Author Topic: acme.sh is now using zerossl, change it to letsencrypt CA server  (Read 5290 times)

0 Members and 1 Guest are viewing this topic.

Offline
*****
Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca  --server  letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update
« Last Edit: June 14, 2021, 02:59:17 PM by Sandeep »

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #1 on: June 14, 2021, 03:05:19 PM »
thanks Sandeep.

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #2 on: June 14, 2021, 04:13:33 PM »
That worked, thank you!

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #3 on: June 14, 2021, 07:43:48 PM »
Thank you so much. I was faces same issue after this changes from Let's encrypt.
Biswas Host Ltd

www.biswashost.com

Domain, Hosting, Cloud VPS, Dedicated Server,

Web Design, SSL, VPN, Professional Email & More

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #4 on: June 14, 2021, 09:42:11 PM »
finally...hope this gets fixed.
Applications Developer | RHEL Linux Server Administrator

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #5 on: June 15, 2021, 07:15:18 AM »
Well done guys - nice fix - thank you  :)

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #6 on: June 15, 2021, 10:48:22 AM »
Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca  --server  letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update

After this command NginX  wont startup again. Can you please help with a fix?

Offline
*****
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #7 on: June 15, 2021, 11:10:19 AM »
Since today we've many ticket regarding autossl is failing, this is due to acme client changed the default CA to zerossl to change back to letsencrypt run the below command as root

Code: [Select]
/root/.acme.sh/acme.sh --set-default-ca  --server  letsencrypt
and then issue the certs

this is temporary until we fix it in core cwp and push the update

After this command NginX  wont startup again. Can you please help with a fix?
and mine server is crashed and whole data center burned out :D

this is not related to anything with nginx this command even don't do anything to nginx. Please check the nginx service status and log why it is stopped.

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #8 on: June 17, 2021, 04:03:06 AM »
Try it for yourself and see. It is related to letís encrypt

Offline
*****
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #9 on: June 17, 2021, 05:57:22 AM »
Try it for yourself and see. It is related to letís encrypt
we've already tested and provided the solution, whats in nginx error log ?

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #10 on: June 17, 2021, 09:31:01 AM »
you recognize that the problem is with cwp and when the customer opens a call you say that we have to pay for support, this needs to be improved.

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #11 on: June 17, 2021, 11:47:53 AM »
Try it for yourself and see. It is related to letís encrypt
we've already tested and provided the solution, whats in nginx error log ?

I uninstalled nginx as all sites where dead. So I dont have any log anymore. It just said nginx was not running and could not be restarted. So please provide us with the solution please?

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #12 on: June 18, 2021, 05:27:33 AM »
Try it for yourself and see. It is related to letís encrypt
we've already tested and provided the solution, whats in nginx error log ?

-- Unit nginx.service has begun starting up.
Jun 18 07:24:55 wp04.refreshserver.nl nginx[301557]: nginx: [emerg] SSL_CTX_set_cipher_list("EECDH~~@@~~ECDSA~~@@~~AESGCM:EECDH~~@@~~aRSA~~@@~~AESGCM:EECDH~~@@~~ECDSA~~@@~~SHA384:EECDH~~@@~~ECDSA~~@@~~SHA256:EECDH~~@@~~aRSA~~@@~~SHA384:EECDH~~@@~~aRSA~~@@~~SHA256:EECDH~~@@~~aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS") failed (SSL: error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command)
Jun 18 07:24:55 wp04.refreshserver.nl nginx[301557]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: nginx.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Jun 18 07:24:55 wp04.refreshserver.nl systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit nginx.service has failed.
--
-- The result is failed.

Offline
*****
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #13 on: June 18, 2021, 06:35:14 PM »
you've malformed vhost probably you're using custom template. If yes recreate those template

Offline
*
Re: acme.sh is now using zerossl, change it to letsencrypt CA server
« Reply #14 on: June 21, 2021, 08:49:58 PM »
you've malformed vhost probably you're using custom template. If yes recreate those template
Hi, we did not but is there a way to set default? So we can test?