Bei einer Konfiguration treten bei der Erstellung von LetsEncrypt Zertifikaten bei einigen Domains Fehler auf:
HTML
root@v22016102474838XXX:~# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updating Let's Encrypt certificates
[information] Updating v22016102474838XXX.nicesrv.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Using existing account key
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for v22016102474838XXX.nicesrv.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for v22016102474838XXX.nicesrv.de
[information] letsencrypt Token for v22016102474838XXX.nicesrv.de saved at /var/www/froxlor/.well-known/acme-challenge/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds and should be available at http://v22016102474838XXX.nicesrv.de/.well-known/acme-challenge/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds
[error] letsencrypt Please check http://v22016102474838XXX.nicesrv.de/.well-known/acme-challenge/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/v22016102474838XXX.nicesrv.de\/.well-known\/acme-challenge\/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds): failed to open stream: Connection refused","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":232}
[information] letsencrypt Sending request to challenge
[information] letsencrypt Sending signed request to https://acme-v01.api.letsencrypt.org/acme/challenge/_1-2bhvSdgsRx5wGNgKi1vj4i7SrtxIqtMpbrhB8rjM/913689768
[information] letsencrypt Verification pending, sleeping 1s
[error] Could not get Let's Encrypt certificate for v22016102474838XXX.nicesrv.de: Verification ended with error: {"identifier":{"type":"dns","value":"v22016102474838XXX.nicesrv.de"},"status":"invalid","expires":"2017-04-06T06:45:31Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/v22016102474838XXX.nicesrv.de\/.well-known\/acme-challenge\/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds: "<html>\r\n<head><title>404 Not Found<\/title><\/head>\r\n<body bgcolor="white">\r\n<center><h1>404 Not Found<\/h1><\/center>\r\n<hr><center>"","status":403},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/_1-2bhvSdgsRx5wGNgKi1vj4i7SrtxIqtMpbrhB8rjM\/913689768","token":"jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds","keyAuthorization":"jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds.3eZ9pwD1rA_X2Uzh-UwdC1XtcolJ4XkJTZscM3MIbv0","validationRecord":[{"url":"http:\/\/v22016102474838XXX.nicesrv.de\/.well-known\/acme-challenge\/jTYfYPQijNbXULpWegsaxIhBsIBGmJX64AxWG0--0Ds","hostname":"v22016102474838XXX.nicesrv.de","port":"80","addressesResolved":["188.68.55.20"],"addressUsed":"188.68.55.20"}]},{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/_1-2bhvSdgsRx5wGNgKi1vj4i7SrtxIqtMpbrhB8rjM\/913689769","token":"qBqkSivdUIdc1o37NUDEgHiN4rTrw_72Sg_vUzgWPqU"},{"type":"tls-sni-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/_1-2bhvSdgsRx5wGNgKi1vj4i7SrtxIqtMpbrhB8rjM\/913689770","token":"2c4WlW-ZSsIBeSR73hfekbGBML9q3MBhHbhN-rMZhL0"}],"combinations":[[2],[1],[0]]}
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
Alles anzeigen
Das System ist folgendermaßen konfiguriert
- Debian Jessie
- Froxlor
- nginx mit php-fcgi
- Apache2.4 als optionaler Proxy über Port 8080
- Konfiguration ausgehend von den Froxlor Vorgaben
Eine erstellte /var/www/froxlor/.well-known/acme-challenge/test.txt ist über die entsprechende Domain aufrufbar.
Was mich wundert ist, dass weitere Domains und auch Subdomains diesen Fehler nicht auslösen.
Viele Grüße, Dorian