filipf
August 4, 2022, 5:13pm
1
Hi, I am getting this error when issuing SSL to my mail subdomain.
[08.04.2022_17-14-26] Status Code: Unkown for: http://www.mail.tenerhack.men/.well-known/acme-challenge/mail.tenerhack.men. Error: Exceeded 30 redirects.
[08.04.2022_17-14-26] Status Code: Unkown for: http://mail.tenerhack.men/.well-known/acme-challenge/mail.tenerhack.men. Error: Exceeded 30 redirects.
[08.04.2022_17-14-28] /root/.acme.sh/acme.sh --issue -d mail.tenerhack.men -d www.mail.tenerhack.men --cert-file /etc/letsencrypt/live/mail.tenerhack.men/cert.pem --key-file /etc/letsencrypt/live/mail.tenerhack.men/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.tenerhack.men/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.04.2022_17-14-28] Failed to obtain SSL for: mail.tenerhack.men and: www.mail.tenerhack.men
[08.04.2022_17-14-28] /root/.acme.sh/acme.sh --issue -d mail.tenerhack.men --cert-file /etc/letsencrypt/live/mail.tenerhack.men/cert.pem --key-file /etc/letsencrypt/live/mail.tenerhack.men/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.tenerhack.men/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.04.2022_17-14-28] Failed to obtain SSL, issuing self-signed SSL for: mail.tenerhack.men
[08.04.2022_17-14-28] {'[email protected] ': (554, b'5.7.1 <[email protected] >: Relay access denied')}
[08.04.2022_17-14-28] Websites matching query does not exist. [installSSLForDomain:72]
[08.04.2022_17-14-28] Self signed SSL issued for mail.tenerhack.men.
My DNS records are setup like this:
DNS records in Hetzner DNS
Am I missing something?
Thank you!
why would we care about dns records?
Anyway just put a file inside of /usr/local/lsws/Example/html/.well-known/acme-challenge
Any file, then try to access it with http://mail.tenerhack.men/.well-known/acme-challenge/myfilehere
If you can access it, over HTTP, then come back here. If you can’t, well fix that. Honestly it’s all in the log, it’s not even a difficult issue.
filipf
August 4, 2022, 6:17pm
3
because other users were suspecting it might be might DNS records setup incorrectly.
I cannot access my file via HTTP, getting 404 “The page isn’t redirecting properly”
in the vhost.conf of that domain, there should be something that looks like
context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
}
Make sure it’s there, or add it. Also, remove those 404 directive, the infinite redirection is embarrassing. You can send the vhost file.
filipf
August 4, 2022, 6:34pm
6
yeah, not sure why that 404 directive happens, everything should be stock…
I added the context into the vhost config file of that domain. It was not there, but did not solve the issue.
docRoot /home/tenerhack.men/mail.tenerhack.men
vhDomain $VH_NAME
vhAliases www.$VH_NAME
adminEmails [email protected]
enableGzip 1
enableIpGeo 1
index {
useServer 0
indexFiles index.php, index.html
}
errorlog $VH_ROOT/logs/tenerhack.men.error_log {
useServer 0
logLevel WARN
rollingSize 10M
}
accesslog $VH_ROOT/logs/tenerhack.men.access_log {
useServer 0
logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}
phpIniOverride {
}
module cache {
storagePath $VH_ROOT/lscache
}
errorpage 403 {
url 403.html
}
errorpage 404 {
url 404.html
}
errorpage 500 {
url 500.html
}
scripthandler {
add lsapi:tener15585960 php
}
extprocessor tener15585960 {
type lsapi
address UDS://tmp/lshttpd/tener15585960.sock
maxConns 10
env LSAPI_CHILDREN=10
initTimeout 60
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp73/bin/lsphp
extUser tener1558
extGroup tener1558
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}
rewrite {
enable 1
autoLoadHtaccess 1
}
context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
}
vhssl {
keyFile /etc/letsencrypt/live/mail.tenerhack.men/privkey.pem
certFile /etc/letsencrypt/live/mail.tenerhack.men/fullchain.pem
certChain 1
sslProtocol 24
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}
did you restart the server?
edit : just lsws not the full server
filipf
August 4, 2022, 6:41pm
8
restarted it, tried requesting ssl for my mail and main domain now, neither of those working now
God, why I even try. Look, that’s not what I’m asking, ok, you know there’s a limit to how many certificate request you can do per day, per hour and all of that.
Ok? So just answer what I ask, just stop messing up files and listen for 5 seconds. Ok, what matters now is the very first error in the log
http://www.mail.tenerhack.men/.well-known/acme-challenge/mail.tenerhack.men. Error: Exceeded 30 redirects.
You need mail.tenerhack.men/.well-known/acme-challenge to point at a certificate challenge, nothing else matters, you’ll never get a certificate until you fix that.
1 Like
