View previous topic :: View next topic |
Author |
Message |
jankom Guru
Joined: 30 Aug 2021 Posts: 329 Location: USA
|
Posted: Wed Jan 03, 2024 4:56 pm Post subject: [SOLVED] apache2 server certificate renewal fails |
|
|
After a few days of trying to renew my certificate I had to turn to this forum for help.
Background: I have a virtual server hosting my https web site. For some reason in October '23 I had to reinstall the whole thing. Everything worked, including acme.sh and having the proper certificate. It came up for renewal end of December, but it failed. In the past I had a similar problem, and this forum helped me to solve it. https://forums.gentoo.org/viewtopic-t-1163742-highlight-apache.html
This did not help, my virtual server does listen to port 80.
I tried to reinstall acne.sh, everything else I could think of, including web search, but I'm stuck. Here is the relevant excerpt from the log file: Code: | link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Wed Jan 3 16:03:00 UTC 2024] code='200'
[Wed Jan 3 16:03:00 UTC 2024] original='{"identifier":{"type":"dns","value":"jgklinux.jankom.net"},"status":"invalid","expires":"2024-01-26T02:11:26Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/qc4NNHSMmD8yxpwZ6o2XRQ","status":"invalid","error":{},"token":"WzEJHLf3Sab7LTf-soe2wK_jEeTvEwkYfV0l8l5gPF4"}]}'
| and Code: | [Wed Jan 3 16:03:00 UTC 2024] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/qc4NNHSMmD8yxpwZ6o2XRQ","status":"invalid","error":{'
[Wed Jan 3 16:03:01 UTC 2024] token
[Wed Jan 3 16:03:01 UTC 2024] Error, can not get domain token "type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/qc4NNHSMmD8yxpwZ6o2XRQ","status":"invalid","error":{
[ | The /home/acme/ directory is empty.
jankom
Last edited by jankom on Thu Jan 04, 2024 9:21 pm; edited 1 time in total |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3882
|
Posted: Wed Jan 03, 2024 7:56 pm Post subject: |
|
|
What was the exact invocation of acme.sh you used?
Also plz add
Code: |
/etc/apache2/vhosts.d/00_default_vhost.conf------->>>>>
ServerAlias jgklinux.jankom.net
|
Also make sure you have
Code: |
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"
|
in
/etc/conf.d/apache2
Then restart apache,make sure port 80 is open in your router and forwarded to the server ip, and your domain is resolved to your ip.
and rerun your acme.sh script. _________________
|
|
Back to top |
|
|
jankom Guru
Joined: 30 Aug 2021 Posts: 329 Location: USA
|
Posted: Wed Jan 03, 2024 10:24 pm Post subject: |
|
|
@alamahant - thanks
Quote: | What was the exact invocation of acme.sh you used? |
Code: | ./acme.sh --issue --domain jgklinux.jankom.net --apache | I added the ServerAlias statement, all others were correct - but still the same error.
Will revisit this in a day.
jankom |
|
Back to top |
|
|
jankom Guru
Joined: 30 Aug 2021 Posts: 329 Location: USA
|
Posted: Thu Jan 04, 2024 5:26 pm Post subject: |
|
|
Additional details:
Quote: | make sure port 80 is open in your router and forwarded to the server ip, and your domain is resolved to your ip |
I can do Code: | curl http://jgklinux.jankom.net | from any computer connected to Internet. curl https://jgklinux.jankom.net fails because of certificate problem.
In my attempts to debug, fix this certificate renewal issue I did revoke the certificate for jgklinux.jankom.net domain. This is why I wanted to start from scratch, reinstalled acme.sh, and "issue" the certificate. If I use the command --renew acme will recognize that there is no certificate for this domain.
I found a token-like file in my home directory, dated December 27. Was it mistakenly put there instead of /home/acme/? This was before I reinstalled acme.sh, etc. The cron job runs every day, and the renewal date was December 27 and the renewal failed leading to this issue.
Frustrating, please help |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3882
|
|
Back to top |
|
|
jankom Guru
Joined: 30 Aug 2021 Posts: 329 Location: USA
|
Posted: Thu Jan 04, 2024 9:20 pm Post subject: Solved |
|
|
Bingo!
Yes, thanks.
I did see something to that extent, but could not really appreciate it or understand entirely.
Peace,
jankom
P.S. will mark it as solved |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|