KeyHelp Community

Code: Select all

[16-Jan-2021 00:00:13] INFO  --> check domain "meine-domain.tld'
[16-Jan-2021 00:00:13] INFO  --> certificate is valid until 2021-01-23 23:01:16 (7 days left)
[16-Jan-2021 00:00:13] INFO  --> certificate is in renewal period
[16-Jan-2021 00:00:13] INFO  --> renew cert
[16-Jan-2021 00:00:13] INFO  --> Using certificate authority: "https://acme-v02.api.letsencrypt.org/" ().
[16-Jan-2021 00:00:13] INFO  --> Getting endpoint URLs.
[16-Jan-2021 00:00:14] INFO  --> Account "keyhelp" already registered. Continue.
[16-Jan-2021 00:00:14] INFO  --> Requesting Key ID.
[16-Jan-2021 00:00:14] INFO  --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[16-Jan-2021 00:00:16] INFO  --> Start certificate generation.
[16-Jan-2021 00:00:17] INFO  --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/local-check-60021e8103d850.48684051
[16-Jan-2021 00:00:17] INFO  --> Local resolving checks of domains successfully completed.
[16-Jan-2021 00:00:17] INFO  --> Requesting challenges for domain "meine-domain.tld".
[16-Jan-2021 00:00:17] INFO  --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-order".
[16-Jan-2021 00:00:18] INFO  --> Start authorization process for "meine-domain.tld".
[16-Jan-2021 00:00:18] INFO  --> Deploy challenge.
[16-Jan-2021 00:00:18] INFO  --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY
[16-Jan-2021 00:00:18] INFO  --> Notify CA that the challenge is ready.
[16-Jan-2021 00:00:18] INFO  --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10106919324/YVX0Iw".
[16-Jan-2021 00:00:20] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:23] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:25] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:28] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:31] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:33] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:36] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:38] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:41] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:44] INFO  --> Waiting for verification...
[16-Jan-2021 00:00:46] ERROR --> a Let's Encrypt error occurred: Verification ended with an error. Response: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"Fetching https:\/\/meine-domain.tld\/.well-known\/acme-challenge\/OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY: Timeout during connect (likely firewall problem)","status":400},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/10106919324\/YVX0Iw","token":"OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY","validationRecord":[{"url":"http:\/\/meine-domain.tld\/.well-known\/acme-challenge\/OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY","hostname":"meine-domain.tld","port":"80","addressesResolved":["37.120.184.174","2a03:4000:f:31d::1"],"addressUsed":"2a03:4000:f:31d::1"},{"url":"http:\/\/meine-domain.tld\/.well-known\/acme-challenge\/OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY","hostname":"meine-domain.tld","port":"80","addressesResolved":["37.120.184.174","2a03:4000:f:31d::1"],"addressUsed":"37.120.184.174"},{"url":"https:\/\/meine-domain.tld\/.well-known\/acme-challenge\/OTCWLzAmGCNVa1yhx0-A28T5LeKOz-88Hw9Un6j-hOY","hostname":"meine-domain.tld","port":"443","addressesResolved":["37.120.184.174","2a03:4000:f:31d::1"],"addressUsed":"2a03:4000:f:31d::1"}]}
[16-Jan-2021 00:00:47] INFO  --> send notification to admin "adminuser" (@)
[16-Jan-2021 00:00:47] INFO  --> finished

Code: Select all

nh@vm4:/root$ ping -4 acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=60 time=3.94 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=60 time=3.79 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=3 ttl=60 time=3.85 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=4 ttl=60 time=3.76 ms
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 3.763/3.834/3.937/0.100 ms

Code: Select all

nh@vm4:/root$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -s 127.0.0.0/8 ! -i lo -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 1/sec -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 127.0.0.0/8 ! -i lo -j DROP
-A FORWARD -i lo -o lo -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type any -m limit --limit 1/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type any -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A f2b-sshd -s 61.177.172.104/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 178.214.243.19/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 54.37.68.191/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 67.205.178.62/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 45.80.64.246/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 167.172.164.37/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 106.54.98.89/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 142.44.211.57/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 139.155.68.39/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 146.185.180.57/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 51.195.148.139/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 85.191.214.236/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 106.75.211.130/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 119.45.181.168/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 151.80.61.249/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 51.254.117.33/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 218.92.0.248/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 193.112.213.187/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 64.213.148.44/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 40.115.6.17/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN

Code: Select all

[30-Jan-2021 00:00:08] INFO  --> check domain "*****.eu'
[30-Jan-2021 00:00:08] INFO  --> certificate is valid until 2021-04-28 16:18:12 (88 days left)
[30-Jan-2021 00:00:08] INFO  --> send notification to user "nh" (*****.de)
[30-Jan-2021 00:00:08] INFO  --> finished

Code: Select all

[28-Jan-2021 16:18:14] INFO  --> All done.
[28-Jan-2021 16:18:14] INFO  --> Apache: reloadApache()
[28-Jan-2021 16:18:14] ERROR --> Apache: syntax error: AH00526: Syntax error on line 35 of /etc/apache2/keyhelp/keyhelp.conf:
SSLCertificateFile: file '/etc/ssl/keyhelp/keyhelp.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
[28-Jan-2021 16:18:14] ERROR --> Apache: no reload due syntax error