Koozali.org: home of the SME Server

Thoughts on letsencrypt.com?

Offline Jean-Philippe Pialasse

  • *
  • 2,938
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Thoughts on letsencrypt.com?
« Reply #210 on: August 04, 2016, 09:58:22 AM »
I had theses errors on new issue of certificates on both SME9 and SME10.

Funny fact the box who did it the least was the one with the worst ADSL connexion, while or the other have 100 Mbps symetrical connexion at least. They are on every part of the globe ( europe, northe america and asia)


this leave me to say that this is an issue with their dns beeing hits too many times.

this might have to be reported to the dev of the script, so he can avoid curl to try to resolve it each time, when the box has already the IP.. (avoiding at least the rrror at the end of the script when you waited for validation of 70 domains it is a pain to fail for this and to have to start over.

Offline ReetP

  • *
  • 3,994
  • +6/-0
Re: Thoughts on letsencrypt.com?
« Reply #211 on: August 04, 2016, 10:02:04 AM »
I believe there are some mods/options in there to help with multi domains. You need to have a read of the docs/bugs on his git site.

If you think anything is relevant I can add options if required
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,994
  • +6/-0
Re: Thoughts on letsencrypt.com?
« Reply #212 on: August 04, 2016, 12:29:13 PM »
Something I did just now on a v8 box I updated.

Errored again.

After the first error I did

Code: [Select]
wget https://acme-v01.api.letsencrypt.org/directory
It then passed that.

On the second error I did

Code: [Select]
wget http://cert.int-x3.letsencrypt.org/
Both returned OK, and then letsencrypt.sh ran fine.
 
No idea what the problem is though - some form of lookup issue I guess.

I need to find another box, wget BOTH URLs before starting and see what happens
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,994
  • +6/-0
Re: Thoughts on letsencrypt.com?
« Reply #213 on: August 04, 2016, 02:56:11 PM »
Keep going mode in a cron job. This is now available via this commit:

https://github.com/lukas2511/letsencrypt.sh/commit/34565c193d0360dd4abbe1e630e5cad1396e81ca

I could add a key to enable/disable keep going mode (it is just adding a -g to the cron job)

Any interest ?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

guest22

Re: Thoughts on letsencrypt.com?
« Reply #214 on: August 05, 2016, 08:06:41 AM »
Anyone seen this before?


   + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 403)


Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "No registration exists matching provided key",
  "status": 403

Offline ReetP

  • *
  • 3,994
  • +6/-0
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,938
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Thoughts on letsencrypt.com?
« Reply #216 on: August 05, 2016, 10:51:08 AM »
I did, after the curl error

solution : delete the generated key to let the script to create a new one and register it completely.

guest22

Re: Thoughts on letsencrypt.com?
« Reply #217 on: August 08, 2016, 10:18:12 AM »
JFYI, I reverted back to the manual method of installing and using letsencrypt. It works for me.

guest22

Re: Thoughts on letsencrypt.com?
« Reply #218 on: August 08, 2016, 10:21:56 AM »
This is not Letsencrypt specific. Most browsers handle it in some way (either block mixed content, warn the user, mark the connexion as insecure)


@Daniel, how about a subdomain secured with letsencrypt? I've created a subdomain (with webapps-common) where the Document root is pointing to /opt/cloud. Trying to generate the letsencrypt for "cloud.mydomain.com" shows an error that letsencrypt was unable to verify the challenge and exits.


Thoughts?

Offline ReetP

  • *
  • 3,994
  • +6/-0
Re: Thoughts on letsencrypt.com?
« Reply #219 on: August 08, 2016, 10:55:45 AM »

@Daniel, how about a subdomain secured with letsencrypt? I've created a subdomain (with webapps-common) where the Document root is pointing to /opt/cloud. Trying to generate the letsencrypt for "cloud.mydomain.com" shows an error that letsencrypt was unable to verify the challenge and exits.


Thoughts?

Answer is in the docs.... :-)

Every domain has to be able to resolve the .well-known/acme-challenge directory

Another good reason to keep everything in ibays - my contrib does not work on other directories. If you use ibays it should work with web-apps

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

guest22

Re: Thoughts on letsencrypt.com?
« Reply #220 on: August 08, 2016, 11:25:40 AM »
Got letsencrypt working now with '/opt/myapp' will add to the wiki.

Offline ReetP

  • *
  • 3,994
  • +6/-0
Re: Thoughts on letsencrypt.com?
« Reply #221 on: August 08, 2016, 11:26:44 AM »
Anyone seen this before?


   + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 403)


Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "No registration exists matching provided key",
  "status": 403

Also note

https://github.com/lukas2511/letsencrypt.sh/issues/2

Quote
I was able to get around it by just using the -c option and removing my private key which I believe others did as well. I am moving forward now.

I have added a note on the Howto.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,938
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Thoughts on letsencrypt.com?
« Reply #222 on: August 09, 2016, 08:53:35 AM »
[quote link=topic=51961.msg270802#msg270802 date=1470648404]
Quote

    I was able to get around it by just using the -c option and removing my private key which I believe others did as well. I am moving forward now.


[/quote]

same here! after the test I tend to delete all the created keys before switch to live and the same if I hit an error that the key is not registered following a timout during registration of private key.

Offline ReetP

  • *
  • 3,994
  • +6/-0
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline DanB35

  • *****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: Thoughts on letsencrypt.com?
« Reply #224 on: September 09, 2016, 02:51:06 AM »
Looks like Mitel's integrated Let's Encrypt in what grew out of e-smith/SME Server; look at the screen shot posted here:
https://community.letsencrypt.org/t/failing-to-get-free-certificate-from-lets-encrypt-help/19648
......