Hello
Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
wget -O - https://get.acme.sh | sh
Regards
Comments
certbot renew
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==0.37.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 17, in
from certbot import account
File "/usr/lib/python2.7/site-packages/certbot/account.py", line 17, in
from acme import messages
File "/usr/lib/python2.7/site-packages/acme/messages.py", line 11, in
from acme import challenges
File "/usr/lib/python2.7/site-packages/acme/challenges.py", line 12, in
import requests
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 97, in
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 28, in
from .compat import (
ImportError: cannot import name integer_types
EDIT: All the domains appear to renew without issue after renewing. It must be a permissions issue that requires an initial renewal after upgrading depending on the age of the certificate.
Cannot issue SSL. Error message: [Fri Sep 27 09:10:20 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/j0zzRjwK15N13l_M2Qtzd8udOIoTJP3xNwO9ceRlv3c [159.69.144.185]: [Fri Sep 27 09:10:20 UTC 2019] Please add '--debug' or '--log' to check more details. [Fri Sep 27 09:10:20 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Fri Sep 27 09:10:33 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/5gZ7VZxjt0-WuTcp-L8SMRXZcg8MFCi353iTiQrBy80 [159.69.144.185]: [Fri Sep 27 09:10:33 UTC 2019] Please add '--debug' or '--log' to check more details. [Fri Sep 27 09:10:33 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
and this:
Cannot issue SSL. Error message: [Fri Sep 27 09:13:18 UTC 2019] Create new order error. Le_OrderFinalize not found. { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 } [Fri Sep 27 09:13:18 UTC 2019] Please add '--debug' or '--log' to check more details. [Fri Sep 27 09:13:18 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Fri Sep 27 09:13:22 UTC 2019] Create new order error. Le_OrderFinalize not found. { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 } [Fri Sep 27 09:13:22 UTC 2019] Please add '--debug' or '--log' to check more details. [Fri Sep 27 09:13:22 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
CyberPanel is latest (clean installed two weeks ago)
I believe it does have something to do with permissions, however I don't have the chance to update or move the .htaccess as it's a new site. Even if I deploy the site without SSL, then try to get one after , there is no .htaccess to move
This only started happening recently
On my homelab with CyberPanel I was getting SSL renewal failure on a baremetal Centos 7.x system
1). I did update the system / CP to 1.9 / acme.sh script with no success.
2). I just found the below and switched to --use-wget and everything renewed.
https://github.com/Neilpang/acme.sh/pull/2499
I've tried adding it and still getting a 403 forbidden when letsencrypt trys to hit Cyberpanel.
Editing line 4286 of acme.sh ( newest version)
Old: if ! _exec "chown -R \"$webroot_owner\" \"$_currentRoot/.well-known\""; then
New: if ! _exec "chmod -R 755 \"$_currentRoot/.well-known\""; then
I did one manually with the entry from cron.....it would show the CA server to be busy and never completed. It was leaving all kinds of orphaned Txt files.
I tried one domain manually with the --use-wget and it went straight through with curl (default) it hung in a loop.
I added the --use-wget to the cron entry and today the rest of the domains updated.
The issue I had was with letsencrypt changing to http/2 and centos (curl) not working. Acme.sh has been updated, but I don't think it has solved all the issues with centos.
What's going on @CyberPanel