certbot / SSL Problem  [GELÖST]

Locked
User avatar
Tobi
Community Moderator
Posts: 3236
Joined: Thu 5. Jan 2017, 13:24

certbot / SSL Problem

Post by Tobi »

Hi Zusammen,

auf einem Server verursacht das Let's Encrypt Update Probleme.

Obwohl die Zertifikate noch gar nicht hätten verlängert werden müssen, hat das Panel trotzdem ein Update gemacht welches dann zu Problemen geführt hat. Kominscherweise nicht bei allen Domains.

Aber der Reihe nach:
Am 03. August hat der Let's Encrypt Cronjob ermittelt, dass beide Zertifikate richtigerweise noch 76 Tage gültig sind.
Heute Nacht waren es dann plötzlich nur noch 10 Tage? Die Zertifikat-Lebensdauer wird korrekt ausgelesen und mit dem 18.10. angezeigt.
Weit mehr als 10 Tage...
Daraufhin wurde das Renewal gestartet. Bei einer Domain hat es geklappt, beim Adminpanel ergab es nur "a lets encrypt error occurred: Corrupt files detected." Dieses Zertifikat wurde dann auch nicht erneuert.

Was kann ich machen?

LOGFILE AUSZUG
====
[03-Aug-2017 00:00:09] DEBUG --> starting ssl certification maintenance
[03-Aug-2017 00:00:09] DEBUG --> checking (normal) ssl certificates
[03-Aug-2017 00:00:09] DEBUG --> ... skipped
[03-Aug-2017 00:00:09] DEBUG --> checking lets encrypt certificates
[03-Aug-2017 00:00:09] DEBUG --> remove unused accounts / certificates
[03-Aug-2017 00:00:09] INFO --> check domain "www.das-ist-eine-domain.eu'
[03-Aug-2017 00:00:09] DEBUG --> certificate is valid to 2017-10-18 14:23:00 (76 days left)
[03-Aug-2017 00:00:09] INFO --> check domain "admin.keyhelp.url'
[03-Aug-2017 00:00:09] DEBUG --> certificate is valid to 2017-10-18 13:48:00 (76 days left)
[03-Aug-2017 00:00:09] DEBUG --> finished
====
[04-Aug-2017 00:00:09] DEBUG --> starting ssl certification maintenance
[04-Aug-2017 00:00:09] DEBUG --> checking (normal) ssl certificates
[04-Aug-2017 00:00:09] DEBUG --> ... skipped
[04-Aug-2017 00:00:09] DEBUG --> checking lets encrypt certificates
[04-Aug-2017 00:00:09] DEBUG --> remove unused accounts / certificates
[04-Aug-2017 00:00:09] INFO --> check domain "www.das-ist-eine-domain.eu'
[04-Aug-2017 00:00:09] DEBUG --> certificate is valid to 2017-10-18 14:23:00 (10 days left)
[04-Aug-2017 00:00:09] INFO --> certificate is in renewal period
[04-Aug-2017 00:00:09] DEBUG --> renew cert
[04-Aug-2017 00:00:09] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[04-Aug-2017 00:00:09] DEBUG --> Account already registered. Continue.
[04-Aug-2017 00:00:09] DEBUG --> Start certificate generation process for domains.
[04-Aug-2017 00:00:09] DEBUG --> Request callenge for "www.das-ist-eine-domain.eu".
[04-Aug-2017 00:00:09] DEBUG --> Sending signed request to "/acme/new-authz".
[04-Aug-2017 00:00:12] DEBUG --> Got challenge token for "www.das-ist-eine-domain.eu".
[04-Aug-2017 00:00:12] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/H6AzrD9ty7UwfWb9OerqxpWfRPcZd7hK7YI1BuktmIY".
[04-Aug-2017 00:00:12] DEBUG --> Token should be available at "http://www.das-ist-eine-domain.eu/.well ... YI1BuktmIY".
[04-Aug-2017 00:00:12] DEBUG --> Sending request to challenge
[04-Aug-2017 00:00:12] DEBUG --> Sending signed request to "https://acme-v01.api.letsencrypt.org/ac ... 1582210271".
[04-Aug-2017 00:00:14] DEBUG --> Verification ended with status "valid".
[04-Aug-2017 00:00:14] DEBUG --> Generate CSR.
[04-Aug-2017 00:00:14] DEBUG --> Sending signed request to "/acme/new-cert".
[04-Aug-2017 00:00:16] DEBUG --> Got certificate.
[04-Aug-2017 00:00:16] DEBUG --> Requesting chained cert at "https://acme-v01.api.letsencrypt.org/acme/issuer-cert"
[04-Aug-2017 00:00:17] DEBUG --> Store fullchain.pem.test
[04-Aug-2017 00:00:17] DEBUG --> File seems okay!
[04-Aug-2017 00:00:17] DEBUG --> Store cert.pem.test
[04-Aug-2017 00:00:17] DEBUG --> File seems okay!
[04-Aug-2017 00:00:17] DEBUG --> Store chain.pem.test
[04-Aug-2017 00:00:17] DEBUG --> File seems okay!
[04-Aug-2017 00:00:17] DEBUG --> Store complete.pem.test
[04-Aug-2017 00:00:17] DEBUG --> File seems okay!
[04-Aug-2017 00:00:17] DEBUG --> Rename from fullchain.pem.test -> fullchain.pem
[04-Aug-2017 00:00:17] DEBUG --> Rename from cert.pem.test -> cert.pem
[04-Aug-2017 00:00:17] DEBUG --> Rename from chain.pem.test -> chain.pem
[04-Aug-2017 00:00:17] DEBUG --> Rename from complete.pem.test -> complete.pem
[04-Aug-2017 00:00:17] DEBUG --> All done.
[04-Aug-2017 00:00:17] INFO --> check domain "admin.keyhelp.url'
[04-Aug-2017 00:00:17] DEBUG --> certificate is valid to 2017-10-18 13:48:00 (10 days left)
[04-Aug-2017 00:00:17] INFO --> certificate is in renewal period
[04-Aug-2017 00:00:17] DEBUG --> renew cert
[04-Aug-2017 00:00:17] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[04-Aug-2017 00:00:17] DEBUG --> Account already registered. Continue.
[04-Aug-2017 00:00:17] DEBUG --> Start certificate generation process for domains.
[04-Aug-2017 00:00:17] DEBUG --> Request callenge for "admin.keyhelp.url".
[04-Aug-2017 00:00:17] DEBUG --> Sending signed request to "/acme/new-authz".
[04-Aug-2017 00:00:18] DEBUG --> Got challenge token for "admin.keyhelp.url".
[04-Aug-2017 00:00:18] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/Q-G99TK4yWB0LkgMaGSqLIvyZhH-F6wiW0iRpWJlyyQ".
[04-Aug-2017 00:00:18] DEBUG --> Token should be available at "http://admin.keyhelp.url/.well-known/ac ... 0iRpWJlyyQ".
[04-Aug-2017 00:00:18] DEBUG --> Sending request to challenge
[04-Aug-2017 00:00:18] DEBUG --> Sending signed request to "https://acme-v01.api.letsencrypt.org/ac ... 1582055411".
[04-Aug-2017 00:00:19] DEBUG --> Verification ended with status "valid".
[04-Aug-2017 00:00:19] DEBUG --> Generate CSR.
[04-Aug-2017 00:00:19] DEBUG --> Sending signed request to "/acme/new-cert".
[04-Aug-2017 00:00:21] DEBUG --> Got certificate.
[04-Aug-2017 00:00:21] DEBUG --> Requesting chained cert at "https://acme-v01.api.letsencrypt.org/acme/issuer-cert"
[04-Aug-2017 00:00:21] DEBUG --> Store fullchain.pem.test
[04-Aug-2017 00:00:21] DEBUG --> File is corrupt!
[04-Aug-2017 00:00:21] DEBUG --> Store cert.pem.test
[04-Aug-2017 00:00:21] DEBUG --> File is corrupt!
[04-Aug-2017 00:00:21] DEBUG --> Store chain.pem.test
[04-Aug-2017 00:00:21] DEBUG --> File seems okay!
[04-Aug-2017 00:00:21] DEBUG --> Store complete.pem.test
[04-Aug-2017 00:00:21] DEBUG --> File is corrupt!
[04-Aug-2017 00:00:21] ERROR --> a lets encrypt error occurred: Corrupt files detected.
[04-Aug-2017 00:00:21] DEBUG --> Apache: reloadApache()
[04-Aug-2017 00:00:21] DEBUG --> Apache: syntax ok
[04-Aug-2017 00:00:21] DEBUG --> Apache: reloading apache
[04-Aug-2017 00:00:22] INFO --> lets encrypt certificates updated
[04-Aug-2017 00:00:22] DEBUG --> finished
[04-Aug-2017 00:00:22] DEBUG --> send notification to: admin.keyhelp.url@masterframe.de
[04-Aug-2017 00:00:22] DEBUG --> email sent
====
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Top
User avatar
Alexander
Keyweb AG
Posts: 4448
Joined: Wed 20. Jan 2016, 02:23

Re: certbot / SSL Problem  [GELÖST]

Post by Alexander »

Grüße,

ich verweise mal hierauf:

https://changelog.keyhelp.de/ (Version 17.1.2)

Da Panel-Updates in der Standardeinstellung gegen 02-04 Uhr eingespielt werden (somit nach dem Lauf des ssl-maintenance-job), sollte das Problem ab heute (02-04 Uhr) bei dir nicht mehr auftreten.
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Top
User avatar
Tobi
Community Moderator
Posts: 3236
Joined: Thu 5. Jan 2017, 13:24

Re: certbot / SSL Problem

Post by Tobi »

WOW, das ging ja schnell!

Danke Alexander!

NACHTRAG:
Freitag, 04. August 2017 - 02:11:47
KeyHelp wurde auf Version 17.1.2 geupdated.
:D

L Ä U F T ! :mrgreen:
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Top
Locked

Return to “Archiv”