Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[ Letsencrypt ][ 1.0.0.0 ] Free, automated, and open Certificate Authority.
#41
any error or what is the issue ?
------------------------------------------------------------------------
[Image: linkedinbutton.jpg][Image: btn_donate_LG.gif]
Please respect my work and dont share my modules
Reply
#42
I will reproduce the errors this evening and post them here.
Reply
#43
First 'error' appears when trying to register:

Code:
root@127.0.0.1:/# /raid/data/module/Letsencrypt/shell/module.rc register
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
There is an existing account; registration of a duplicate account with this command is currently unsupported.
root@127.0.0.1:/#

Got past this by renaming the folder 
Code:
/raid0/data/MOD_CONFIG/letsencrypt/accounts

into
Code:
/raid0/data/MOD_CONFIG/letsencrypt/accounts.original

Executing the register command again now creates a new folder 
Code:
/raid0/data/MOD_CONFIG/letsencrypt/accounts

I'm asked to enter my mail address and if I would like to share it:
Code:
root@127.0.0.1:/# /raid/data/module/Letsencrypt/shell/module.rc register
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): my.email@domain.com

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
   should make a secure backup of this folder now. This configuration
   directory will also contain certificates and private keys obtained
   by Certbot so making regular backups of this folder is ideal.
root@127.0.0.1:/#

So far so good...

Then executing the command for creating the certificates
Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly

results in this:
Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
The currently selected ACME CA endpoint does not support issuing wildcard certificates.
root@127.0.0.1:/#

Some googling learned me that following line should be added to the certbot command
Code:
--server https://acme-v02.api.letsencrypt.org/directory

So I opened the file /raid0/data/module/Letsencrypt/shell/module.rc and added that line to 
Code:
_certonly(){

_checknas
$_apache stop
sleep 5
source /raid/data/module/Letsencrypt/sys/venv/bin/activate
certbot certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--config-dir ${CONFIG_DIR} \
--logs-dir ${LOGS_DIR} \
--work-dir ${WORK_DIR} \
--standalone \
-d ${DOMAIN}
#--webroot -w /raid/data/htdocs2/
deactivate
sleep 5
$_apache start
}

I then ran the command for creating the certificates again
Code:
root@127.0.0.1:/# /raid/data/module/Letsencrypt/shell/module.rc certonly

which at first looked promising, but finally returned another error:
Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): my.email@domain.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
   should make a secure backup of this folder now. This configuration
   directory will also contain certificates and private keys obtained
   by Certbot so making regular backups of this folder is ideal.
root@127.0.0.1:/#

I then gave up and went to bed   Dodgy
Reply
#44
to remove existing config run

Code:
/raid/data/module/Letsencrypt/shell/module.rc remove

To create wildcard certificate run

Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly_dns_challenge

Wildcard certificates cannot be renewed automatically, you have to manually run the command when the certificate has to be renewed
------------------------------------------------------------------------
[Image: linkedinbutton.jpg][Image: btn_donate_LG.gif]
Please respect my work and dont share my modules
Reply
#45
SUPER!! Thank you!

Seems like the wildcard certificate has been created successfully!

At the end I got this message:

Code:
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Non-standard path(s), might not work with crontab installed by your operating system package manager

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  /raid/data/MOD_CONFIG/letsencrypt/live/mydomain.com-0001/fullchain.pem
  Your key file has been saved at:
  /raid/data/MOD_CONFIG/letsencrypt/live/mydomain.com-0001/privkey.pem
  Your cert will expire on 2018-06-28. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  Donating to EFF:                    https://eff.org/donate-le

root@127.0.0.1:/#

Based on that message I am wondering why wildcard certificate can't be renewed automatically... 
Could you elaborate a bit on that?
Thanks again for your great work!!
Reply
#46
wildcard certificate works only with DNS validation.
DNS validation can only run manually to perform the TXT action or using an hook script to auto perform the manual actions.
What DNS provider you are using ?
------------------------------------------------------------------------
[Image: linkedinbutton.jpg][Image: btn_donate_LG.gif]
Please respect my work and dont share my modules
Reply
#47
Just checked with my hosting company.
They require that the IP address used for updating DNS records is registered at their site but I have a dynamic address...
Reply
#48
hi outkastm, I'm having trouble renewing my certificarte:

NAS101:/raid/module/Letsencrypt/shell# ./module.rc renew
httpd (no pid file) not running

Any clue?
Reply
#49
Hey Outkastm,

I'm using the version that comes with OS7, but I need to change the ports from 80 & 443 to 8080 and 31443 for NextCloud, and because my ISP blocks those ports. How can I do that on the Thecus console? I set the port forward in my router, but the apply still fails. I'm just doing the test mode so far.

Thanks!
N5550
8GB RAM
Firmware: 3.02.02.11 - OS7
5x4TB WD Red / Raid 5
Store videos / nextCloud / maybe Joomla test site
Self taught, and still learning!
Reply
#50
Just edit http.conf and https.conf from NextCloud module webui.
------------------------------------------------------------------------
[Image: linkedinbutton.jpg][Image: btn_donate_LG.gif]
Please respect my work and dont share my modules
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)