Author Topic: LetsEncrypt not working for hostname  (Read 2294 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
LetsEncrypt not working for hostname
« on: July 25, 2023, 06:07:09 PM »
Hi,
The SSL did not renewed for my hostname, and when I tried to change the hostname to regenerate it, it just did a self signed cert.
Your help would be appreciated.

This is the error message I get (I used xxxxxxx for the real domain name here for security):

Code: [Select]
2023/07/25 19:58:04 [error] 12504#0: *1139 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined offset: 0 in /usr/local/cwpsrv/htdocs/resources/admin/include/functions/func_system.php on line 0" while reading upstream, client: 91.120.105.140, server: localhost, request: "POST /cwp_166d8239a1308e3e7d58dacd0f4bfdc5/admin/index.php?module=change_hostname HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/cwpsrv.sock:", host: "server.xxxxxxxxxxx.com:2031", referrer: "https://server.xxxxxxxxxx.com:2031/cwp_166d8239a1308e3e7d58dacd0f4bfdc5/admin/index.php?module=change_hostname"

Online
*****
Re: LetsEncrypt not working for hostname
« Reply #1 on: July 25, 2023, 08:01:55 PM »
Make sue you have port 80 & 443 open.

All you should have to do is goto:

Server Settings -> Change Hostname

Towards the top it should say:
"Your Hostname is: xxx and it resolves to IP: xxx"
rDNS/PTR = (FQDN for your Hostname Here) SUCCESS

If nether of these are green or show correctly, the SSL request will fail.
If they are correct just:

(Click on Big Blue bar that says "Change Hostname")

Nothing needs to be changed.

Offline
*
Re: LetsEncrypt not working for hostname
« Reply #2 on: July 26, 2023, 08:33:00 AM »
Thanks for your reply. I know all these and it used ti work fine, but this time when the ssl expired, it did not renew it, and now it only generates a self signed cert when I change the hostname.
Screenshots:
Firewall ports: https://i2.paste.pics/7cc0dc63c9642556f2080104feeb0cc1.png
Hostname: https://i2.paste.pics/77fa9895ba657b24a79b285d14a59175.png


Make sue you have port 80 & 443 open.

All you should have to do is goto:

Server Settings -> Change Hostname

Towards the top it should say:
"Your Hostname is: xxx and it resolves to IP: xxx"
rDNS/PTR = (FQDN for your Hostname Here) SUCCESS

If nether of these are green or show correctly, the SSL request will fail.
If they are correct just:

(Click on Big Blue bar that says "Change Hostname")

Nothing needs to be changed.

Offline
*
Re: LetsEncrypt not working for hostname
« Reply #3 on: July 26, 2023, 08:41:59 AM »
On another note, it does not renew any of the SSL certs on any of the hosted domains.

Online
*****
Re: LetsEncrypt not working for hostname
« Reply #4 on: July 26, 2023, 03:38:36 PM »
I see you server mentioned a private network also with a 172.x internal IP.

Where is this server hosted at?

Or is it locally behind a modem/router?

If you have it hosted locally, then you will need to contact your provider, as they probably have some things blocked.

Offline
*
Re: LetsEncrypt not working for hostname
« Reply #5 on: July 26, 2023, 04:53:47 PM »
I got the issue. So, I manually allowed certain countries in the firewall, and it blocked the rest of them. So it was blocking LetsEncrypt as well, probably US, which wasn't allowd.
Anyhow, thanks for your replies, it's all good now.

Offline
*
Re: LetsEncrypt not working for hostname
« Reply #6 on: July 29, 2023, 02:17:08 PM »
I got the issue. So, I manually allowed certain countries in the firewall, and it blocked the rest of them. So it was blocking LetsEncrypt as well, probably US, which wasn't allowd.
Anyhow, thanks for your replies, it's all good now.

Great!

If You care about security, I think cloudflare will help. Allow only port 443 and 80 traffic from Cloudflare and block for the rest.

And also, cloudflare offer free lifetime SSL so don't need to renew any SSL
e-ujian, platform ujian online cbt terbaik | layanan ujian cbt gratis

Offline
*****
Re: LetsEncrypt not working for hostname
« Reply #7 on: July 29, 2023, 04:11:37 PM »
And also, cloudflare offer free lifetime SSL so don't need to renew any SSL
Cloudflare's SSL is only good for HTTPS requests, port 443, It will not work for you if you are wanting to host mail & FTP. So for many, it's a non-starter if you are trying to run an all-in-one box (web server, mail server, etc.)