09:55:24,892:DEBUG:letsencrypt.plugins.selection:No candidate plugin
2016-05-09 09:55:24,892:DEBUG:letsencrypt.plugins.selection:Selected authenticator None and installer None
Buf it happens add to log only after " letsencrypt-auto --verbose"
After trying to add domain, no errors in log file
-
After update kloxo-mr version:
sh /script/letsencrypt-installer
mv: cannot stat `certbot-master': No such file or directory
/script/letsencrypt-installer: line 39: /usr/local/lxlabs/kloxo/certbot/letsencrypt-auto: No such file or directory
-
Wait next update.
-
And one question. It is possible work with multiple domains but one IP?
-
And one question. It is possible work with multiple domains but one IP?
Absolutely YES.
-
Kelihatannya masalahnya pada versi python. Oleh karena itu sekarang sedang coba untuk ganti program letsencrypt-auto (berbasis python) dengan acme.sh (berbasis bash) sehingga saya berharap bisa compatible untuk CentOS 5 dan 6.
Sembari menunggu konfirmasi dengan 'pembuat' hiawatha tentang masalah gagal akses ke /.well-known.
Barusan saya update kloxomr nya master,
yang pakai centos 5 belum berhasil add ssl letsencryp
muncul tulisan : cetificate key file empty
sewaktu update muncul : Installing acme.sh
mv: cannot stat `acme.sh-master': No such file or directory
cara fix nya seperti apa ya master.
-
Tunggu update selanjutnya. Memang ada masalah pada proses install acme.sh untuk letsencrypt.
-
And one question. It is possible work with multiple domains but one IP?
Absolutely YES.
After successfully add ssl, is required to do anything to do? Going to domain with https shows not connection secured
-
Don't need other action if create letsencrypt ssl via 'admin > domains > (select one) > ssl configure > add lets encrypt' or 'admin > clients > (select one) > domains > (select one) > ssl configure > add lets encrypt'
-
Don't need other action if create letsencrypt ssl via 'admin > domains > (select one) > ssl configure > add lets encrypt' or 'admin > clients > (select one) > domains > (select one) > ssl configure > add lets encrypt'
tried:
1. 'admin > clients > (select one) > domains > (select one) > ssl configure > add lets encrypt'
2. 'admin > clients > (select one) > clients > (select one) > domains > (select one) > ssl configure > add lets encrypt' (on reseler account other users :))
Tried different ways, but with https shows:
Subject *.lxlabs.com
Valid from 24/Feb/2006 to 24/Feb/2007
Issuer *.lxlabs.com
If I set here 'admin —> IP Addresses —> {Domain Configure}' domain name, then it works for that domain, but other not :)
-
I didn't found your issue in my dev servers (centos 5 and 6).
-
After successfully add ssl, is required to do anything to do? Going to domain with https shows not connection secured
you can try to restart service like:
sh /script/restart-all y; sh /script/fix-all
-
you can try to restart service like:
sh /script/restart-all y; sh /script/fix-all
Not helped.
Maybe I will give up, because now can't add ssl for new domains writes
Alert: Certificate key file emptyError log:
[Wed May 18 11:55:15 EEST 2016] Skip register account key
[Wed May 18 11:55:15 EEST 2016] Creating csr
[Wed May 18 11:55:15 EEST 2016] Multi domain='DNS:www.ubernemokamai.tk,DNS:cp.*****.**,DNS:webmail.*******.**'
unable to load Private Key
31489:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY
[Wed May 18 11:55:15 EEST 2016] Create CSR error.
And for domains, server always takes SERVER PANEL (created new self-asign SSL, to replace lxlabs ssl which I mentioned above) ssl sertificate, but not letsencrypt sertificates. And here for me is main problem and I don't know what to do. Tried reboot, restart processes, /scripts/fix-all
-
Inform here 'acme.sh --help; cat /var/log/acme.sh/acme.sh.log'.
-
Inform here 'acme.sh --help; cat /var/log/acme.sh/acme.sh.log'.
[root@server~]# acme.sh --help; cat /var/log/acme.sh/acme.sh.log
https://github.com/Neilpang/acme.sh
v2.2.4
Usage: acme.sh command ...[parameters]....
Commands:
--help, -h Show this help message.
--version, -v Show version info.
--install Install acme.sh to your system.
--uninstall Uninstall acme.sh, and uninstall the cron job.
--issue Issue a cert.
--installcert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert.
--renewAll Renew all the certs
--revoke Revoke a cert.
--installcronjob Install the cron job to renew certs, you don't need t o call this. The 'install' command can automatically install the cron job.
--uninstallcronjob Uninstall the cron job. The 'uninstall' command can d o this automatically.
--cron Run cron job to renew all the certs.
--toPkcs Export the certificate and key to a pfx file.
--createAccountKey, -cak Create an account private key, professional use.
--createDomainKey, -cdk Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use.
Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
--force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test.
--debug Output debug info.
--webroot, -w /path/to/webroot Specifies the web root folder for web root m ode.
--standalone Use standalone mode.
--apache Use apache mode.
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
--accountkeylength, -ak [2048] Specifies the account key length.
These parameters are to install the cert to nginx/apache or anyother server af ter issue/renew a cert:
--certpath /path/to/real/cert/file After issue/renew, the cert will be copied to this path.
--keypath /path/to/real/key/file After issue/renew, the key will be copied to this path.
--capath /path/to/real/ca/file After issue/renew, the intermediate cert wil l be copied to this path.
--fullchainpath /path/to/fullchain/file After issue/renew, the fullchain cert will be copied to this path.
--reloadcmd "service nginx reload" After issue/renew, it's used to reload the server.
--accountconf Specifies a customized account config file.
--home Specifies the home dir for acme.sh .
--certhome Specifies the home dir to save all the certs .
--useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email for registering, Only valid for the '--install' command.
--accountkey Specifies the account key path, Only valid f or the '--install' command.
--days Specifies the days to renew the cert when us ing '--issue' command. The max value is 80 days.
[Wed May 18 11:55:15 EEST 2016] Skip register account key
[Wed May 18 11:55:15 EEST 2016] Creating csr
[Wed May 18 11:55:15 EEST 2016] Multi domain='DNS:www.******.**,DNS:cp.*****.**,DNS:webmail.*****.**'
unable to load Private Key
31489:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expec ting: ANY PRIVATE KEY
[Wed May 18 11:55:15 EEST 2016] Create CSR error.
[root@server~]#
acme.sh.log shows only last try :) It deletes old logs
-
Look like something wrong with openssl, inform here 'yum list|grep openssl'.
-
Look like something wrong with openssl, inform here 'yum list|grep openssl'.
[root@server~]# yum list|grep openssl
openssl.i686 0.9.8e-39.el5_11 installed
openssl.x86_64 0.9.8e-39.el5_11 installed
openssl-devel.i386 0.9.8e-39.el5_11 installed
openssl-devel.x86_64 0.9.8e-39.el5_11 installed
apr-util-openssl.x86_64 1.5.4-1.mr.el5 mratwork-release-version-arch
globus-gsi-openssl-error.i386 3.5-2.el5 mratwork-epel
globus-gsi-openssl-error.x86_64 3.5-2.el5 mratwork-epel
globus-gsi-openssl-error-devel.i386 3.5-2.el5 mratwork-epel
globus-gsi-openssl-error-devel.x86_64 3.5-2.el5 mratwork-epel
globus-gsi-openssl-error-doc.x86_64 3.5-2.el5 mratwork-epel
globus-openssl-module.i386 4.6-2.el5 mratwork-epel
globus-openssl-module.x86_64 4.6-2.el5 mratwork-epel
globus-openssl-module-devel.i386 4.6-2.el5 mratwork-epel
globus-openssl-module-devel.x86_64 4.6-2.el5 mratwork-epel
globus-openssl-module-doc.x86_64 4.6-2.el5 mratwork-epel
openssl-perl.x86_64 0.9.8e-39.el5_11 updates
openssl097a.i386 0.9.7a-12.el5_10.1 base
openssl097a.x86_64 0.9.7a-12.el5_10.1 base
openssl101e.i386 1.0.1e-7.el5 mratwork-epel
openssl101e.x86_64 1.0.1e-7.el5 mratwork-epel
openssl101e-devel.i386 1.0.1e-7.el5 mratwork-epel
openssl101e-devel.x86_64 1.0.1e-7.el5 mratwork-epel
openssl101e-perl.x86_64 1.0.1e-7.el5 mratwork-epel
openssl101e-static.i386 1.0.1e-7.el5 mratwork-epel
openssl101e-static.x86_64 1.0.1e-7.el5 mratwork-epel
xmlsec1-openssl.i386 1.2.9-8.1.2 base
xmlsec1-openssl.x86_64 1.2.9-8.1.2 base
xmlsec1-openssl-devel.i386 1.2.9-8.1.2 base
xmlsec1-openssl-devel.x86_64 1.2.9-8.1.2 base
[root@server~]#
-
Inform here 'cat /home/kloxo/ssl/*_acme.sh'
-
Inform here 'cat /home/kloxo/ssl/*_acme.sh'
fi[root@server ~]# cat /home/kloxo/ssl/*_acme.sh
#!/bin/sh
/usr/bin/acme.sh --issue --webroot /var/run/letsencrypt \
--domain MYDOMAIN.lt \
--domain www.MYDOMAIN.lt \
--domain cp.MYDOMAIN.lt \
--domain webmail.MYDOMAIN.lt \
--keylength 2048 --accountemail admin@MYDOMAIN.lt >> /var/log/acme.sh/acme.sh.log \
&> /var/log/acme.sh/acme.sh.log
if [ -f /root/.acme.sh/MYDOMAIN.lt/ca.cer ] ; then
cd /root/.acme.sh/MYDOMAIN.lt
cat MYDOMAIN.lt.key MYDOMAIN.lt.cer ca.cer > MYDOMAIN.lt.pem
fi#!/bin/sh
/usr/bin/acme.sh --issue --webroot /var/run/letsencrypt \
--domain MYDOMAIN.info \
--domain www.MYDOMAIN.info \
--domain cp.MYDOMAIN.info \
--domain webmail.MYDOMAIN.info \
--keylength 2048 --accountemail admin@MYDOMAIN.info >> /var/log/acme.sh/acme.sh.log \
&> /var/log/acme.sh/acme.sh.log
if [ -f /root/.acme.sh/MYDOMAIN.info/ca.cer ] ; then
cd /root/.acme.sh/MYDOMAIN.info
cat MYDOMAIN.info.key MYDOMAIN.info.cer ca.cer > MYDOMAIN.info.pem
fi#!/bin/sh
/usr/bin/acme.sh --issue --webroot /var/run/letsencrypt \
--domain simple.MYDOMAIN.net \
--domain www.simple.MYDOMAIN.net \
--domain cp.simple.MYDOMAIN.net \
--domain webmail.simple.MYDOMAIN.net \
--keylength ec-384 --accountemail admin@simple.MYDOMAIN.net >> /var/log/acme.sh/acme.sh.log \
&> /var/log/acme.sh/acme.sh.log
if [ -f /root/.acme.sh/simple.MYDOMAIN.net/ca.cer ] ; then
cd /root/.acme.sh/simple.MYDOMAIN.net
cat simple.MYDOMAIN.net.key simple.MYDOMAIN.net.cer ca.cer > simple.MYDOMAIN.net.pem
fi#!/bin/sh
/usr/bin/acme.sh --issue --webroot /var/run/letsencrypt \
--domain MYDOMAIN.lt \
--domain www.MYDOMAIN.lt \
--domain cp.MYDOMAIN.lt \
--domain webmail.MYDOMAIN.lt \
--keylength 2048 --accountemail admin@MYDOMAIN.lt >> /var/log/acme.sh/acme.sh.log \
&> /var/log/acme.sh/acme.sh.log
if [ -f /root/.acme.sh/MYDOMAIN.lt/ca.cer ] ; then
cd /root/.acme.sh/MYDOMAIN.lt
cat MYDOMAIN.lt.key MYDOMAIN.lt.cer ca.cer > MYDOMAIN.lt.pem
fi#!/bin/sh
/usr/bin/acme.sh --issue --webroot /var/run/letsencrypt \
--domain MYDOMAIN.tk \
--domain www.MYDOMAIN.tk \
--domain cp.MYDOMAIN.tk \
--domain webmail.MYDOMAIN.tk \
--keylength 2048 --accountemail admin@MYDOMAIN.tk >> /var/log/acme.sh/acme.sh.log \
&> /var/log/acme.sh/acme.sh.log
if [ -f /root/.acme.sh/MYDOMAIN.tk/ca.cer ] ; then
cd /root/.acme.sh/MYDOMAIN.tk
cat MYDOMAIN.tk.key MYDOMAIN.tk.cer ca.cer > MYDOMAIN.tk.pem
fi[root@server ~]#
-
Inform here dns setting for 1 of your domains.
-
This?
-
Make sure no warning in intodns.com related to ns.
-
Make sure no warning in intodns.com related to ns.
No warnings :(
-
Are iv.lt and xxx.info exists in the same server like xxx.lt?
-
And ehat's appear if your access to 'http://yourdomain/.well-known/acme-challenge'?
-
Are iv.lt and xxx.info exists in the same server like xxx.lt?
iv.lt is my server provider, because I have only one IP, but some domains requires 2 dns, so I use them provided DNS for this (they synchronise). xxx.info and xxx.lt is in the same server
(https://i.gyazo.com/f5b99a879b621b61a7d714763dc25bdb.png)
I can give domain names, IP that you need, but in PM, not want to be public :)
-
Ok, give info to PM.
-
I have the same.
-
If found 'Error 403 - Forbidden' that mean your domain can raised (domain.com, www.domain.com, cp.domain.com and webmail.domain.com).
If found 'File not found' that mean something trouble for this domain. Maybe rewrite rule make trouble for it.
-
I have 403 forbbiden.
-
saya pakai yang centos 6, apache
bisa menambah letsencrypt di domain gacatara.com tetapi sewaktu di test di ssllab muncul error
kemudian saya ketik "sh /script/cleanup"
muncul error sbb :
Stopping httpd: [FAILED]
Starting httpd: AH00526: Syntax error on line 402 of /opt/configs/apache/conf/do mains/gacatara.com.conf:
SSLCertificateFile: file '/home/kloxo/ssl/gacatara.com.pem' does not exist or is empty
[FAILED]
kalau saya check di intodns memang ada eror :
ERROR: I could not get any A records for www.gacatara.com!
(I only do a cache request, if you recently added a WWW A record, it might not show up here.)
untuk memperbaiki error tersebut gimana ya master2.
-
Hapus letsencrypt ssl dari panel dan kemudian buat baru. Tapi sebelumnya update dulu dengan 'yum clean all; yum update -y' dan kemudian 'sh /script/cleanup'.
-
tanya pak: jadi apakah sudah ada perpanjang otomatis letsencrypt kloxo-mr 7?
-
Hapus letsencrypt ssl dari panel dan kemudian buat baru. Tapi sebelumnya update dulu dengan 'yum clean all; yum update -y' dan kemudian 'sh /script/cleanup'.
sudah saya coba master, ada eror ketika "sh /script/cleanup" yaitu :
-------------------------------------------------------------------
Stopping nsd: [ OK ]
Starting nsd: [ OK ]
-------------------------------------------------------------------
error reading information on service phpm-fpm: No such file or directory
Stopping php-fpm: [ OK ]
Starting php-fpm: [ OK ]
-------------------------------------------------------------------
Stopping httpd: [ OK ]
Starting httpd: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 77.81.226.79. Set the 'ServerName' directive globally to suppress this message
[ OK ]
-------------------------------------------------------------------
kalau info :
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016052404
- Web: hiawatha-10.2.0-f.6.mr.el6.i686
- PHP: php54s-5.4.45-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) i686
- Hostname: ita1
C. Services:
1. MySQL: MariaDB-server-10.0.25-1.el6.i686
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.i686
- Multiple:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.45-1.ius.el6
* php55m-5.5.33-1.ius.el6
* php56m-5.6.19-1.ius.el6
* php70m-7.0.4-1.w6
- Used: --Use PHP Branch--
3. Web Used: apache
- Hiawatha: --unused--
- Lighttpd: --uninstalled--
- Nginx: --uninstalled--
- Httpd: httpd24u-2.4.20-1.ius.el6.i686
- PHP Type: php-fpm_event
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: nsd
- Bind: --uninstalled--
- DJBDns: --uninstalled--
- NSD: nsd-4.1.9-1.mr.el6.i686
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
- spam: bogofilter
-
Kalau dijalankan 'sh /script/restart-all -y' apa hasilnya.
-
Kalau dijalankan 'sh /script/restart-all -y' Hasil nya sbb :
# sh /script/restart-all -y
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
-------------------------------------------------------------------
Shutting down MySQL. SUCCESS!
Starting MySQL. SUCCESS!
-------------------------------------------------------------------
Stopping nsd: [ OK ]
Starting nsd: [ OK ]
-------------------------------------------------------------------
error reading information on service phpm-fpm: No such file or directory
Stopping php-fpm: [ OK ]
Starting php-fpm: [ OK ]
-------------------------------------------------------------------
Stopping httpd: [ OK ]
Starting httpd: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 77.81.226.79. Set the 'ServerName' directive globally to suppress this message
[ OK ]
-------------------------------------------------------------------
*** Process for QMAIL service ***
Stopping qmail-toaster: svscan qmail logging.
qmail-send: no process killed
Starting qmail-toaster: svscan.
-------------------------------------------------------------------
- For help, type '/script/restart-mail [--help|-h]'
-------------------------------------------------------------------
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
-------------------------------------------------------------------
Stopping kloxo-phpcgi: [ OK ]
Starting kloxo-phpcgi ('php54s' in 'fpm' mode): [ OK ]
Stopping kloxo-hiawatha: [ OK ]
Starting kloxo-hiawatha: [ OK ]
-------------------------------------------------------------------
-
Did you execute 'sh /script/cleanup' after update?.
-
yes sir, I have execute 'yum clean all; yum update -y' dan 'sh /script/cleanup'. dan 'sh /script/sysinfo -y'
-
Wait 1 hours and then update your Kloxo-MR 7.
-
Wait 1 hours and then update your Kloxo-MR 7.
Pak, jadi apakah kloxo-mr 7 update terbaru sudah auto-renew letsencrypt-nya?
-
Wait 1 hours and then update your Kloxo-MR 7.
Pak, jadi apakah kloxo-mr 7 update terbaru sudah auto-renew letsencrypt-nya?
Sebenarnya saya lebih suka acme.sh daripada letsencrypt-auto untuk tangani ssl dari letsencrypt. Hanya saja acme.sh jadi bermasalah karena adanya perubahan dari letsencrypt API.
Alasannya lebih suka acme.sh karena (1) pakai ssh murni, (2) punya cron yang siap pakai, (3) jalan di CentOS 5. dan beberapa yang lain. Nanti jika acme.sh sudah stabil maka akan saya ganti pakai acme.sh.
-
masih bingung nambah ssl lets encrypt yg baru, soalnya setelah di update menu add lets encrypt nya gak ada hehe
-
Letsencrypt hanya ada dibagian domain. Sudah tidak ada dibagian admin/client.
-
Sebenarnya saya lebih suka acme.sh daripada letsencrypt-auto untuk tangani ssl dari letsencrypt. Hanya saja acme.sh jadi bermasalah karena adanya perubahan dari letsencrypt API.
Alasannya lebih suka acme.sh karena (1) pakai ssh murni, (2) punya cron yang siap pakai, (3) jalan di CentOS 5. dan beberapa yang lain. Nanti jika acme.sh sudah stabil maka akan saya ganti pakai acme.sh.
jadi pak, dengan update kloxo-mr 7, maka sudah otomatis ada letsencrypt-auto? apakah ada seting (atau harus menjalankan cron) agar letsencrypt otomatis diperpanjang? atau tidak perlu diseting lagi?
-
Sebenarnya saya lebih suka acme.sh daripada letsencrypt-auto untuk tangani ssl dari letsencrypt. Hanya saja acme.sh jadi bermasalah karena adanya perubahan dari letsencrypt API.
Alasannya lebih suka acme.sh karena (1) pakai ssh murni, (2) punya cron yang siap pakai, (3) jalan di CentOS 5. dan beberapa yang lain. Nanti jika acme.sh sudah stabil maka akan saya ganti pakai acme.sh.
jadi pak, dengan update kloxo-mr 7, maka sudah otomatis ada letsencrypt-auto? apakah ada seting (atau harus menjalankan cron) agar letsencrypt otomatis diperpanjang? atau tidak perlu diseting lagi?
Tidak perlu. Karena letsencrypt usia sslnya masih cukup lama (80 hari) maka masih ada waktu untuk saya nantinya menyempurnakan masalah auto-renew ssl ini.
-
Pak, ketika saya add letsencript dr panel ada alert:
Create Certificate failed [arif.awalud.in]
di log letsencrypt admin:
Create Certificate failed [arif.awalud.in]
sysinfo:
[root@mymail ~]# sh /script/sysinfo
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016052507
- Web: hiawatha-10.2.0-f.6.mr.el6.i686
- PHP: php54s-5.4.44-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.8 (Final) i686
- Hostname: mymail.satriahost.com
C. Services:
1. MySQL: MariaDB-server-10.0.25-1.el6.i686
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.i686
- Multiple:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.44-1.ius.el6
* php55m-5.5.28-1.ius.el6
* php56m-5.6.11-1.ius.el6
- Used: --Use PHP Branch--
3. Web Used: hiawathaproxy
- Hiawatha: --used--
- Lighttpd: --uninstalled--
- Nginx: --uninstalled--
- Httpd: httpd-2.2.31-1.mr.el6.i386
- PHP Type: php-fpm_event
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: nsd
- Bind: --uninstalled--
- DJBDns: --uninstalled--
- NSD: nsd-4.1.9-1.mr.el6.i686
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
- spam: bogofilter
D. Memory:
total used free shared buffers cached
Mem: 1893 1128 765 28 134 602
-/+ buffers/cache: 390 1502
Swap: 255 7 248
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 20G 16G 2.8G 86% /
*** Process Time: 00:00:00:03.3860 (dd:hh:mm:ss:xxxxxx) ***
* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
(importance after Kloxo-MR update)
[root@mymail ~]#makasih pak
-
1. Jika pakai external mail (misalnya googleApp) pilihan pada 'SAN' tidak ikutkan 'webmail'
2. Jika ada redirect misalnya www ke non-www maka hentikan dulu redirect ini.
-
1. Jika pakai external mail (misalnya googleApp) pilihan pada 'SAN' tidak ikutkan 'webmail'
2. Jika ada redirect misalnya www ke non-www maka hentikan dulu redirect ini.
pak yang nmr 1 maksudnya gmn, blom ngerti SAN?
kebetulan yg mau di letsencript subdomain.
domain utama (awalud.in) emang pake google apps
-
Subject Alternative Name (SAN)
-
Pak, kok sekarang jd fail yah kalo generate letsencrypt
hasil log manager yg acme:
mp-jurnalpendidikanislam.com_acme.sh: line 14: /root/.acme.sh/acme.sh: is a directory
*******lam.com_acme.sh: line 14: /root/.acme.sh/acme.sh: is a directory
*****ndaran.net_acme.sh: line 14: /root/.acme.sh/acme.sh: is a directory
***alud.in_acme.sh: line 14: /root/.acme.sh/acme.sh: is a directory
[root@mymail ~]# sh /script/sysinfo
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016060703
- Web: hiawatha-10.3.0-f.1.mr.el6.i686
- PHP: php54s-5.4.44-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.8 (Final) i686
- Hostname: mymail.satriahost.com
C. Services:
1. MySQL: MariaDB-server-10.0.25-1.el6.i686
2. PHP:
- 'Branch' installed: php54-cli-5.4.45-1.ius.el6.i686
- 'Multiple' installed:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.44-1.ius.el6
* php55m-5.5.28-1.ius.el6
* php56m-5.6.11-1.ius.el6
- 'Used' selected: --PHP Branch--
- 'Multiple' status: disable
3. Web Used: hiawathaproxy
- Hiawatha: --used--
- Lighttpd: --uninstalled--
- Nginx: --uninstalled--
- Httpd: httpd-2.2.31-1.mr.el6.i386
- PHP Type: php-fpm_event
4. WebCache: none
- ATS: --uninstalled--
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: nsd
- Bind: --uninstalled--
- DJBDns: djbdns-1.05-17.4.mr.el6.i386
- NSD: nsd-4.1.9-1.mr.el6.i686
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- pop3/imap4: courier-imap-toaster-4.1.2-1.3.19.mr.el6.i686
- spam: bogofilter-1.2.4-1.el6.i686
D. Memory:
total used free shared buffers cached
Mem: 1893 1553 339 28 254 662
-/+ buffers/cache: 636 1256
Swap: 255 3 252
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 20G 15G 3.6G 81% /
*** Process Time: 00:00:00:03.3819 (dd:hh:mm:ss:xxxxxx) ***
* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
(importance after Kloxo-MR update)
[root@mymail ~]#
-
Coba install dulu dengan 'sh /script/acme.sh-installer'.