LetsEncrypt Timeout on validation

pntaylor · March 5, 2018, 4:17am

Hi there,

Trying to install and configure LetsEncrypt, I run the command sudo box install letsencrypt, however when it gets to the end I get the following error:

Verify error:Fetching http://quickbox.domain.net/.well-known/acme-challenge/RCoMydy9sZONEWLDIlFm8q3r0PRyKzS8W4QEHEDW1z8: Timeout

Can anyone help me out here on this one? I tried it for the subdomain and for the top level domain, the subdomain is the one point to my Quickbox install so thought that should work. I can ssh and so forth from external on it so it’s pointing to the right IP.

Update so after some more digging it looks like the .pem file isn’t being created and therefore doesn’t exist in /etc/apache2/ssl/certs as a result the restart of apache2 failed. Any idea why this file isn’t being created, am I meant to create it or something?

bate · March 5, 2018, 8:38am

Hi, took the liberty to edit out your domain name.

Are you using CloudFlare ?

pntaylor · March 5, 2018, 8:39am

Sort of, Cloudflare is a freebie from my host MediaTemple but I couldn’t find the cloud icon I saw in another post related to SSL issues and thank you for editing the domain out!

bate · March 5, 2018, 8:42am

The cloud icon is visible under DNS menu on CloudFlare. Same plce where you setup the A-record

pntaylor · March 5, 2018, 8:43am

That’s the thing, all A Records etc are done on my hosting, not CloudFlare so that option doesn’t show.

Got Quickbox back up and running but not sure what about the setup is causing things to fail so horribly.

pntaylor · March 5, 2018, 9:23am

So if I rename and remove the default-ssl.conf I can get things going but that’s defeating the point I guess.

JMSolo · March 5, 2018, 10:49pm

You can keep the default-ssl.conf. Just check the /root/.acme.sh directory for any certificates. If they are available within their respected directories, simply remove them and run box install letsencrypt. Typically a timeout means that it’s not reaching the domain via whatever IP is set.

If apache though isn’t restarting, this is probably b/c the sed command inserted the “supposed” generated certs. You can comment out those particular fields and run the restart once more.

Better to simply add back in the default inserts of the self-signed certificates and restart. Those are posted here:

github.com

QuickBox/QB/blob/master/setup/templates/default-ssl.conf.template#L38-L39


SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

pntaylor · March 5, 2018, 11:50pm

Thanks for your reply and reverting the SSL certs works and Apache restarts just fine now. I think my problem is on my home router, it wasn’t forwarding the port properly and therefore was never reaching my box. Going to have to take some time and figure out exactly how to make that part work before trying this again.

Thanks to both of you for your assistance, very much appreciated!