Hello
Lets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
wget -O - https://get.acme.sh | sh
Regards
When i certbot renew on the command line it gives me following error:
certbot renew
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.37.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2566, in load_entry_point
return ep.load()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2260, in load
entry = import(self.module_name, globals(),globals(), [‘name’])
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 17, in
from certbot import account
File “/usr/lib/python2.7/site-packages/certbot/account.py”, line 17, in
from acme import messages
File “/usr/lib/python2.7/site-packages/acme/messages.py”, line 11, in
from acme import challenges
File “/usr/lib/python2.7/site-packages/acme/challenges.py”, line 12, in
import requests
File “/usr/lib/python2.7/site-packages/requests/init.py”, line 97, in
from . import utils
File “/usr/lib/python2.7/site-packages/requests/utils.py”, line 28, in
from .compat import (
ImportError: cannot import name integer_types
HelloLets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
wget -O - https://get.acme.sh | shRegards
Thanks!
That’s not the problem, CyberPanel. I am still getting errors after updating. It used to be that whenever redirect rules/.htaccess files were active, Let’s Encrypt could automatically renew certificates around those redirects. The issue is we have to completely clear out each of those .htaccess files individually, then renew manually, and then restore those .htaccess files.
EDIT: All the domains appear to renew without issue after renewing. It must be a permissions issue that requires an initial renewal after upgrading depending on the age of the certificate.
HelloLets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
wget -O - https://get.acme.sh | shRegards
After update having this:
Cannot issue SSL. Error message: [Fri Sep 27 09:10:20 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/j0zzRjwK15N13l_M2Qtzd8udOIoTJP3xNwO9ceRlv3c [159.69.144.185]: [Fri Sep 27 09:10:20 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:10:20 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:10:33 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/5gZ7VZxjt0-WuTcp-L8SMRXZcg8MFCi353iTiQrBy80 [159.69.144.185]: [Fri Sep 27 09:10:33 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:10:33 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
and this:
Cannot issue SSL. Error message: [Fri Sep 27 09:13:18 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:18 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:18 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:13:22 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:22 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:22 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
CyberPanel is latest (clean installed two weeks ago)
HelloLets Encrypt made some changes, due to which you need to upgrade your acme client if you are having issues getting SSLs. (This only applies to old installations, as new installations get latest code). Execute following command:
wget -O - https://get.acme.sh | shRegards
After update having this:
Cannot issue SSL. Error message: [Fri Sep 27 09:10:20 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/j0zzRjwK15N13l_M2Qtzd8udOIoTJP3xNwO9ceRlv3c [159.69.144.185]: [Fri Sep 27 09:10:20 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:10:20 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:10:33 UTC 2019] dev1.exista.dev:Verify error:Invalid response from https://dev1.exista.dev/.well-known/acme-challenge/5gZ7VZxjt0-WuTcp-L8SMRXZcg8MFCi353iTiQrBy80 [159.69.144.185]: [Fri Sep 27 09:10:33 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:10:33 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
and this:
Cannot issue SSL. Error message: [Fri Sep 27 09:13:18 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:18 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:18 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub [Fri Sep 27 09:13:22 UTC 2019] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”, “status”: 429 } [Fri Sep 27 09:13:22 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details. [Fri Sep 27 09:13:22 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub 0,283 Failed to obtain SSL for domain. [issueSSLForDomain]
CyberPanel is latest (clean installed two weeks ago)
This issue is that when you update acme.sh, it loses the proper permissions it needs to temporarily disable the .htaccess/URL redirects of your website, which it uses in the certification process in order to verify that your domain is tied to your server. I had this problem with any of my sites that had the .htaccess enabled, be it proxies or WordPress sites. So as a workaround, you have to temporarily (1) copy to a safe place your .htaccess file contents, (2) temporarily clear your .htaccess file, (3) then run the SSL renewal in CyberPanel, and (4) finally restore your .htaccess file. After you complete this process, whenever it needs to renew again anytime in the future, it should renew automatically without you having to clear your .htaccess file.
I am experiencing issues deploying new sites with SSL Certificates. ( or deploying them without SSL and trying to get it after the fact).
I believe it does have something to do with permissions, however I don’t have the chance to update or move the .htaccess as it’s a new site. Even if I deploy the site without SSL, then try to get one after , there is no .htaccess to move
Same issues, upgrading didn’t work, can’t make new sites because they always go 403, 404 and have errors/issues
This only started happening recently
I just installed cyberpanel and the same is happening with me
Just putting this out there…YMMV
On my homelab with CyberPanel I was getting SSL renewal failure on a baremetal Centos 7.x system
1). I did update the system / CP to 1.9 / acme.sh script with no success.
2). I just found the below and switched to --use-wget and everything renewed.
@Redmound How did you add --use-wget? Are you manually requesting the certs from command line?
I’ve tried adding it and still getting a 403 forbidden when letsencrypt trys to hit Cyberpanel.
If anyone is having the same issue with Centos;
Editing line 4286 of acme.sh ( newest version)
Old: if ! _exec “chown -R “$webroot_owner” “$_currentRoot/.well-known””; then
New: if ! _exec “chmod -R 755 “$_currentRoot/.well-known””; then
My production server is too new for any of the certs to expire…my development server is older and the certs started expiring and not renewing.
I did one manually with the entry from cron…it would show the CA server to be busy and never completed. It was leaving all kinds of orphaned Txt files.
I tried one domain manually with the --use-wget and it went straight through with curl (default) it hung in a loop.
I added the --use-wget to the cron entry and today the rest of the domains updated.
The issue I had was with letsencrypt changing to http/2 and centos (curl) not working. Acme.sh has been updated, but I don’t think it has solved all the issues with centos.
So what needs to be done here in order to update my code properly? OP posted a method, was told by the community that it didn’t work, and the OP has now ignored the community for 2 weeks. . .
What’s going on @CyberPanel
Is it possible to setup a CRON job to run acme.sh --upgrade?