folgende Ausgangslage:
Ubuntu 18.04 LTS (KVM-virtualisiert)
KeyHelp 20.2 installiert
SSL-Zertifikate -> Serverdienste absichern -> Let's Encrypt.
Hat nur leider nicht geklappt:
Code: Select all
[23-Oct-2020 00:05:38] INFO --> starting ssl certification maintenance
[23-Oct-2020 00:05:38] INFO --> checking (normal) SSL/TLS certificates
[23-Oct-2020 00:05:38] INFO --> check certificate "[ID 1]"
[23-Oct-2020 00:05:38] INFO --> certificate name is "default"
[23-Oct-2020 00:05:38] INFO --> certificate is valid until 2030-10-20 23:57:37 (3649 days left)
[23-Oct-2020 00:05:38] INFO --> checking lets encrypt certificates
[23-Oct-2020 00:05:38] INFO --> remove unused accounts / certificates
[23-Oct-2020 00:05:38] INFO --> deleteDirectory(): perform rm -rf /etc/ssl/keyhelp/letsencrypt/keyhelp/
[23-Oct-2020 00:05:38] INFO --> finished
====
[23-Oct-2020 00:10:40] INFO --> starting ssl certification maintenance
[23-Oct-2020 00:10:40] INFO --> checking (normal) SSL/TLS certificates
[23-Oct-2020 00:10:40] INFO --> check certificate "[ID 1]"
[23-Oct-2020 00:10:40] INFO --> certificate name is "default"
[23-Oct-2020 00:10:40] INFO --> certificate is valid until 2030-10-20 23:57:37 (3649 days left)
[23-Oct-2020 00:10:40] INFO --> checking lets encrypt certificates
[23-Oct-2020 00:10:40] INFO --> remove unused accounts / certificates
[23-Oct-2020 00:10:40] INFO --> check domain "web1.jacboy.com'
[23-Oct-2020 00:10:40] INFO --> certificate file does not exist
[23-Oct-2020 00:10:40] INFO --> renew cert
[23-Oct-2020 00:10:40] INFO --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (LIVE).
[23-Oct-2020 00:10:40] INFO --> Getting endpoint URLs.
[23-Oct-2020 00:10:40] INFO --> Account "keyhelp" already registered. Continue.
[23-Oct-2020 00:10:40] INFO --> Requesting Key ID.
[23-Oct-2020 00:10:40] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[23-Oct-2020 00:10:42] INFO --> Start certificate generation.
[23-Oct-2020 00:10:42] INFO --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/local-check-5f920362805953.70710041
[23-Oct-2020 00:10:42] INFO --> Local resolving checks of domains successfully completed.
[23-Oct-2020 00:10:42] INFO --> Requesting challenges for domain "web1.jacboy.com".
[23-Oct-2020 00:10:42] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-order".
[23-Oct-2020 00:10:44] INFO --> Start authorization process for "web1.jacboy.com".
[23-Oct-2020 00:10:44] INFO --> Deploy challenge.
[23-Oct-2020 00:10:44] INFO --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc
[23-Oct-2020 00:10:44] INFO --> Notify CA that the challenge is ready.
[23-Oct-2020 00:10:44] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8075644486/wNOH7w".
[23-Oct-2020 00:10:46] INFO --> Waiting for verification...
[23-Oct-2020 00:10:49] INFO --> Waiting for verification...
[23-Oct-2020 00:10:52] INFO --> Waiting for verification...
[23-Oct-2020 00:10:55] INFO --> Waiting for verification...
[23-Oct-2020 00:10:57] INFO --> Waiting for verification...
[23-Oct-2020 00:11:00] INFO --> Waiting for verification...
[23-Oct-2020 00:11:03] INFO --> Waiting for verification...
[23-Oct-2020 00:11:06] INFO --> Waiting for verification...
[23-Oct-2020 00:11:09] ERROR --> a Let's Encrypt error occurred: Verification ended with an error. Response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching https:\/\/web1.jacboy.com\/.well-known\/acme-challenge\/HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc: Timeout during connect (likely firewall problem)","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/8075644486\/wNOH7w","token":"HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc","validationRecord":[{"url":"http:\/\/web1.jacboy.com\/.well-known\/acme-challenge\/HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc","hostname":"web1.jacboy.com","port":"80","addressesResolved":["2.59.133.3","2a0d:5941:1:db::ed23"],"addressUsed":"2a0d:5941:1:db::ed23"},{"url":"http:\/\/web1.jacboy.com\/.well-known\/acme-challenge\/HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc","hostname":"web1.jacboy.com","port":"80","addressesResolved":["2.59.133.3","2a0d:5941:1:db::ed23"],"addressUsed":"2.59.133.3"},{"url":"https:\/\/web1.jacboy.com\/.well-known\/acme-challenge\/HdmobIhFcOoCpPvWzv3Ub1sw9V5g13SaGPQqz2twvpc","hostname":"web1.jacboy.com","port":"443","addressesResolved":["2.59.133.3","2a0d:5941:1:db::ed23"],"addressUsed":"2a0d:5941:1:db::ed23"}]}
[23-Oct-2020 00:11:09] INFO --> send notification to admin "keyadmin" (user@example.com)
[23-Oct-2020 00:11:09] INFO --> finished
Im KH dann den SSL Zertifikate-Wartungsjob noch mal laufen lassen, leider noch immer nicht glücklich geworden. Unter https://web1.jacboy.com/.well-known/acm ... PQqz2twvpc wird mir auch der Token korrekt zurück gegeben - ich weiß aktuell leider nicht mehr weiter.
LG
Jay