SOLVED letsencrypt.sh not working

Status
Not open for further replies.

JT000z

New Member
Apr 18, 2023
14
0
1
Ello Ello everyone I am trying to use the letsencrypt.sh to secure my server but when I try to use it it always comes to an error and now I don't know what to do (This was one of my trys but now I done to many trys and got rate limited anway how do I fix it I always tried it right and I never was a issue how that didn't work I entered my domain name and e-mail (changed my hostname too) can anyone help thanks
 

whut

Member
Dec 23, 2022
164
15
18
lets encrypt will fail if your firewall rules are too tight. You might temporary suspend fail2ban service while you run the lets encrypt script. That usually solves it for me. Make sure to start f2b service again as soon as you are done updating certs!
 

whut

Member
Dec 23, 2022
164
15
18
Be patience with stop/start/restart of f2b. Sometimes it could take forever. a.k.a. 30 - 60 seconds.
 

cemotyz09

Member
Apr 23, 2020
83
7
8
add -ca letsencrypt-test to lines 68 & 88 save and try again after trying the other things. That adds the staging ca which has higher limits. Once it works remove that and it should work for the regular server.
 

JT000z

New Member
Apr 18, 2023
14
0
1
add -ca letsencrypt-test to lines 68 & 88 save and try again after trying the other things. That adds the staging ca which has higher limits. Once it works remove that and it should work for the regular server.
There is nothing at line 66 but there is at line 88 and I added it will try it out too thanks in advance

Edit: so I tried it didnt work I receive this
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf

To accept these terms of service run "./dehydrated --register --accept-terms".
After I added it
ERROR: Only one command can be executed at a time. See help (-h) for more information.
nginx: [emerg] cannot load certificate "/etc/dehydrated/certs/voip.modernrp.de/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/dehydrated/certs/voip.modernrp.de/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
This is the edited command:
./dehydrated --register --accept-terms --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01 --ca letsencrypt-test
(Line 88)
 
Last edited:

JT000z

New Member
Apr 18, 2023
14
0
1
Be patience with stop/start/restart of f2b. Sometimes it could take forever. a.k.a. 30 - 60 seconds.
I tried it this was the output

+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:connection"
["error","detail"] "185.94.29.68: Fetching http://voip.modernrp.de/.well-known/acme-challenge/LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI: Connection reset by peer"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:connection","detail":"185.94.29.68: Fetching http://voip.modernrp.de/.well-known/acme-challenge/LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI: Connection reset by peer","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/224816034357/d_pWAg"
["token"] "LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI"
["validationRecord",0,"url"] "http://voip.modernrp.de/.well-known/acme-challenge/LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI"
["validationRecord",0,"hostname"] "voip.modernrp.de"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "185.94.29.68"
["validationRecord",0,"addressesResolved"] ["185.94.29.68"]
["validationRecord",0,"addressUsed"] "185.94.29.68"
["validationRecord",0] {"url":"http://voip.modernrp.de/.well-known/acme-challenge/LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI","hostname":"voip.modernrp.de","port":"80","addressesResolved":["185.94.29.68"],"addressUsed":"185.94.29.68"}
["validationRecord"] [{"url":"http://voip.modernrp.de/.well-known/acme-challenge/LLHQSt-M38Wg3XMd8jQv2b_d24pqaLxNCyjZeHXpDsI","hostname":"voip.modernrp.de","port":"80","addressesResolved":["185.94.29.68"],"addressUsed":"185.94.29.68"}]
["validated"] "2023-05-04T06:14:35Z")
Seems like F2B was not the reason I even disabled the firewall :/
 

whut

Member
Dec 23, 2022
164
15
18
I tried it this was the output


Seems like F2B was not the reason I even disabled the firewall :/
I would have disabled the firewall too temporarily to get lets encrypt to work. After running this in lets encrypt TEST as cemotyz09 suggested and it worked, did you run without the added extra TEST environment?
 

Scubadave112

Member
Jan 24, 2020
122
19
18
36
I had this issue... it was so odd.. i called mark and simple just updated letsencrypt.sh and it worked... i think he said it was outdated, impacted by a recent change or a bug or something.. ii honestly forget but yeah... he just updated it and it was all good and i had the exact same errors as you
 

cemotyz09

Member
Apr 23, 2020
83
7
8
I should have specified after trying the staging ca if you've been blocked already you'd have to wait at most a week till your limit resets. If I'm not mistaken the staging ca still presents a valid cert though.
 

JT000z

New Member
Apr 18, 2023
14
0
1
I had this issue... it was so odd.. i called mark and simple just updated letsencrypt.sh and it worked... i think he said it was outdated, impacted by a recent change or a bug or something.. ii honestly forget but yeah... he just updated it and it was all good and i had the exact same errors as you
Update it how?
 

JT000z

New Member
Apr 18, 2023
14
0
1
I would have disabled the firewall too temporarily to get lets encrypt to work. After running this in lets encrypt TEST as cemotyz09 suggested and it worked, did you run without the added extra TEST environment?
My firewall was disabled I ran it with TEST envionment and without it and both didn't work
 

JT000z

New Member
Apr 18, 2023
14
0
1
I should have specified after trying the staging ca if you've been blocked already you'd have to wait at most a week till your limit resets. If I'm not mistaken the staging ca still presents a valid cert though.
great ok will try again in a diffrent week then
 

pmurphy881

New Member
Sep 28, 2022
8
0
1
42
I had this issue... it was so odd.. i called mark and simple just updated letsencrypt.sh and it worked... i think he said it was outdated, impacted by a recent change or a bug or something.. ii honestly forget but yeah... he just updated it and it was all good and i had the exact same errors as you

I have this issue currently as well and if you could let us know where an updated letsencrypt.sh script is to download or if you can post here I would appreciate it as well. Thanks.
 

pmurphy881

New Member
Sep 28, 2022
8
0
1
42
I did a fresh install on a new system and it worked just fine. Bit of a pain in the butt to do, but it's working now.
 
Status
Not open for further replies.