MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: Spacedust on 2016-05-19, 01:44:29
-
I've upgrade some old server and installation seems to went fine, but when creating new Let's Encrypt it throws an error unable to create certificate... ;(
Logs seems to be old ...
-
In latest update of Kloxo-MR 7, create/add letsencrypt ssl use 'acme.sh' (pure bash code) instead 'letsencrypt-auto' / 'certboot-auto' (pure python code; may trouble in CentOS 5).
-
I know but it still doesn't work. What else should be done ?
/etc/letsencrypt and /root/.acme weren't created...
I've tried remover but also didn't helped.
-
Try 'sh /script/acme.sh-installer' and then try with 'acme.sh --help'.
-
Try 'sh /script/acme.sh-installer' and then try with 'acme.sh --help'.
Just tried:
[root@ali /]# sh /script/acme.sh-installer
[root@ali /]# acme.sh --help
https://github.com/Neilpang/acme.sh
v2.2.4
Usage: acme.sh command ...[parameters]....
Commands:
--help, -h Show this help message.
--version, -v Show version info.
--install Install acme.sh to your system.
--uninstall Uninstall acme.sh, and uninstall the cron job.
--issue Issue a cert.
--installcert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert.
--renewAll Renew all the certs
--revoke Revoke a cert.
--installcronjob Install the cron job to renew certs, you don't need to call t his. The 'install' command can automatically install the cron job.
--uninstallcronjob Uninstall the cron job. The 'uninstall' command can do this a utomatically.
--cron Run cron job to renew all the certs.
--toPkcs Export the certificate and key to a pfx file.
--createAccountKey, -cak Create an account private key, professional use.
--createDomainKey, -cdk Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use.
Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke e tc.
--force, -f Used to force to install or force to renew a cert im mediately.
--staging, --test Use staging server, just for test.
--debug Output debug info.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--apache Use apache mode.
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8 192 or ec-256, ec-384.
--accountkeylength, -ak [2048] Specifies the account key length.
These parameters are to install the cert to nginx/apache or anyother server after issu e/renew a cert:
--certpath /path/to/real/cert/file After issue/renew, the cert will be copied to this path.
--keypath /path/to/real/key/file After issue/renew, the key will be copied to this pa th.
--capath /path/to/real/ca/file After issue/renew, the intermediate cert will be cop ied to this path.
--fullchainpath /path/to/fullchain/file After issue/renew, the fullchain cert will be copied to this path.
--reloadcmd "service nginx reload" After issue/renew, it's used to reload the server.
--accountconf Specifies a customized account config file.
--home Specifies the home dir for acme.sh .
--certhome Specifies the home dir to save all the certs.
--useragent Specifies the user agent string. it will be saved fo r future use too.
--accountemail Specifies the account email for registering, Only va lid for the '--install' command.
--accountkey Specifies the account key path, Only valid for the ' --install' command.
--days Specifies the days to renew the cert when using '--i ssue' command. The max value is 80 days.
-
Creating certificate failed ;(
-
I've applied all the latest fixes but still the same:
Alert: Create Certificate failed [domain.com]
-
What's report from 'letsencrypt' log?.
-
What's report from 'letsencrypt' log?.
It's blank ;(
-
I got log:
[Sat May 21 00:38:45 CEST 2016] Standalone mode.
[Sat May 21 00:38:47 CEST 2016] Skip register account key
[Sat May 21 00:38:47 CEST 2016] Creating csr
[Sat May 21 00:38:47 CEST 2016] Multi domain='DNS:www.portaleinternet.pl,DNS:cp.portaleinternet.pl,DNS:webmail.portaleinternet.pl'
[Sat May 21 00:38:47 CEST 2016] Verify each domain
[Sat May 21 00:38:47 CEST 2016] Getting webroot for domain='portaleinternet.pl'
[Sat May 21 00:38:47 CEST 2016] Getting token for domain='portaleinternet.pl'
[Sat May 21 00:38:48 CEST 2016] Error, can not get domain token portaleinternet.pl
-
I got log:
[Sat May 21 00:38:45 CEST 2016] Standalone mode.
[Sat May 21 00:38:47 CEST 2016] Skip register account key
[Sat May 21 00:38:47 CEST 2016] Creating csr
[Sat May 21 00:38:47 CEST 2016] Multi domain='DNS:www.portaleinternet.pl,DNS:cp.portaleinternet.pl,DNS:webmail.portaleinternet.pl'
[Sat May 21 00:38:47 CEST 2016] Verify each domain
[Sat May 21 00:38:47 CEST 2016] Getting webroot for domain='portaleinternet.pl'
[Sat May 21 00:38:47 CEST 2016] Getting token for domain='portaleinternet.pl'
[Sat May 21 00:38:48 CEST 2016] Error, can not get domain token portaleinternet.pl
I got the same issue on this forum's server. But nothing wrong in other servers.
-
I got the same. Please help. DNS is working fine, latest tpls and nothing helps.
-
It seems to be fixed: https://github.com/Neilpang/acme.sh/issues/191 but doesn't work for me from Kloxo (no logs).
-
In latest update, back to use letsencrypt-auto.
-
I've updated but it didn't helped. No logs and Alert: Create Certificate failed [domain.com] error message.
Running letsencrypt-auto shows this:
Checking for new version...
Requesting root privileges to run certbot...
/root/.local/share/letsencrypt/bin/letsencrypt
Version: 1.1-20080819
Version: 1.1-20080819
and.... nothing happens - it just 100% CPU usage.
-
/usr/local/lxlabs/kloxo/certbot/letsencrypt-cron.sh
-bash: /usr/local/lxlabs/kloxo/certbot/letsencrypt-cron.sh: No such file or directory
Why ?
-
Will be fixed.
-
It was working well for me and now it stopped. Certifcate is added but it's not working on the page ;(
The pem file is not being created. I got only ca, crt and key. Pem is marked as ready - probably bad symlink:
lrwxrwxrwx 1 root root 51 May 24 12:40 test.internet.az.pl.ca -> /etc/letsencrypt/live/test.internet.az.pl/chain.pem
lrwxrwxrwx 1 root root 50 May 24 12:40 test.internet.az.pl.crt -> /etc/letsencrypt/live/test.internet.az.pl/cert.pem
lrwxrwxrwx 1 root root 53 May 24 12:40 test.internet.az.pl.key -> /etc/letsencrypt/live/test.internet.az.pl/privkey.pem
-rw-r--r-- 1 root root 1401 May 24 12:40 test.internet.az.pl_letsencrypt.sh
lrwxrwxrwx 1 root root 49 May 24 12:40 test.internet.az.pl.pem -> /etc/letsencrypt/live/test.internet.az.pl/all.pem
-
Will fixed.
-
Does any one has successfully create the certificate?
I'm using Kloxo-MR 7.0.0.b-2016120101.
Thanks.
-
I'm doing this manually atm. The GUI doesn't work for me, i think there is a bug.
-
I'm doing this manually atm. The GUI doesn't work for me, i think there is a bug.
Hi fossxplorer,
Could you inform step by step how to do it?
Thanks.
-
In latest upload, Kloxo-MR using acme.sh instead letsencrypt-auto. To make sure, try update Kloxo-MR.
In latest upload, Kloxo-MR create certificate files (taken from kloxo database) instead create symlink.
-
Hi pak MR,
Which version for latest Kloxo-MR 7 ? I'm using Kloxo-MR 7.0.0.b-2016120101.
Thanks.
-
kloxomr7-7.0.0.b-2016121301
-
I was able to install Let's Encrypt SSL after I removed 'stats.MyDomain' from Subject Alternative Name (SAN) list. (My DNS setting had the A record for stats set and propagated). With stats.MyDomain included in the Subject Alternative Name (SAN) list it does not work.