Author Topic: ssl expire  (Read 27382 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
ssl expire
« on: September 26, 2018, 12:02:13 PM »
i have more than host in cwp and one of them certificate expire i can't renew through bash
or through Letsencrypt Manager how i can i force renew
or remove ssl for just one host and rebuild again

Offline
*
Re: ssl expire
« Reply #1 on: September 26, 2018, 02:35:34 PM »
or any way to renew certificate for specific domain as force renew not work

Offline
*
Re: ssl expire
« Reply #2 on: September 26, 2018, 11:29:25 PM »
try checking your log file for issues

/root/.acme.sh/acme.sh.log
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: ssl expire
« Reply #3 on: September 27, 2018, 10:45:19 AM »
[Tue Sep 25 17:11:40 EET 2018] Getting domain auth token for each domain
[Tue Sep 25 17:11:40 EET 2018] Getting webroot for domain='www.algorithmz.net'
[Tue Sep 25 17:11:40 EET 2018] _w='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:40 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:40 EET 2018] Getting new-authz for domain='www.algorithmz.net'
[Tue Sep 25 17:11:40 EET 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Sep 25 17:11:40 EET 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Sep 25 17:11:40 EET 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Sep 25 17:11:40 EET 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Sep 25 17:11:40 EET 2018] Try new-authz for the 0 time.
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.algorithmz.net"}}'
[Tue Sep 25 17:11:40 EET 2018] RSA key
[Tue Sep 25 17:11:40 EET 2018] GET
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Sep 25 17:11:40 EET 2018] timeout
[Tue Sep 25 17:11:40 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:40 EET 2018] ret='0'
[Tue Sep 25 17:11:40 EET 2018] POST
[Tue Sep 25 17:11:40 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:40 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:41 EET 2018] _ret='0'
[Tue Sep 25 17:11:41 EET 2018] code='201'
[Tue Sep 25 17:11:41 EET 2018] The new-authz request is ok.
[Tue Sep 25 17:11:41 EET 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165","token":"E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA"'
[Tue Sep 25 17:11:41 EET 2018] token='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA'
[Tue Sep 25 17:11:41 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:41 EET 2018] keyauthorization='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:41 EET 2018] dvlist='www.algorithmz.net#E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165#http-01#/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] Getting webroot for domain='algorithmz.net'
[Tue Sep 25 17:11:41 EET 2018] _w='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:41 EET 2018] Getting new-authz for domain='algorithmz.net'
[Tue Sep 25 17:11:41 EET 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Sep 25 17:11:41 EET 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Sep 25 17:11:41 EET 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Sep 25 17:11:41 EET 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Sep 25 17:11:41 EET 2018] Try new-authz for the 0 time.
[Tue Sep 25 17:11:41 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "algorithmz.net"}}'
[Tue Sep 25 17:11:41 EET 2018] POST
[Tue Sep 25 17:11:41 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Sep 25 17:11:41 EET 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Sep 25 17:11:42 EET 2018] _ret='0'
[Tue Sep 25 17:11:42 EET 2018] code='201'
[Tue Sep 25 17:11:42 EET 2018] The new-authz request is ok.
[Tue Sep 25 17:11:42 EET 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403","token":"iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w"'
[Tue Sep 25 17:11:42 EET 2018] token='iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w'
[Tue Sep 25 17:11:42 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403'
[Tue Sep 25 17:11:42 EET 2018] keyauthorization='iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:42 EET 2018] dvlist='algorithmz.net#iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403#http-01#/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:42 EET 2018] vlist='www.algorithmz.net#E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165#http-01#/usr/local/apache/autossl_tmp,algorithmz.net#iF2xV_h7Jqpo22Iu-CkKgwMm3S3o1qOgNtVMdbn2u1w.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU#https://acme-v01.api.letsencrypt.org/acme/challenge/4XPFGnUDgGhE5lcU-suvJ5pp_oOD60GjHarYem1pHwg/7663002403#http-01#/usr/local/apache/autossl_tmp,'
[Tue Sep 25 17:11:42 EET 2018] ok, let's start to verify
[Tue Sep 25 17:11:42 EET 2018] Verifying:www.algorithmz.net
[Tue Sep 25 17:11:42 EET 2018] d='www.algorithmz.net'
[Tue Sep 25 17:11:42 EET 2018] keyauthorization='E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU'
[Tue Sep 25 17:11:42 EET 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:42 EET 2018] _currentRoot='/usr/local/apache/autossl_tmp'
[Tue Sep 25 17:11:42 EET 2018] wellknown_path='/usr/local/apache/autossl_tmp/.well-known/acme-challenge'
[Tue Sep 25 17:11:42 EET 2018] writing token:E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA to /usr/local/apache/autossl_tmp/.well-known/acme-challenge/E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA
[Tue Sep 25 17:11:42 EET 2018] Changing owner/group of .well-known to root:root
[Tue Sep 25 17:11:42 EET 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/jnTFSXPnmotvHyOcrmzHWJwHw_bUuoWq4KVFBrUwWSA/7663002165'
[Tue Sep 25 17:11:42 EET 2018] payload='{"resource": "challenge", "keyAuthorization": "E0QJgGlk3d_4cocy0D-CHoFiC9SN7R0T_To8jJZ07hA.VG6IYl7BeRcpPWMDMi3WrqHkvcFTJDzQ-hhFXdOfKxU"}'

Offline
*
Re: ssl expire
« Reply #4 on: September 27, 2018, 10:57:46 AM »
 sudo /root/.acme.sh/acme.sh  --renew -d www.algorithmz.net
 Renew: 'www.algorithmz.net'
'www.algorithmz.net' is not a issued domain, skip.


Offline
*
Re: ssl expire
« Reply #5 on: September 27, 2018, 01:00:24 PM »
try to remove it and then install again from cwp
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: ssl expire
« Reply #6 on: September 30, 2018, 07:52:41 AM »
how to remove only one domain i think if i press remove it will delete all domain cert

Offline
*
Re: ssl expire
« Reply #7 on: October 07, 2018, 10:43:40 AM »
i delete vhost and install and get that
Failed authorization procedure. www.algorithmz.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.algorithmz.net/.well-known/acme-challenge/QBB4OCIqBwvCxae2bE5YmW48-Py0N9X_jDTmgQtLKjM: "\n\n\n\n
Not Found
\n\n\n\n\n
Not Found
\n

Offline
***
Re: ssl expire
« Reply #8 on: October 08, 2018, 04:26:28 AM »
This command used to trigger ssl installation
Code: [Select]
sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --issue -d www.yourdomain.com -d yourdomain.com -w /usr/local/apache/autossl_tmp --debug 2
So basically ssl are installed in "/root/.acme.sh/cwp_certs" and from there moved to respective directory and added in vhosts-ssl.conf file.


Offline
**
Re: ssl expire
« Reply #9 on: October 10, 2018, 07:04:36 AM »
I recently have the same issue. Have you figured out the solution yet?

I ended up deleting the certs and install a new one but that didn't work. Then I deleted the .htaccess inside .well-known folder. That didn't work. I deleted the whole folder and still no luck.

I made sure dns is correct. And it is.

I use 2 CWP on two different VPS and both have the same issue.

Please help.

Offline
*
Re: ssl expire
« Reply #10 on: October 10, 2018, 07:14:46 AM »
I have the same issue: I've renewed certificates from CWP GUI and appears as renewed, but when I open the website the certificate it's still expired. Tried disabling SSL and certificates for the domain and re-enabling them, result is the same: expiring in 90 days on the GUI but already expired on the website..

Offline
**
Re: ssl expire
« Reply #11 on: October 10, 2018, 07:32:06 AM »
I have just figured my problem thanks to this post.
http://forum.centos-webpanel.com/ssl/dns-of-your-domain-doesn't-point-to-this-server-or-you-have-htaccess-5490/msg19395/#msg19395

I did have a redirect in my nginx_proxy_vhost to force http to https with this.
Code: [Select]
return 301 https://$host$request_uri;
I have to removed that off and then after certs installed, I put it back. I wish there's a better solution for the force redirect from http to https. If anyone knows of a better solution then please let me know.

Offline
**
Re: ssl expire
« Reply #12 on: October 10, 2018, 07:39:10 AM »
I have the same issue: I've renewed certificates from CWP GUI and appears as renewed, but when I open the website the certificate it's still expired. Tried disabling SSL and certificates for the domain and re-enabling them, result is the same: expiring in 90 days on the GUI but already expired on the website..

Have you tried to delete the certificate then install new? Make sure that it's deleted the certificates they're in the certs folder. (/etc/pki/tls/certs/). And remember to backup first before you delete anything.
« Last Edit: October 10, 2018, 07:41:48 AM by monkeyking »

Offline
***
Re: ssl expire
« Reply #13 on: October 10, 2018, 08:00:13 PM »
Not Found
\n\n\n\n\n
Not Found
\n

I got the same error message this morning with letencrypt force renew all.  All domains failed.  I uninstalled letsencrypt and used the new autossl.

Offline
***
Re: ssl expire
« Reply #14 on: October 10, 2018, 08:09:24 PM »
I have just figured my problem thanks to this post.
http://forum.centos-webpanel.com/ssl/dns-of-your-domain-doesn't-point-to-this-server-or-you-have-htaccess-5490/msg19395/#msg19395

I did have a redirect in my nginx_proxy_vhost to force http to https with this.
Code: [Select]
return 301 https://$host$request_uri;
I have to removed that off and then after certs installed, I put it back. I wish there's a better solution for the force redirect from http to https. If anyone knows of a better solution then please let me know.

Uninstall LE and use the new AutoSSL.  You might have to delete old certs after uninstalling LE.

/etc/letsencrypt/archives
/etc/letsencrypt/live
/etc/letsencrypt/renewal

You don't need a redirect with the new autossl.

But you can add this to each domain in vhost file.

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://yourdomain.com$1 [R=301,L]
   </IfModule>