Koozali.org: home of the SME Server

Solved - letsencrypt challenge not completing

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #60 on: February 15, 2018, 12:31:13 PM »
Today I've got no more time... tomorrow then.
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #61 on: February 16, 2018, 08:54:13 PM »
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #62 on: April 22, 2018, 08:45:48 PM »
Yum reports an update for dehydated:

dehydrated         noarch      0.5.0-3.el6.sme

# rpm -q dehydrated
dehydrated-0.4.0.20170205.git1163864-1.el6.sme.noarch

I can't find the diffs. Could anybody tell what changes have been made?

regards,
stefan
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: letsencrypt challenge not completing
« Reply #63 on: April 22, 2018, 11:37:49 PM »
In CVS or check the git diffs (in the rpm name)

The only thing that has changed is the dehydrated script itself.

Check your bug for more:
https://bugs.contribs.org/show_bug.cgi?id=10521#c8

You should be able to update without any issues.

Nothing has been changed in the smeserver-letsencrypt contrib so it doesn't handle multiple certs etc.

There are more changes in the v0.6 dehydrated script which I am testing, but even that seems to work ok, though I need to make a few notes on updating to it as it uses letsencrypt API v2.

Please report any issues in the bug tracker.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,744
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com

Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #65 on: April 25, 2018, 09:59:20 PM »
In case the server is behind a firewall, it might be important to add this (again) in /usr/bin/dehydrated:

# setting firewall forward proxy
#
export http_proxy=http://192.168.42.1:3128
export https_proxy=http://192.168.42.1:3128

I updated today and will report, if any issues are coming up.

regards,
stefan

And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: letsencrypt challenge not completing
« Reply #66 on: April 25, 2018, 10:33:52 PM »
I think you mean 'using a proxy' hence port 3128

Presume you are running a proxy on your router or something.

All mine behind a firewall with simple port forwarding, or in gateway/server with no firewall, have zero issues.

From.what remember of your previous issues, I think your situation is commonly known as an 'edge case' :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline umbi

  • ***
  • 100
  • +0/-0
letsencrypt issue after sme server reboot
« Reply #67 on: September 30, 2018, 12:15:21 AM »
Hello to all

Im using SME with dehydratet letsencrypt.

i have all ssl domains in domain.txt

domain1
domain2
domain3
(saved wit nano) when i reopen all 3 domains are listed. So it works all perfect, untill i make an sme update and reboot.

when i open again the domain.txt file located in dehydrated directory, there is an old domain.txt file with only domain1 listed.
Domain 2 and 3 are no more in that file.

has someone an idea what i did wrong?

Many thanks in advance for any help.
(if im here in a wrong thread i ask sorry)


Offline DanB35

  • ****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: letsencrypt issue after sme server reboot
« Reply #68 on: September 30, 2018, 12:20:01 AM »
has someone an idea what i did wrong?
Yes--domains.txt is templated.  If you want your changes to survive a system update, you'll need to make them by creating custom template fragments for domains.txt adding your other domain names.
......

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #69 on: September 30, 2018, 12:35:43 AM »
Hi DanB35

Wow havent suspected a so fast answer.
Do you have a help for me, howto

creating custom template fragments for domains.txt

Thx 😊
Greez umbi

Offline DanB35

  • ****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: letsencrypt challenge not completing
« Reply #70 on: September 30, 2018, 12:37:29 AM »
......

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: letsencrypt challenge not completing
« Reply #71 on: September 30, 2018, 12:58:41 AM »
You should read the letsencrypt page on the wiki on how to add hosts and domains.

https://wiki.contribs.org/Letsencrypt

The templates should be in:

/etc/e-smith/templates/etc/dehydrated/domains.txt

Before making changes copy those templates to:

/etc/e-smith/templates-custom/etc/dehydrated/domains.txt
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline umbi

  • ***
  • 100
  • +0/-0
Re: letsencrypt challenge not completing
« Reply #72 on: September 30, 2018, 01:55:49 AM »
Hi ReetP
Hi DanB35

I apreciate your replys - thanks 4 it.

I was reading the howto links but as im not really stable on english language so i'm a little unsure. I prefer bether ask befor i make something wrong.

Did i understood correct, when i make for each  domain with following command:

db hosts setprop mail.domain1.com
db hosts setprop www.domain1.com
db hosts setprop domain1.com
- then same with domain2+3

  letsencryptSSLcert enabled
  signal-event console-save

It will automatic create the new entrys in the custom template?

greez
Umbi
« Last Edit: September 30, 2018, 02:03:57 AM by umbi »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: letsencrypt challenge not completing
« Reply #73 on: September 30, 2018, 02:31:39 AM »
Yes it should.

Try enabling one host eg www, console-save, and check domains.txt to make sure it is correct.

You can use mode 'test' to make sure the certificates are generated.

Then do this to generate them:

Code: [Select]
dehydrated -c -x
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,744
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: letsencrypt challenge not completing
« Reply #74 on: January 01, 2019, 09:02:12 PM »
Best way is not to create custom templates which might be forgotten there an dmigh conflict further updates but to actually use the domain panel to set the domain you need, then set the property to enable the ssl cert as per the lets encrypt page




Hi DanB35

Wow havent suspected a so fast answer.
Do you have a help for me, howto

creating custom template fragments for domains.txt

Thx 😊
Greez umbi