Control Web Panel

WebPanel => SSL => Topic started by: Sandeep on June 14, 2021, 02:44:47 PM

Title: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: Sandeep on June 14, 2021, 02:44:47 PM: Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: narin on June 14, 2021, 03:05:19 PM: thanks Sandeep.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: joaomach on June 14, 2021, 04:13:33 PM: That worked, thank you!
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: Biswashost on June 14, 2021, 07:43:48 PM: Thank you so much. I was faces same issue after this changes from Let's encrypt.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: josephgodwinke on June 14, 2021, 09:42:11 PM: finally...hope this gets fixed.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: kads on June 15, 2021, 07:15:18 AM: Well done guys - nice fix - thank you :)
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: fysioski on June 15, 2021, 10:48:22 AM: Quote from: Sandeep on June 14, 2021, 02:44:47 PM
Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update

After this command NginX wont startup again. Can you please help with a fix?
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: Sandeep on June 15, 2021, 11:10:19 AM: Quote from: fysioski on June 15, 2021, 10:48:22 AM
Quote from: Sandeep on June 14, 2021, 02:44:47 PM
Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update

After this command NginX wont startup again. Can you please help with a fix?
and mine server is crashed and whole data center burned out :D

this is not related to anything with nginx this command even don't do anything to nginx. Please check the nginx service status and log why it is stopped.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: fysioski on June 17, 2021, 04:03:06 AM: Try it for yourself and see. It is related to let’s encrypt
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: Sandeep on June 17, 2021, 05:57:22 AM: Quote from: fysioski on June 17, 2021, 04:03:06 AM
Try it for yourself and see. It is related to let’s encrypt
we've already tested and provided the solution, whats in nginx error log ?
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: norberto on June 17, 2021, 09:31:01 AM: you recognize that the problem is with cwp and when the customer opens a call you say that we have to pay for support, this needs to be improved.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: fysioski on June 17, 2021, 11:47:53 AM: Quote from: Sandeep on June 17, 2021, 05:57:22 AM
Quote from: fysioski on June 17, 2021, 04:03:06 AM
Try it for yourself and see. It is related to let’s encrypt
we've already tested and provided the solution, whats in nginx error log ?

I uninstalled nginx as all sites where dead. So I dont have any log anymore. It just said nginx was not running and could not be restarted. So please provide us with the solution please?
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: fysioski on June 18, 2021, 05:27:33 AM: Quote from: Sandeep on June 17, 2021, 05:57:22 AM
Quote from: fysioski on June 17, 2021, 04:03:06 AM
Try it for yourself and see. It is related to let’s encrypt
we've already tested and provided the solution, whats in nginx error log ?

-- Unit nginx.service has begun starting up.
Jun 18 07:24:55 wp04.refreshserver.nl nginx[301557]: nginx: [emerg] SSL_CTX_set_cipher_list("EECDH~~@@~~ECDSA~~@@~~AESGCM:EECDH~~@@~~aRSA~~@@~~AESGCM:EECDH~~@@~~ECDSA~~@@~~SHA384:EECDH~~@@~~ECDSA~~@@~~SHA256:EECDH~~@@~~aRSA~~@@~~SHA384:EECDH~~@@~~aRSA~~@@~~SHA256:EECDH~~@@~~aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS") failed (SSL: error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command)
Jun 18 07:24:55 wp04.refreshserver.nl nginx[301557]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: nginx.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit nginx.service has failed.
--
-- The result is failed.
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: Sandeep on June 18, 2021, 06:35:14 PM: you've malformed vhost probably you're using custom template. If yes recreate those template
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: fysioski on June 21, 2021, 08:49:58 PM: Quote from: Sandeep on June 18, 2021, 06:35:14 PM
you've malformed vhost probably you're using custom template. If yes recreate those template
Hi, we did not but is there a way to set default? So we can test?
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: studio4host on June 22, 2021, 03:52:10 PM: wiki has info about webservers
http://wiki.centos-webpanel.com/webservers-vhost-templates
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: cloud on October 01, 2021, 08:54:11 AM: All hosted website are showing SSL Certificate issue from today, tried below command line
Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca --server letsencryptnow all websites are showing same issue tried renew the certificate but the date not working
any one have any solutions
Title: Re: acme.sh is now using zerossl, change it to letsencrypt CA server
Post by: kalybg on October 23, 2021, 08:12:45 PM: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain