SEC_ERROR_REVOKED_CERTIFICATE

    @bubaweb


    You're welcome.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    NO LUCKY
    I update to 1.3.14 and added the PanelRedirect plugin, but if I try to connect to cpntrol panel on port 4443 no result SEC_ERROR_REVOKED_CERTIFICATE



    So I try to connect to 443 same result



    I try to disable SSL and re enable it, no WAY



    Now just need some more help... ;(

    That works for me:


    01.png
    02.png

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Ok, I see the revoked status on ssllab. Can I check your server now? It look like the ssl certificate has been revoked but still present on your system. The LetsEncrypt plugin only check for the expiry date. I think that we can solve the problem by disabling SSL, ensuring that SSL certificate lineage is removed on the fs and then, re-enable SSL for new SSL certificate issuance. I don't know how you have revoked the certificate but normally, when an SSL certificate is revoked, the plugin also remove the lineage to avoid such problem if you re-enable SSL later on.


    I wait for your greenlight.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Ok. I'll fix the problem in few minutes. Please don't do anything on the server as long as I'm working on it.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @bubaweb


    There is a bug in the LetsEncrypt plugin.


    Expected behavior


    When disabling SSL for a domain (here the control panel domain), The SSL certificate must be revoked and the SSL certificate lineage must be removed. If the SSL certificate is already revoked:


    Code
    1. Error: urn:acme:error:malformed :: The request message was malformed :: Certificate already revoked


    the plugin must remove the SSL certificate lineage.


    Current behavior


    If the SSL certificate is already revoked, the SSL certificate lineage is not removed. Hence, when your re-enable SSL for the same domain (here the control panel domain), the old SSL certificate which has been revoked) is reused, explaining the problem.


    Give me few minutes to fix your server. I'll also release a new version of the LetsEncrypt plugin once done.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @bubaweb


    Problem fixed on your server. I've fixed the bug manually in LetsEncrypt plugin. To resume:


    Prior fixing the bug,

    Shell-Script
    1. root@osso:/etc/letsencrypt# cat /var/log/imscp/Modules\:Plugin_LetsEncrypt.log[Wed Dec 28 12:48:14 2016] [debug] Modules::Plugin::_call: Calling run() method on Plugin::LetsEncrypt[Wed Dec 28 12:48:14 2016] [debug] iMSCP::Execute::execute: /usr/local/sbin/certbot-auto revoke --no-self-upgrade --text --agree-tos --non-interactive --email [email protected] --cert-path /etc/letsencrypt/live/osso.demoweb.it/cert.pem[Wed Dec 28 12:48:16 2016] [debug] iMSCP::Execute::getExitCode: Command exited with value: 1[Wed Dec 28 12:48:16 2016] [debug] Plugin::LetsEncrypt::_revokeCertificate: Nuxwin STDERR: SCALAR(0x3a3f9b8)[Wed Dec 28 12:48:16 2016] [debug] Plugin::LetsEncrypt::_revokeCertificate: Nuxwin STDOUT: SCALAR(0x4a3f5e6)[Wed Dec 28 12:48:16 2016] [error] Plugin::LetsEncrypt::run: todelete

    Here, I've added debug variables for STDERR and STDOUT. As you can see, scalar ref were used which explain why the method for parsing error string failed. string is expected.


    After fixing the bug

    Shell-Script
    1. root@osso:/etc/letsencrypt# cat /var/log/imscp/Modules\:Plugin_LetsEncrypt.log
    2. [Wed Dec 28 12:55:28 2016] [debug] Modules::Plugin::_call: Calling run() method on Plugin::LetsEncrypt
    3. [Wed Dec 28 12:55:28 2016] [debug] iMSCP::Execute::execute: /usr/local/sbin/certbot-auto revoke --no-self-upgrade --text --agree-tos --non-interactive --email [email protected] --cert-path /etc/letsencrypt/live/osso.demoweb.it/cert.pem
    4. [Wed Dec 28 12:55:30 2016] [debug] iMSCP::Execute::getExitCode: Command exited with value: 1
    5. [Wed Dec 28 12:55:30 2016] [debug] Plugin::LetsEncrypt::_revokeCertificate: Nuxwin STDERR: Saving debug log to /var/log/letsencrypt/letsencrypt.log
    6. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    7. An unexpected error occurred:
    8. The request message was malformed :: Certificate already revoked
    9. Please see the logfiles in /var/log/letsencrypt for more details.
    10. [Wed Dec 28 12:55:30 2016] [debug] Plugin::LetsEncrypt::_removeLineages: Removing any SSL certificate lineage matching the osso.demoweb.it domain name

    As you can see here, we got the error string now. Then, the SSL certificate lineage is removed as expected.
    [hr]
    I've re-enabled SSL for your control panel. All should be ok normally (tested with Google chrome and Firefox). Please don't disable/enable SSL for the control panel too many times because there are rate limits at Let's Encrypt side for new SSL certificate issuance.


    A new version of the LetsEncrypt plugin will be released in few minutes, including the fix that I've added in your server.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @bubaweb


    https://www.ssllabs.com/ssltes….it&hideResults=on&latest seem to be happy now ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support