Letsencypt still broken

[mhertel]

Just updated and I'm still getting the same error:

[Thu Aug 24 20:34:08 CEST 2017] Single domain='XXXX.com'
[Thu Aug 24 20:34:08 CEST 2017] Getting domain auth token for each domain
[Thu Aug 24 20:34:08 CEST 2017] Getting webroot for domain='XXXX.com'
[Thu Aug 24 20:34:08 CEST 2017] Getting new-authz for domain='XXXX.com'
[Thu Aug 24 20:34:14 CEST 2017] The new-authz request is ok.
[Thu Aug 24 20:34:14 CEST 2017] Verifying:XXXX.com
[Thu Aug 24 20:34:14 CEST 2017] Nginx mode for domain:XXXX.com
[Thu Aug 24 20:34:15 CEST 2017] Can not find conf file for domain XXXX.com
[Thu Aug 24 20:34:15 CEST 2017] Please add '--debug' or '--log' to check more details.
[Thu Aug 24 20:34:15 CEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Aug 24 20:34:16 CEST 2017] Installing CA to:/etc/nginx/ssl/XXXX.com/chain.pem
cat: /root/.acme.sh/XXXX.com/ca.cer: No such file or directory
(Domain name removed..)

[liaralabs]

Hey @mhertel, sorry you're still having issues. Clean or dirty install from the last issue?

If you're using a dirty install, there are some things that need to be updated in /etc/nginx/sites-enabled/default in order for this to start working.

The easiest way to get you going without reinstalling nginx or the entire box would be:

hostname=sub.domain.com(enter your (sub)domain here)
rm -rf /etc/nginx/ssl/${hostname}
cat > /etc/nginx/sites-enabled/default <<NGC
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;

  location /.well-known {
    alias /srv/.well-known;
    allow all;
    default_type "text/plain";
    autoindex    on;
  }

  location / {
    return 301 https://\$server_name\$request_uri;
  }
}

# SSL configuration
server {
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;
  server_name _;
  ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
  include snippets/ssl-params.conf;
  client_max_body_size 40M;
  server_tokens off;
  root /srv/;

  index index.html index.php index.htm;

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
  }

  include /etc/nginx/apps/*;

  location ~ /\.ht {
    deny all;
  }

  location /fancyindex {

  }
}
NGC

This will rebuild nginx with the proper configuration and wipe out the empty ssl certs from a botched install. If you run the updated letsencrypt script, it should find the necessary hooks to inject your hostname for acme.sh to find them.

Please let me know if you're still running into issues after this

[mhertel]

I actually did a clean install after it failed last time since I couldnt get nginx to run properly again LOL

I will try out what you posted and will report back..

[mhertel]

ok, it worked.. I also changed my hostname to what letsencrypt was looking for.

Cheers!

[mhertel]

Hmm, letsencrypt worked, but now rutorrent won't connect to rtorrent any more.. Let's see what I broke now lol

[mhertel]

I got it working now, some of the copy paste for the nginx config was borked..

[liaralabs]

That's why I recommend cat -- the cat command necessarily has to escape the $ in the file, otherwise cat will expand them as variables (which are null)

fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;

becomes

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Once the command is done.

Is this safe to close now?

[mhertel]

Yes, thanks again!