Unable to install letsencrypt


#1

I am having a ton of problems trying to install letsencrypt. I’ve tried both the guide and the box script but both just keep coming up with just about the same problem

Stalag13:~# box install letsencrypt
Installing letsencrypt
Cloning into ‘acme.sh-master’…
remote: Counting objects: 4490, done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 4490 (delta 4), reused 11 (delta 2), pack-reused 4475
Receiving objects: 100% (4490/4490), 1.55 MiB | 0 bytes/s, done.
Resolving deltas: 100% (2336/2336), done.
Checking connectivity… done.
Please enter an administrator email: [email protected]
Please enter a valid domain: evub
[Thu Jun 29 20:29:20 CEST 2017] Installing to /root/.acme.sh
[Thu Jun 29 20:29:20 CEST 2017] Installed to /root/.acme.sh/acme.sh
[Thu Jun 29 20:29:20 CEST 2017] Installing alias to ‘/root/.bashrc’
[Thu Jun 29 20:29:20 CEST 2017] OK, Close and reopen your terminal to start using acme.sh
[Thu Jun 29 20:29:20 CEST 2017] Installing cron job
38 0 * * * “/root/.acme.sh”/acme.sh --cron --home “/root/.acme.sh” > /dev/null
30 2 * * 1 ~/acme.sh/acme.sh --cron --home ~/acme.sh > /dev/null
30 2 * * 1 ~/acme.sh/acme.sh --cron --home ~/acme.sh > /dev/null
30 2 * * 1 ~/acme.sh/acme.sh --cron --home ~/acme.sh > /dev/null
[Thu Jun 29 20:29:20 CEST 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Jun 29 20:29:20 CEST 2017] OK
[Thu Jun 29 20:29:20 CEST 2017] Standalone mode.
[Thu Jun 29 20:29:20 CEST 2017] Registering account
[Thu Jun 29 20:29:22 CEST 2017] Already registered
[Thu Jun 29 20:29:23 CEST 2017] Update success.
touch: cannot touch ‘/root/.acme.sh/ca/acme-v01.api.letsencrypt.org/ca.conf’: No such file or directory
grep: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/ca.conf: No such file or directory
grep: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/ca.conf: No such file or directory
./acme.sh: 1833: ./acme.sh: cannot create /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/ca.conf: Directory nonexistent
grep: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/ca.conf: No such file or directory
[Thu Jun 29 20:29:23 CEST 2017] ACCOUNT_THUMBPRINT=‘29yyolVBqcnA-kQhfQ’
[Thu Jun 29 20:29:23 CEST 2017] Creating domain key
[Thu Jun 29 20:29:23 CEST 2017] The domain key is here: /root/.acme.sh/evoub/evb.key
[Thu Jun 29 20:29:23 CEST 2017] Single domain=‘evob’
[Thu Jun 29 20:29:23 CEST 2017] Getting domain auth token for each domain
[Thu Jun 29 20:29:23 CEST 2017] Getting webroot for domain=‘evob’
[Thu Jun 29 20:29:23 CEST 2017] Getting new-authz for domain=‘evob’
[Thu Jun 29 20:29:24 CEST 2017] The new-authz request is ok.
[Thu Jun 29 20:29:24 CEST 2017] Verifying:domain
[Thu Jun 29 20:29:24 CEST 2017] Standalone mode server
[Thu Jun 29 20:29:28 CEST 2017] evob:Verify error:Invalid response from http://evol/.well-known/acme-challenge/NqxgvClMLmsgvTZok:
GET / HTTP/1.1
Host: localhost
User-Agent: acme.sh/2.7.3 (https://github.com/Neilpang/acme.sh)
Accept: /

[Thu Jun 29 20:29:29 CEST 2017] Please add ‘–debug’ or ‘–log’ to check more details.
[Thu Jun 29 20:29:29 CEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh


#2

Here’s the guide method

Stalag13:/opt/letsencrypt# ./letsencrypt-auto --apache -d evb
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for ev
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

[Fri Jun 30 00:16:33.948814 2017] [so:warn] [pid 56661] AH01574: module proxy_module is already loaded, skipping
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist

Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

[Fri Jun 30 00:16:34.092855 2017] [so:warn] [pid 56670] AH01574: module proxy_module is already loaded, skipping

Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

[Fri Jun 30 00:16:34.092855 2017] [so:warn] [pid 56670] AH01574: module proxy_module is already loaded, skipping
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/error_handler.py”, line 99, in _call_registered
self.funcs-1
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 1912, in cleanup
self.restart()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 1801, in restart
self._reload()
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 1812, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

[Fri Jun 30 00:16:34.092855 2017] [so:warn] [pid 56670] AH01574: module proxy_module is already loaded, skipping

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

[Fri Jun 30 00:16:33.948814 2017] [so:warn] [pid 56661] AH01574: module proxy_module is already loaded, skipping
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist


#3

Here’s the apache error.log

https://pastebin.com/fgmxMqdM

Snippets from that link

[> Fri Jun 30 05:15:10.892822 2017] [ssl:emerg] [pid 13443] AH02572: Failed to configure at least one certificate and key for localhost:443

[Fri Jun 30 05:15:10.892850 2017] [ssl:emerg] [pid 13443] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jun 30 05:15:10.892856 2017] [ssl:emerg] [pid 13443] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

[Fri Jun 30 05:09:54.444336 2017] [ssl:emerg] [pid 13282] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
[Fri Jun 30 05:09:59.997796 2017] [ssl:warn] [pid 13303] AH01906: 0903b25d38a7fc0d967a3f9a9d0859b4.4cd5e6a6a11f1da1e5cd6366820cb453.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 30 05:09:59.998016 2017] [ssl:emerg] [pid 13303] AH02572: Failed to configure at least one certificate and key for 127.0.0.1:443
[Fri Jun 30 05:09:59.998033 2017] [ssl:emerg] [pid 13303] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) – Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 30 05:09:59.998043 2017] [ssl:emerg] [pid 13303] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) – Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 30 05:09:59.998055 2017] [ssl:emerg] [pid 13303] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned


#4

ls /etc/apache2/sites-enabled/
aliases-seedbox.conf aliases-seedbox.conf.orig default-ssl.conf e.conf fileshare.conf nel.console.conf

Scratch that. apache was running and not it isn’t.


#5

I installed ubuntu 16.04 in a virtual machine and I’m getting the same problem. So there must be something wrong with the script or something else.

and from what I can tell… the script just kills apache and doesn’t bring it back up


#6

Well there’s your issue :joy: You need to enter your domain in it’s full. IE: quickbox.example.com or just example.com for no subdomain.