Letsencrypt fails

[limewater]

I installed FusionPBX on Digital Ocean Droplet using Debian 10 pointed to a FQDN that is not encrypted. The installation works fine until I install Lets Encrypt. The Lets Encrypt installation fails, and I get the following terminal output: (I changed the names to protect the innocent.)

root@domain:/usr/src/fusionpbx-install.sh/debian/resources# ./letsencrypt.sh
Domain Name: domain.name
Email Address: myname@myemail.com
Cloning into 'dehydrated'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 2011 (delta 10), reused 11 (delta 3), pack-reused 1993
Receiving objects: 100% (2011/2011), 691.94 KiB | 6.78 MiB/s, done.
Resolving deltas: 100% (1262/1262), done.
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
# INFO: Using main config file /etc/dehydrated/config
+ Creating chain cache directory /etc/dehydrated/chains
Processing domain.name
+ Creating new directory /etc/dehydrated/certs/domain.name ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for domain.name
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for domain.name authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietfarams:acme:error:connection",
"detail": "Fetching https://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314: Connection refused",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4118268101/abcdef",
"token": "abcdefghijklmnopqratuvwxyz01234567891011121314",
"validationRecord": [
{
"url": "http://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "80",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "2600:aa00:000:ab::ab12:a001"
},
{
"url": "http://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "80",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "192.168.1.1"
},
{
"url": "https://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "443",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "2600:aa00:000:ab::ab12:a001"
}
]
})
nginx: [emerg] BIO_new_file("/etc/dehydrated/certs/domain.name/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/dehydrated/certs/domain.name/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
cat: /etc/dehydrated/certs/domain.name/fullchain.pem: No such file or directory
cat: /etc/dehydrated/certs/domain.name/privkey.pem: No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/cert.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/chain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/fullchain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/privkey.pem': No such file or directory
root@domain:/usr/src/fusionpbx-install.sh/debian/resources#

Anyone who can help, please do.

Thank you.

 

[ad5ou]

Unless you have edited IP information from the acme challenge, it appears letsencrypt can't resolve your domain name used
If it was resolving accurate IP addresses for your domain name there are firewall rules blocking access to your web server somewhere.

 

[limewater]

Thank you for your response and help, but after contacting digital ocean about this issue their tech seems to think it is an error in the installation script.

I do recall that the first time I installed fusionPBX letsencrypt used a dns challenge with a single domain, now it uses an http challenge.

I am kind of at a loss.

 

[Adrian Fretwell]

For dns challenge, Dehydrated works well, pay attention to the use of the hook scripts.

https://docs.fusionpbx.com/en/latest/getting_started/lets_encrypt.html

 

[limewater]

Thank you Adrian for your response to my request for help. What you told me kind of pointed me in the right direction. I finally found out what was wrong. I had both ipv4 and ipv6 dns records for my FQDN. What I didn't realize is that Lets Encrypt now prefers ipv6 over ipv4, so the script couldn't find the challenge in my ipv6 http folder because Fusion PBX was installed on my ipv4 address. I erased my ipv6 dns records and it all worked.

 

[ou812]

I am having trouble trying to get this to work, it fails at the very end saying no such file, I did the request using a sub domain pbx1.mydomain.com and the fullchain.pem is inthat folder but it is looking for the file in the mydomain.com folder which was not created ?

Processing pbx1.mydomain.com
+ Creating new directory /etc/dehydrated/certs/pbx1.mydomain.com ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for pbx1.mydomain.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for pbx1.mydomain.com authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
nginx: [emerg] BIO_new_file("/etc/dehydrated/certs/mydomain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/dehydrated/certs/mydomain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
root@fusion:/usr/src/fusionpbx-install.sh/debian/resources#