Letsencrypt fails

Status
Not open for further replies.

limewater

New Member
Jan 11, 2020
13
2
3
I installed FusionPBX on Digital Ocean Droplet using Debian 10 pointed to a FQDN that is not encrypted. The installation works fine until I install Lets Encrypt. The Lets Encrypt installation fails, and I get the following terminal output: (I changed the names to protect the innocent.)

root@domain:/usr/src/fusionpbx-install.sh/debian/resources# ./letsencrypt.sh
Domain Name: domain.name
Email Address: myname@myemail.com
Cloning into 'dehydrated'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 2011 (delta 10), reused 11 (delta 3), pack-reused 1993
Receiving objects: 100% (2011/2011), 691.94 KiB | 6.78 MiB/s, done.
Resolving deltas: 100% (1262/1262), done.
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
# INFO: Using main config file /etc/dehydrated/config
+ Creating chain cache directory /etc/dehydrated/chains
Processing domain.name
+ Creating new directory /etc/dehydrated/certs/domain.name ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for domain.name
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for domain.name authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching https://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314: Connection refused",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4118268101/abcdef",
"token": "abcdefghijklmnopqratuvwxyz01234567891011121314",
"validationRecord": [
{
"url": "http://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "80",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "2600:aa00:000:ab::ab12:a001"
},
{
"url": "http://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "80",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "192.168.1.1"
},
{
"url": "https://domain.name/.well-known/acme-challenge/abcdefghijklmnopqratuvwxyz01234567891011121314",
"hostname": "domain.name",
"port": "443",
"addressesResolved": [
"192.168.1.1",
"2600:aa00:000:ab::ab12:a001"
],
"addressUsed": "2600:aa00:000:ab::ab12:a001"
}
]
})
nginx: [emerg] BIO_new_file("/etc/dehydrated/certs/domain.name/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/dehydrated/certs/domain.name/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
cat: /etc/dehydrated/certs/domain.name/fullchain.pem: No such file or directory
cat: /etc/dehydrated/certs/domain.name/privkey.pem: No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/cert.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/chain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/fullchain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/domain.name/privkey.pem': No such file or directory
root@domain:/usr/src/fusionpbx-install.sh/debian/resources#

Anyone who can help, please do.

Thank you.
 

Attachments

  • letsencrypt-output.txt
    3.5 KB · Views: 4

ad5ou

Active Member
Jun 12, 2018
892
204
43
Unless you have edited IP information from the acme challenge, it appears letsencrypt can't resolve your domain name used
If it was resolving accurate IP addresses for your domain name there are firewall rules blocking access to your web server somewhere.
 

limewater

New Member
Jan 11, 2020
13
2
3
Thank you for your response and help, but after contacting digital ocean about this issue their tech seems to think it is an error in the installation script.

I do recall that the first time I installed fusionPBX letsencrypt used a dns challenge with a single domain, now it uses an http challenge.

I am kind of at a loss.
 

limewater

New Member
Jan 11, 2020
13
2
3
Thank you Adrian for your response to my request for help. What you told me kind of pointed me in the right direction. I finally found out what was wrong. I had both ipv4 and ipv6 dns records for my FQDN. What I didn't realize is that Lets Encrypt now prefers ipv6 over ipv4, so the script couldn't find the challenge in my ipv6 http folder because Fusion PBX was installed on my ipv4 address. I erased my ipv6 dns records and it all worked.
 
  • Like
Reactions: Adrian Fretwell

ou812

New Member
Nov 2, 2016
28
4
3
62
I am having trouble trying to get this to work, it fails at the very end saying no such file, I did the request using a sub domain pbx1.mydomain.com and the fullchain.pem is inthat folder but it is looking for the file in the mydomain.com folder which was not created ?

Processing pbx1.mydomain.com
+ Creating new directory /etc/dehydrated/certs/pbx1.mydomain.com ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for pbx1.mydomain.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for pbx1.mydomain.com authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
nginx: [emerg] BIO_new_file("/etc/dehydrated/certs/mydomain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/dehydrated/certs/mydomain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
root@fusion:/usr/src/fusionpbx-install.sh/debian/resources#
 
Status
Not open for further replies.