Letsencrypt Zertifikat erneuern

TWART016 · 27 Dezember 2018, 20:27:02

Hallo,

ich nutze einen Apache Reverse Proxy mit letsencrypt.

Nach einem Jahr muss ich es nun das Zertifikat erneuern. Mit dem Befehl

Code Auswählen

/opt/letsencrypt/letsencrypt-auto renew
bekomme ich allerdings immer den Fehler:

Code Auswählen

Attempting to renew cert (domain) from /etc/letsencrypt/renewal/domain.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/domain/fullchain.pem (failure)

In der Datei /etc/apache2/sites-available/domain.conf habe ich unter VirtualHost nur *:443 stehen. Von 80 steht da nichts.

Gruß
TWART016

amenomade · 27 Dezember 2018, 20:50:25

Dann musst Du ein vHost auf Port 80 hinzufügen.

Siehe: https://community.letsencrypt.org/t/new-letsencrypt-auto-renewal-is-trying-to-us-port-80-rather-than-443/80998

TWART016 · 27 Dezember 2018, 21:28:51

Ich habe nun in der Datei den Eintrag für 80 hinzugefügt.

Code Auswählen

<VirtualHost *:80>
    ServerName domain

    ProxyPass / http://192,168.178.11/fhem
    ProxyPassReverse / http://192.168.178.11/fhem
</VirtualHost>

Nun kommt der Fehler:

Code Auswählen

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (domain) from /etc/letsencrypt/renewal/domain.conf produced an unexpected error: Failed authorization procedure. domain (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain/.well-known/acme-challenge/xne7MmucPiGdaYpXgl0hrcBbTzMfWZiIsWT8bregIUY: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/domain/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/domain/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: domain
   Type:   unauthorized
   Detail: Invalid response from
   http://domain/.well-known/acme-challenge/xne7MmucPiGdaYpXgl0hrcBbTzMfWZiIsWT8bregIUY:
   "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Icinger · 27 Dezember 2018, 21:33:00

Ich mache immer ein

Code Auswählen

sudo service apache2 stop
vor dem renew, und danach wieder ein "start".

Somit klappt das renewen problemlos.

TWART016 · 27 Dezember 2018, 21:46:32

Das mache ich auch:

Code Auswählen

sudo service apache2 stop && /opt/letsencrypt/letsencrypt-auto renew && sudo service apache2 start

FHEM Forum

Letsencrypt Zertifikat erneuern

TWART016

amenomade

TWART016

Icinger

TWART016