Probleme mit SSL :-(

marcus198514 · Post by **marcus198514** » Fri 22. Nov 2019, 12:07

HAllo

habe ein Großes Problem .. Kunde Angelegt und will ihm ssl verpassen .. geht nur nicht ...

Domain lenkt auf richtige IP
[22-Nov-2019 11:34:02] INFO --> starting ssl certification maintenance
[22-Nov-2019 11:34:02] INFO --> checking (normal) SSL/TLS certificates
[22-Nov-2019 11:34:02] INFO --> check certificate "[ID 1]"
[22-Nov-2019 11:34:02] INFO --> certificate name is "default"
[22-Nov-2019 11:34:02] INFO --> certificate is valid until 2029-11-19 09:32:22 (3649 days left)
[22-Nov-2019 11:34:02] INFO --> checking lets encrypt certificates
[22-Nov-2019 11:34:02] INFO --> remove unused accounts / certificates
[22-Nov-2019 11:34:02] INFO --> check domain "......es.de'
[22-Nov-2019 11:34:02] INFO --> certificate file does not exist
[22-Nov-2019 11:34:02] INFO --> renew cert
[22-Nov-2019 11:34:02] INFO --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (LIVE).
[22-Nov-2019 11:34:02] INFO --> Getting endpoint URLs.
[22-Nov-2019 11:34:02] INFO --> Account "couple" already registered. Continue.
[22-Nov-2019 11:34:02] INFO --> Requesting Key ID.
[22-Nov-2019 11:34:02] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[22-Nov-2019 11:34:04] INFO --> Start certificate generation.
[22-Nov-2019 11:34:04] ERROR --> a lets encrypt error occurred: Local resolving checks failed for domain ".........es.de".
[22-Nov-2019 11:34:04] INFO --> check domain "www......es.de'
[22-Nov-2019 11:34:04] INFO --> certificate file does not exist
[22-Nov-2019 11:34:04] INFO --> renew cert
[22-Nov-2019 11:34:04] INFO --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (LIVE).
[22-Nov-2019 11:34:04] INFO --> Getting endpoint URLs.
[22-Nov-2019 11:34:05] INFO --> Account "couple" already registered. Continue.
[22-Nov-2019 11:34:05] INFO --> Requesting Key ID.
[22-Nov-2019 11:34:05] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[22-Nov-2019 11:34:06] INFO --> Start certificate generation.
[22-Nov-2019 11:34:07] ERROR --> a lets encrypt error occurred: Local resolving checks failed for domain "www.c......es.de".
[22-Nov-2019 11:34:07] INFO --> check domain "serv.......ia.de'
[22-Nov-2019 11:34:07] INFO --> certificate is valid until 2020-02-20 08:41:13 (89 days left)
[22-Nov-2019 11:34:07] INFO --> send notification to user "couple" (....@....de)
[22-Nov-2019 11:34:07] INFO --> finished

-----------------------------------------------------------
update.log

[22-Nov-2019 11:49:01] INFO --> PHP-FPM (php7.2-fpm): syntax ok
[22-Nov-2019 11:49:01] INFO --> PHP-FPM (php7.2-fpm): reloading php-fpm
[22-Nov-2019 11:49:01] INFO --> Apache: request lets encrypt cert
[22-Nov-2019 11:49:01] INFO --> Apache: request for domain "......es.de"
[22-Nov-2019 11:49:01] INFO --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (LIVE).
[22-Nov-2019 11:49:01] INFO --> Getting endpoint URLs.
[22-Nov-2019 11:49:02] INFO --> Account "couple" already registered. Continue.
[22-Nov-2019 11:49:02] INFO --> Requesting Key ID.
[22-Nov-2019 11:49:02] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[22-Nov-2019 11:49:03] INFO --> Start certificate generation.
[22-Nov-2019 11:49:04] ERROR --> Apache: a lets encrypt error occurred: Local resolving checks failed for domain "......es.de".
[22-Nov-2019 11:49:04] INFO --> Apache: request for domain "www.......es.de"
[22-Nov-2019 11:49:04] INFO --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (LIVE).
[22-Nov-2019 11:49:04] INFO --> Getting endpoint URLs.
[22-Nov-2019 11:49:04] INFO --> Account "couple" already registered. Continue.
[22-Nov-2019 11:49:04] INFO --> Requesting Key ID.
[22-Nov-2019 11:49:04] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[22-Nov-2019 11:49:06] INFO --> Start certificate generation.
[22-Nov-2019 11:49:06] INFO --> Local resolving checks of domains successfully completed.
[22-Nov-2019 11:49:06] INFO --> Requesting challenges for domain "www.......es.de".
[22-Nov-2019 11:49:06] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-order".
[22-Nov-2019 11:49:07] INFO --> Start authorization process for "www.......es.de".
[22-Nov-2019 11:49:07] INFO --> Deploy challenge.
[22-Nov-2019 11:49:07] INFO --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/tuQ8Dfi1Jvpq4QNRXJW94yfK_7aWuH8Xjk9aDO_gl-U
[22-Nov-2019 11:49:07] INFO --> Notify CA that the challenge is ready.
[22-Nov-2019 11:49:07] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 532/JXrtfw".
[22-Nov-2019 11:49:10] INFO --> Waiting for verification...
[22-Nov-2019 11:49:12] INFO --> Verification successful.
[22-Nov-2019 11:49:13] INFO --> Sending CSR.
[22-Nov-2019 11:49:13] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/ac ... 1572289207".
[22-Nov-2019 11:49:16] INFO --> Certificate received.
[22-Nov-2019 11:49:16] INFO --> Store fullchain.pem.test
[22-Nov-2019 11:49:16] INFO --> File seems okay!
[22-Nov-2019 11:49:16] INFO --> Store cert.pem.test
[22-Nov-2019 11:49:16] INFO --> File seems okay!
[22-Nov-2019 11:49:16] INFO --> Store chain.pem.test
[22-Nov-2019 11:49:16] INFO --> File seems okay!
[22-Nov-2019 11:49:16] INFO --> Store complete.pem.test
[22-Nov-2019 11:49:16] INFO --> File seems okay!
[22-Nov-2019 11:49:16] INFO --> Rename from fullchain.pem.test -> fullchain.pem
[22-Nov-2019 11:49:16] INFO --> Rename from cert.pem.test -> cert.pem
[22-Nov-2019 11:49:16] INFO --> Rename from chain.pem.test -> chain.pem
[22-Nov-2019 11:49:16] INFO --> Rename from complete.pem.test -> complete.pem
[22-Nov-2019 11:49:16] INFO --> All done.
[22-Nov-2019 11:49:16] INFO --> Apache: we will now apply configs changes of user id "2"
[22-Nov-2019 11:49:16] INFO --> Apache: config data loaded for user id "2" ("couple")
[22-Nov-2019 11:49:16] INFO --> load domain "......es.de"
[22-Nov-2019 11:49:16] INFO --> domain uses lets encrypt - check if certs are already available
[22-Nov-2019 11:49:16] INFO --> lets encrypt cert not available, we request it and rewrite vhost later on
[22-Nov-2019 11:49:16] INFO --> load domain "www.......es.de"
[22-Nov-2019 11:49:16] INFO --> domain uses lets encrypt - check if certs are already available
[22-Nov-2019 11:49:16] INFO --> okay
[22-Nov-2019 11:49:16] INFO --> load domain "co.serv.......es.de"
[22-Nov-2019 11:49:16] INFO --> domain without ssl option
[22-Nov-2019 11:49:16] INFO --> Apache: add vhost container for domain "......es.de"
[22-Nov-2019 11:49:16] INFO --> Apache: domain uses lets encrypt for first time - mark user config for rewrite
[22-Nov-2019 11:49:16] INFO --> Apache: add vhost container for domain "www.......es.de"
[22-Nov-2019 11:49:16] INFO --> Apache: add vhost container for domain "co.serv.......es.de"
[22-Nov-2019 11:49:16] INFO --> Apache: save config to "/etc/apache2/keyhelp/vhosts/co.conf"
[22-Nov-2019 11:49:16] INFO --> PHP-FPM: add php-fpm pool "[couple]" for domain "......es.de"
[22-Nov-2019 11:49:16] INFO --> save config to "/etc/php/7.2/fpm/keyhelp_pool/couple.conf"
[22-Nov-2019 11:49:16] INFO --> PHP-FPM: add php-fpm pool "[couple]" for domain "www.......es.de"
[22-Nov-2019 11:49:16] INFO --> save config to "/etc/php/7.2/fpm/keyhelp_pool/co.conf"
[22-Nov-2019 11:49:16] INFO --> PHP-FPM: add php-fpm pool "[couple]" for domain "co.serv.......es.de"
[22-Nov-2019 11:49:16] INFO --> save config to "/etc/php/7.2/fpm/keyhelp_pool/couple.conf"
[22-Nov-2019 11:49:16] INFO --> Apache: reloadApache()
[22-Nov-2019 11:49:16] INFO --> Apache: syntax ok
[22-Nov-2019 11:49:16] INFO --> Apache: reloading apache
[22-Nov-2019 11:49:16] INFO --> Apache: reloadPhpFpm()
[22-Nov-2019 11:49:16] INFO --> PHP-FPM (php7.2-fpm): syntax ok
[22-Nov-2019 11:49:16] INFO --> PHP-FPM (php7.2-fpm): reloading php-fpm

Post by **Jolinar** » Fri 22. Nov 2019, 12:17

marcus198514 wrote: ↑Fri 22. Nov 2019, 12:07 [22-Nov-2019 11:34:07] ERROR --> a lets encrypt error occurred: Local resolving checks failed for domain "www.c......es.de".

Die Fehlermeldung ist doch eindeutig...

BTW:
Die Forensuche ist auch hilfreich --> search.php?keywords=Local+resolving+che ... for+domain

marcus198514 · Post by **marcus198514** » Fri 22. Nov 2019, 13:27

Danke für die Antwort aber ganz erlich der Beitrag bringt mich nicht weiter ...

Die Domain löst auf auf den Server .. komme ja auch ohne https drauf

auch bei mxtoolbox wird der richtige server angezeigt

Martin · Post by **Martin** » Fri 22. Nov 2019, 14:38

Hallo,

local resolv check ist ein interner Check, kann der Server selbst die Domain denn korrekt auflösen?

Post by **Jolinar** » Fri 22. Nov 2019, 21:28

Wie Martin schon sagte (und ich vorher auch schon meinte)...der lokale Zugriff auf die Domain schlägt fehl.
Das kannst du z.B. mit wget auf dem CLI des Servers testen.

Ergänzende Fragen:
Steht der Server hinter einer Firewall?
Wird der Zugriff über einen Proxy realisiert?
Ist IPv6 korrekt eingerichtet?
Wenn IPv6 konfiguriert wurde, wie sieht die Ausgabe aus, wenn du

Code: Select all

wget -6 https://install.keyhelp.de/testfile100M.bin

am CLI aufrufst?

Probleme mit SSL :-( [GELÖST]

Probleme mit SSL :-(

Re: Probleme mit SSL :-( [GELÖST]

Re: Probleme mit SSL :-(

Re: Probleme mit SSL :-(

Re: Probleme mit SSL :-(