Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 19:22:50

Author Topic: Expired Let's Encrypt - Site is not accessable  (Read 4603 times)

0 Members and 1 Guest are viewing this topic.

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Expired Let's Encrypt - Site is not accessable
« on: 2016-09-26, 19:27:55 »
Hi,

I had updated last 3 months back. And had created certificates for few domains. Now they got expired and I have installed the latest build. 'Kloxo-MR 7.0.0.b-2016092502'

My domain is http://www.pakblood.com which I had set to force SSL, and redirect non-www to www.

After update, I created the certificate and it didnt worked. After some time I thought to totally remove the certificates and try to run the website without SSL. I have turned off the options of force SSL and redirect non-www checkboxes from website basic. But still browser are redirecting to https

I have run 'sh /scripts/upcp' ''sh /scripts/cleanup/' 'yum clean; yum update -y' many times, and also fixweb, fixssl, restart-all -y but my problem is same


Here is sysinfo details

Code: [Select]
root@server script]# sh ./sysinfo -y
A. Control Panel:
   - Kloxo-MR: 7.0.0.b-2016092502
   - Web: hiawatha-10.3.0-f.1.mr.el6.x86_64
   - PHP: php54s-5.4.45-1.ius.el5 (fpm mode)
B. Plateform:
   - OS: CentOS release 6.8 (Final) x86_64
   - Hostname: server.aalasolutions.com
C. Services:
   1. MySQL: MariaDB-server-10.0.27-1.x86_64
   2. PHP:
      - Installed:
        - Branch: php-cli-5.3.3-48.el6_8.x86_64
        - Multiple:
          * php56m-5.6.22-2.ius.el6
      - Used: php56m-fpm
      - Multiple: disable
   3. Web Used: apache
     - Hiawatha: hiawatha-10.3.0-f.1.mr.el6.x86_64
     - Lighttpd: lighttpd-1.4.39-3.el5.x86_64
     - Nginx: --uninstalled--
     - Apache: httpd-2.2.31-1.mr.el5.x86_64
       - PHP Type: php-fpm_event
       - Secondary PHP: off
   4. WebCache: none
     - ATS: --uninstalled--
     - Squid: --uninstalled--
     - Varnish: --uninstalled--
   5. Dns: bind
     - Bind: bind-9.9.7-1.mr.el5.x86_64
     - DJBDns: --uninstalled--
     - NSD: --uninstalled--
     - PowerDNS: --uninstalled--
     - Yadifa: --uninstalled--
   6. Mail: qmail-toaster-1.03-1.3.55.mr.el5.x86_64
      - pop3/imap4: none
      - smtp: none
      - spam: bogofilter-1.2.4-1.el6.x86_64
   7. Stats: awstats
D. Memory:
                total       used       free     shared    buffers     cached
   Mem:          2006       1241        764          0         78        759
   -/+ buffers/cache:        403       1603
   Swap:            0          0          0
E. Disk Space:
   Filesystem      Size  Used Avail Use% Mounted on
   /dev/vda1        40G   16G   22G  42% /


I have checked https://www.ssllabs.com/ssltest/analyze.html?d=pakblood.com and it is showing errors

Here is the info from 'Admin -> Server -> Log Manager -> Let's Encrypt acme.sh.log'


Code: [Select]
[Mon Sep 26 13:41:35 EDT 2016] Creating account key
[Mon Sep 26 13:41:37 EDT 2016] Registering account
[Mon Sep 26 13:41:39 EDT 2016] Registered
[Mon Sep 26 13:41:41 EDT 2016] Update success.
[Mon Sep 26 13:41:41 EDT 2016] Creating domain key
[Mon Sep 26 13:41:41 EDT 2016] Multi domain='DNS:www.pakblood.com,DNS:cp.pakblood.com,DNS:stats.pakblood.com,DNS:webmail.pakblood.com'
[Mon Sep 26 13:41:41 EDT 2016] Verify each domain
[Mon Sep 26 13:41:41 EDT 2016] Getting webroot for domain='pakblood.com'
[Mon Sep 26 13:41:41 EDT 2016] _w='/var/run/letsencrypt'
[Mon Sep 26 13:41:41 EDT 2016] Getting new-authz for domain='pakblood.com'
[Mon Sep 26 13:41:43 EDT 2016] Getting webroot for domain='www.pakblood.com'
[Mon Sep 26 13:41:43 EDT 2016] _w='/var/run/letsencrypt'
[Mon Sep 26 13:41:43 EDT 2016] Getting new-authz for domain='www.pakblood.com'
[Mon Sep 26 13:41:44 EDT 2016] Getting webroot for domain='cp.pakblood.com'
[Mon Sep 26 13:41:44 EDT 2016] _w='/var/run/letsencrypt'
[Mon Sep 26 13:41:44 EDT 2016] Getting new-authz for domain='cp.pakblood.com'
[Mon Sep 26 13:41:47 EDT 2016] Getting webroot for domain='stats.pakblood.com'
[Mon Sep 26 13:41:47 EDT 2016] _w='/var/run/letsencrypt'
[Mon Sep 26 13:41:47 EDT 2016] Getting new-authz for domain='stats.pakblood.com'
[Mon Sep 26 13:41:49 EDT 2016] Getting webroot for domain='webmail.pakblood.com'
[Mon Sep 26 13:41:49 EDT 2016] _w='/var/run/letsencrypt'
[Mon Sep 26 13:41:49 EDT 2016] Getting new-authz for domain='webmail.pakblood.com'
[Mon Sep 26 13:41:50 EDT 2016] Verifying:pakblood.com
[Mon Sep 26 13:41:58 EDT 2016] Success
[Mon Sep 26 13:41:58 EDT 2016] Verifying:www.pakblood.com
[Mon Sep 26 13:42:04 EDT 2016] Success
[Mon Sep 26 13:42:04 EDT 2016] Verifying:cp.pakblood.com
[Mon Sep 26 13:42:11 EDT 2016] Success
[Mon Sep 26 13:42:11 EDT 2016] Verifying:stats.pakblood.com
[Mon Sep 26 13:42:18 EDT 2016] Success
[Mon Sep 26 13:42:18 EDT 2016] Verifying:webmail.pakblood.com
[Mon Sep 26 13:42:25 EDT 2016] Success
[Mon Sep 26 13:42:25 EDT 2016] Verify finished, start to sign.
[Mon Sep 26 13:42:27 EDT 2016] Cert success.
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISA6nmJ9X7eN6x2ZgBupiUZDoHMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA5MjYxNjQyMDBaFw0x
NjEyMjUxNjQyMDBaMBcxFTATBgNVBAMTDHBha2Jsb29kLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMwa2fPaeOVfbTK3X7tzJ+MEA+3EbWw5ozf9
7HsuwrgEZ4yXxdt8tW5yzYmHqVEbKBlwRULaWsin3pcNNyYt9o7BydRQY5Tfnmjy
90DkWIEIen+nGYrAnvF1HtaIMr+gWdpFeYoYy/F0T/n8/sTovr2KZiO7/xM5S8x5
tFiDoc/SxKD9FvExe7yCXZ48VLlN9uCnmIeMus9uCNn7P4vAMsYVIy7RMupOkfCV
kIS1EtewXdKE05yDYyrXSMLc6nWCEo4Mezb5TeY09YYZS+75LpkA736wKv7hFHSb
n9AxS04ZQY6Qvl6WqXCbY2zkg2WvClt6XX00AinenpoIpH3WW38CAwEAAaOCAlow
ggJWMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUcHeEJ4s6muDCE+Cjy0cQsgXMgIQw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
Zy8wZAYDVR0RBF0wW4IPY3AucGFrYmxvb2QuY29tggxwYWtibG9vZC5jb22CEnN0
YXRzLnBha2Jsb29kLmNvbYIUd2VibWFpbC5wYWtibG9vZC5jb22CEHd3dy5wYWti
bG9vZC5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEB
MIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYI
KwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGll
ZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNl
IHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xl
dHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAYD0I
aTj16g3XbzhB36EnhZxPjXLm4b05rbV9lB+FqV7Dh8w7JIPbJPchkg813Leoi7Ke
08riJyOBWpT0h2lkaLsvJ2Eg+A265yKo737D0ca2OqIr4EniFYrbMbtccww4Qe0l
75SlMPnfRwFiX8rppXqP6rUwjVqkx1mWuWRqadLLPKQRHMcuOnsuyoLswNKfbVTB
sw8V50D1HO5FomUSUcLmXdFtnVDpnpI/UXAXgvq1eoP3x6PKH3EWx5lujks1vYZa
YH35x5BYyP/TNlVv2KBzd+8vohDXfVIVJsTe+rRTJ9M1qFHgrWHDstexiDKwzRIt
03NztuNNjjwnCahvjA==
-----END CERTIFICATE-----
[Mon Sep 26 13:42:27 EDT 2016] Your cert is in  /root/.acme.sh/pakblood.com/pakblood.com.cer
[Mon Sep 26 13:42:27 EDT 2016] Your cert key is in  /root/.acme.sh/pakblood.com/pakblood.com.key
[Mon Sep 26 13:42:27 EDT 2016] The intermediate CA cert is in  /root/.acme.sh/pakblood.com/ca.cer
[Mon Sep 26 13:42:27 EDT 2016] And the full chain certs is there:  /root/.acme.sh/pakblood.com/fullchain.cer
[Mon Sep 26 13:42:27 EDT 2016] Merge with 'cat pakblood.com.key pakblood.com.cer ca.cer > pakblood.com.pem'
[Mon Sep 26 13:42:27 EDT 2016] Copy with 'cp -f /root/.acme.sh/pakblood.com/ca.cer /home/kloxo/ssl/pakblood.com.ca'
[Mon Sep 26 13:42:27 EDT 2016] Copy with 'cp -f /root/.acme.sh/pakblood.com/pakblood.com.cer /home/kloxo/ssl/pakblood.com.crt'
[Mon Sep 26 13:42:27 EDT 2016] Copy with 'cp -f /root/.acme.sh/pakblood.com/pakblood.com.key /home/kloxo/ssl/pakblood.com.key'
[Mon Sep 26 13:42:27 EDT 2016] Copy with 'cp -f /root/.acme.sh/pakblood.com/pakblood.com.pem /home/kloxo/ssl/pakblood.com.pem'

Here is some other info
Code: [Select]
[root@server script]# acme.sh version
https://github.com/Neilpang/acme.sh
v2.5.8
[root@server script]# letsencrypt-auto --version
letsencrypt 0.8.1
[root@server script]#
« Last Edit: 2016-09-26, 19:32:07 by aamirrajpoot »

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Expired Let's Encrypt - Site is not accessable
« Reply #1 on: 2016-09-26, 19:50:00 »
Try re-create letsencrypt again.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Expired Let's Encrypt - Site is not accessable
« Reply #2 on: 2016-09-26, 19:55:04 »
I have just deleted my old cert and created the new one. After that executed ' sh /script/fixssl;sh /script/fixweb;sh /script/restart-all -y'

Still not worked

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Expired Let's Encrypt - Site is not accessable
« Reply #3 on: 2016-09-26, 20:11:20 »
Inform here 'cat /opt/configs/apache/conf/domains/pakblood.com.conf|grep SSLCACertificatefile' and 'dir -l /home/kloxo/ssl'
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Expired Let's Encrypt - Site is not accessable
« Reply #4 on: 2016-09-26, 20:21:41 »
Code: [Select]
[root@server script]# cat /opt/configs/apache/conf/domains/pakblood.com.conf|grep SSLCACertificatefile
                SSLCACertificatefile /home/kloxo/ssl/pakblood.com.ca
                SSLCACertificatefile /home/kloxo/ssl/pakblood.com.ca
                SSLCACertificatefile /home/kloxo/ssl/pakblood.com.ca
                SSLCACertificatefile /home/kloxo/ssl/pakblood.com.ca



[root@server script]# dir -l /home/kloxo/ssl
-rw-r--r-- 1 root root 1429 Sep 26 14:14 eth0___localhost.ca
-rw-r--r-- 1 root root 1424 Sep 26 14:14 eth0___localhost.crt
-rw-r--r-- 1 root root 1704 Sep 26 14:14 eth0___localhost.key
-rw-r--r-- 1 root root 4558 Sep 26 14:14 eth0___localhost.pem
-rw-r--r-- 1 root root 1429 Sep 26 14:14 eth1___localhost.ca
-rw-r--r-- 1 root root 1424 Sep 26 14:14 eth1___localhost.crt
-rw-r--r-- 1 root root 1704 Sep 26 14:14 eth1___localhost.key
-rw-r--r-- 1 root root 4558 Sep 26 14:14 eth1___localhost.pem
-rw-r--r-- 1 root root 1594 Sep 26 14:14 pakblood.com_acme.sh
-rw-r--r-- 1 root root 1648 Sep 26 14:14 pakblood.com.ca
-rw-r--r-- 1 root root 1896 Sep 26 14:14 pakblood.com.crt
-rw-r--r-- 1 root root 1676 Sep 26 14:14 pakblood.com.key
-rw-r--r-- 1 root root 5219 Sep 26 14:14 pakblood.com.pem
[root@server script]#

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Expired Let's Encrypt - Site is not accessable
« Reply #5 on: 2016-09-26, 20:45:15 »
Look like nothing wrong with ssl file and apache configs.

Try reboot.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Expired Let's Encrypt - Site is not accessable
« Reply #6 on: 2016-09-26, 20:49:24 »
Yes, everything looks okay. Only known issue was there were some problems with Python version while updating.

Server is rebooted, everything is same. Sites with SSL are not working.

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Expired Let's Encrypt - Site is not accessable
« Reply #7 on: 2016-09-27, 08:56:09 »
I have done some testing, and installed a new browser their my site opened without SSL. I have removed chrome and firefox cache and now my sites are working without SSL, but when I try to access them with https it still gives me error


When I open https://www.ssllabs.com/ssltest/analyze.html?d=pakblood.com

I get

Code: [Select]
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests

There are two problems

1. Why browser cache needs to be cleared?
2. Why certificate name is mismatch?

Offline aamirrajpoot

  • Valuable Member
  • *
  • Posts: 54
  • Karma: +0/-0
    • View Profile
Re: Expired Let's Encrypt - Site is not accessable
« Reply #8 on: 2016-09-27, 13:42:11 »
I tried to check the certificate and it also looks okay


Code: [Select]
[root@server ~]# openssl x509 -text -noout -in /home/kloxo/ssl/pakblood.com.pem | grep DNS
                DNS:cp.pakblood.com, DNS:pakblood.com, DNS:stats.pakblood.com, DNS:webmail.pakblood.com, DNS:www.pakblood.com

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.047 seconds with 18 queries.

web stats analysis