Let's Encrypt Token Problem

[comsystem]

Hallo,

ich hätte folgendes Problem:

Leider kann ich aktuell auf einem frisch installierten System keine Let's Encrypt Zertifikate erstellen.
KeyHelp speichert die Token im Verzeichnis /home/keyhelp/www/.well-known/acme-challenge ab, wirft man einen Blick in die einzelnen Hash-Files kommt immer wieder der selbe Token zum Vorschein, normalerweise sollte dieser immer einzigartig sein.
Kann man auch wunderbar online testen:
http://1.test.rareloot.at/.well-known/a ... klmQQyXu7M
http://server.topit.at/.well-known/acme ... beWVKJAVBc

bei beiden bekommt man als Rückmeldung den Hash und nach dem Punkt den Token, jedoch ist trotz anderem Hash der Token der selbe.
Deswegen kommt immer die Rückmeldung mal sollte den Token prüfen.

Jetzt steh ich an - vielleicht hat ja jemand eine Lösung

Danke schön mal.

[Alexander]

Hallo,

der Teil nach dem Punkt ("Fingerprint") ist benutzerabhängig und nur dann identisch, wenn der selbe Benutzeraccount Let's Encrypt Zertifikate beantragt. Wenn ein anderer Benutzer für seine Domains Zertifikate beantragt ist der Fingerprint ein anderer.

Poste doch einmal den entsprechenden Auszug aus dem update.log.

[comsystem]

falscher eintrag

[Alexander]

Das ist nicht der Auszug in dem die Zertifikate für besagte Domains beantragt werden.

[comsystem]

[08-May-2018 00:43:01] INFO --> load tasks ... 6 found
[08-May-2018 00:43:01] DEBUG --> task type IDs: 500, 600, 500, 600, 500, 600
[08-May-2018 00:43:01] DEBUG --> Bind: __construct()
[08-May-2018 00:43:01] DEBUG --> Bind: writeConfig()
[08-May-2018 00:43:01] DEBUG --> Bind: checkDirectory()
[08-May-2018 00:43:01] DEBUG --> Bind: directory "/etc/bind/keyhelp_domains/" already exists
[08-May-2018 00:43:01] DEBUG --> Bind: getNameserver()
[08-May-2018 00:43:01] DEBUG --> Bind: 2 nameservers found
[08-May-2018 00:43:01] DEBUG --> Bind: getIPs()
[08-May-2018 00:43:01] DEBUG --> Bind: 1 ips found
[08-May-2018 00:43:01] DEBUG --> Bind: generate zone file for domain "snakepower.de"
[08-May-2018 00:43:01] INFO --> Bind: write zone file for domain "snakepower.de"
[08-May-2018 00:43:01] DEBUG --> Bind: generate zone file for domain "snakepower.me"
[08-May-2018 00:43:01] INFO --> Bind: write zone file for domain "snakepower.me"
[08-May-2018 00:43:01] DEBUG --> Bind: generate zone file for domain "mediatron.at"
[08-May-2018 00:43:01] INFO --> Bind: write zone file for domain "mediatron.at"
[08-May-2018 00:43:01] DEBUG --> Bind: generateKeyhelpConf()
[08-May-2018 00:43:01] INFO --> Bind: write config file "named.conf.keyhelp"
[08-May-2018 00:43:01] DEBUG --> Bind: checkSyntax()
[08-May-2018 00:43:01] DEBUG --> Bind: syntax ok
[08-May-2018 00:43:01] INFO --> Bind: reload bind config
[08-May-2018 00:43:01] DEBUG --> Apache: applyAllConfigChanges()
[08-May-2018 00:43:01] DEBUG --> Apache: checkDirectories()
[08-May-2018 00:43:01] DEBUG --> Apache: cleanAll()
[08-May-2018 00:43:01] DEBUG --> Apache: cleanVhosts()
[08-May-2018 00:43:01] DEBUG --> Apache: cleanCustomVhosts()
[08-May-2018 00:43:01] DEBUG --> Apache: cleanPhpFpmPools()
[08-May-2018 00:43:01] DEBUG --> Apache: cleanHtpasswd()
[08-May-2018 00:43:01] DEBUG --> Apache: getUserIdsWithModifiedDomains()
[08-May-2018 00:43:01] DEBUG --> Apache: we will now apply configs changes of user id "2"
[08-May-2018 00:43:01] DEBUG --> Apache: config data loaded for user id "2" ("sven")
[08-May-2018 00:43:01] DEBUG --> load domain "snakepower.at"
[08-May-2018 00:43:01] DEBUG --> domain uses lets encrypt - check if certs are already available
[08-May-2018 00:43:01] DEBUG --> lets encrypt cert not available, we request it and rewrite vhost later on
[08-May-2018 00:43:01] DEBUG --> load domain "www.snakepower.at"
[08-May-2018 00:43:01] DEBUG --> domain without ssl option
[08-May-2018 00:43:01] DEBUG --> load domain "snakepower.de"
[08-May-2018 00:43:01] DEBUG --> domain uses lets encrypt - check if certs are already available
[08-May-2018 00:43:01] DEBUG --> lets encrypt cert not available, we request it and rewrite vhost later on
[08-May-2018 00:43:01] DEBUG --> load domain "www.snakepower.de"
[08-May-2018 00:43:01] DEBUG --> domain without ssl option
[08-May-2018 00:43:01] DEBUG --> load domain "snakepower.me"
[08-May-2018 00:43:01] DEBUG --> domain uses lets encrypt - check if certs are already available
[08-May-2018 00:43:01] DEBUG --> lets encrypt cert not available, we request it and rewrite vhost later on
[08-May-2018 00:43:01] DEBUG --> load domain "www.snakepower.me"
[08-May-2018 00:43:01] DEBUG --> domain without ssl option
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "snakepower.at"
[08-May-2018 00:43:01] DEBUG --> Apache: domain uses lets encrypt for first time - mark user config for rewrite
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "www.snakepower.at"
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "snakepower.de"
[08-May-2018 00:43:01] DEBUG --> Apache: domain uses lets encrypt for first time - mark user config for rewrite
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "www.snakepower.de"
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "snakepower.me"
[08-May-2018 00:43:01] DEBUG --> Apache: domain uses lets encrypt for first time - mark user config for rewrite
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "www.snakepower.me"
[08-May-2018 00:43:01] DEBUG --> Apache: save config to "/etc/apache2/keyhelp/vhosts/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "snakepower.at"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "www.snakepower.at"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "snakepower.de"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "www.snakepower.de"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "snakepower.me"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[sven]" for domain "www.snakepower.me"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/sven.conf"
[08-May-2018 00:43:01] DEBUG --> Apache: we will now apply configs changes of user id "3"
[08-May-2018 00:43:01] DEBUG --> Apache: config data loaded for user id "3" ("adalbert")
[08-May-2018 00:43:01] DEBUG --> load domain "mediatron.at"
[08-May-2018 00:43:01] DEBUG --> domain uses lets encrypt - check if certs are already available
[08-May-2018 00:43:01] DEBUG --> lets encrypt cert not available, we request it and rewrite vhost later on
[08-May-2018 00:43:01] DEBUG --> load domain "www.mediatron.at"
[08-May-2018 00:43:01] DEBUG --> domain without ssl option
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "mediatron.at"
[08-May-2018 00:43:01] DEBUG --> Apache: domain uses lets encrypt for first time - mark user config for rewrite
[08-May-2018 00:43:01] DEBUG --> Apache: add vhost container for domain "www.mediatron.at"
[08-May-2018 00:43:01] DEBUG --> Apache: save config to "/etc/apache2/keyhelp/vhosts/adalbert.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[adalbert]" for domain "mediatron.at"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/adalbert.conf"
[08-May-2018 00:43:01] DEBUG --> PHP-FPM: add php-fpm pool "[adalbert]" for domain "www.mediatron.at"
[08-May-2018 00:43:01] DEBUG --> save config to "/etc/php/7.0/fpm/keyhelp_pool/adalbert.conf"
[08-May-2018 00:43:01] DEBUG --> Apache: reloadApache()
[08-May-2018 00:43:01] DEBUG --> Apache: syntax ok
[08-May-2018 00:43:01] DEBUG --> Apache: reloading apache
[08-May-2018 00:43:02] DEBUG --> Apache: reloadPhpFpm()
[08-May-2018 00:43:02] DEBUG --> PHP-FPM (php7.0-fpm): syntax ok
[08-May-2018 00:43:02] DEBUG --> PHP-FPM (php7.0-fpm): reloading php-fpm
[08-May-2018 00:43:02] DEBUG --> Apache: request lets encrypt cert
[08-May-2018 00:43:02] DEBUG --> Apache: request for domain "snakepower.at"
[08-May-2018 00:43:02] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[08-May-2018 00:43:02] DEBUG --> Using terms of service "https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf".
[08-May-2018 00:43:02] DEBUG --> Account already registered. Continue.
[08-May-2018 00:43:02] DEBUG --> Start certificate generation process for domains.
[08-May-2018 00:43:02] DEBUG --> Request callenge for "snakepower.at".
[08-May-2018 00:43:02] DEBUG --> Sending signed request to "/acme/new-authz".
[08-May-2018 00:43:03] DEBUG --> Got challenge token for "snakepower.at".
[08-May-2018 00:43:03] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/kMUgF17rYRfi2iOtYJYJwhJ0X5awWidTBk4-2QLSQTM".
[08-May-2018 00:43:03] DEBUG --> Token should be available at "http://snakepower.at/.well-known/acme-c ... k4-2QLSQTM".
[08-May-2018 00:43:03] ERROR --> Apache: a lets encrypt error occurred: Self check is unable to access token uri "http://snakepower.at/.well-known/acme-c ... k4-2QLSQTM"
[08-May-2018 00:43:03] DEBUG --> Apache: request for domain "snakepower.de"
[08-May-2018 00:43:03] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[08-May-2018 00:43:03] DEBUG --> Using terms of service "https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf".
[08-May-2018 00:43:03] DEBUG --> Account already registered. Continue.
[08-May-2018 00:43:03] DEBUG --> Start certificate generation process for domains.
[08-May-2018 00:43:03] DEBUG --> Request callenge for "snakepower.de".
[08-May-2018 00:43:03] DEBUG --> Sending signed request to "/acme/new-authz".
[08-May-2018 00:43:03] DEBUG --> Got challenge token for "snakepower.de".
[08-May-2018 00:43:03] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/UXvxCfwQ1LLtYvko0KED4us7PNnFhikpDbeWVKJAVBc".
[08-May-2018 00:43:03] DEBUG --> Token should be available at "http://snakepower.de/.well-known/acme-c ... beWVKJAVBc".
[08-May-2018 00:43:03] ERROR --> Apache: a lets encrypt error occurred: Self check is unable to access token uri "http://snakepower.de/.well-known/acme-c ... beWVKJAVBc"
[08-May-2018 00:43:03] DEBUG --> Apache: request for domain "snakepower.me"
[08-May-2018 00:43:03] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[08-May-2018 00:43:04] DEBUG --> Using terms of service "https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf".
[08-May-2018 00:43:04] DEBUG --> Account already registered. Continue.
[08-May-2018 00:43:04] DEBUG --> Start certificate generation process for domains.
[08-May-2018 00:43:04] DEBUG --> Request callenge for "snakepower.me".
[08-May-2018 00:43:04] DEBUG --> Sending signed request to "/acme/new-authz".
[08-May-2018 00:43:04] DEBUG --> Got challenge token for "snakepower.me".
[08-May-2018 00:43:04] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/lcU1BZxo-q7Q3KWvRzMji4joFZP9v9By7JF7fl8hthU".
[08-May-2018 00:43:04] DEBUG --> Token should be available at "http://snakepower.me/.well-known/acme-c ... JF7fl8hthU".
[08-May-2018 00:43:04] ERROR --> Apache: a lets encrypt error occurred: Self check is unable to access token uri "http://snakepower.me/.well-known/acme-c ... JF7fl8hthU"
[08-May-2018 00:43:04] DEBUG --> Apache: request for domain "mediatron.at"
[08-May-2018 00:43:04] DEBUG --> Using certificate authority "https://acme-v01.api.letsencrypt.org".
[08-May-2018 00:43:05] DEBUG --> Using terms of service "https://letsencrypt.org/documents/LE-SA ... 5-2017.pdf".
[08-May-2018 00:43:05] DEBUG --> Account already registered. Continue.
[08-May-2018 00:43:05] DEBUG --> Start certificate generation process for domains.
[08-May-2018 00:43:05] DEBUG --> Request callenge for "mediatron.at".
[08-May-2018 00:43:05] DEBUG --> Sending signed request to "/acme/new-authz".
[08-May-2018 00:43:05] DEBUG --> Got challenge token for "mediatron.at".
[08-May-2018 00:43:05] DEBUG --> Token stored at "/home/keyhelp/www/.well-known/acme-challenge/C6UC2MykmlhA26m0_kTJDWeLVIwIxLHTyfaIgAKsjVY".
[08-May-2018 00:43:05] DEBUG --> Token should be available at "http://mediatron.at/.well-known/acme-ch ... faIgAKsjVY".
[08-May-2018 00:43:05] ERROR --> Apache: a lets encrypt error occurred: Self check is unable to access token uri "http://mediatron.at/.well-known/acme-ch ... faIgAKsjVY"
====

bitte nur den Eintrag von mediatron.at betrachten, alle anderen zeigen aktuell wieder auf einen anderen Server.

[Alexander]

Was sagt der Befehl auf dem Server:

Code: Select all

wget http://mediatron.at/.well-known/acme-challenge/C6UC2MykmlhA26m0_kTJDWeLVIwIxLHTyfaIgAKsjVY

Warum ist das für https://mediatron.at hinterlegte Zertifikat auf einen anderen Namen ausgestellt? Was ist ggf. manuell am KeyHelp vorbei konfiguriert / verschoben wurden?

[comsystem]

System wurde frisch installiert Debian 9 und die Domains angelegt. Sonst würde nichts verändert.