Lets Encrypt Panel Certificate renew

  • Hi,


    ive got a Problem Renewing the Panel Certificate.


    On every try i got the following Error.

    Code
    1. Couldn't decode DER blob: decode error 02<=>30 4 8 tbsCertificate at /usr/share/perl5/Convert/ASN1/_decode.pm line 113.

    I got no Idea what to do and the Certificate isnt valid anymore, so its an very urgent Problem!



    Thanks for your Help!

  • @schirmuli


    Could you give us access to the server? That is the first time I see such error. I presume that the current SSL certificate is somehow corrupted but I cannot say more without checking the system directly as a perl library is involved here.


    We need also access to the control panel (admin access) of course.


    Also please read Reporting rules - Reminder . Some important information are missing:

    • Distribution, codename?
    • i-MSCP version?
    • LetsEncrypt plugin version?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • @Nuxwin


    Sorry, i can´t grant Access to this Server for security reason, even if you are an Developer of software we use.


    But maybe you took me in the right direction.


    In the past i used manually generated certificates, that stored under /etc/letsencrypt.
    IMSCP uses symlinks in /etc/imscp who points to one file with Cert, Chain and Key in the live subdirectory.


    Maybe this is the reason the Script cannot decode the cert?!


    Can you give me an hint how to install new, from the Plugin generated, Certs?



    Thanks a lot!


    IMSCP is 1.5.1
    Letsencrypt is 3.3.0
    On Ubuntu Trusty

  • IMSCP uses symlinks in /etc/imscp who points to one file with Cert, Chain and Key in the live subdirectory.

    No. the i-MSCP Let's Encrypt plugin do not make use of symlinks pointing to files from the /etc/letsencrypt directory. It generate it own PEM that contain the key, intermediate certificates and the certificate itself.


    Please, check the original SSL certificate at /etc/letsencrypt/live/<panel.hostname.tld>/cert.pem


    Shell-Script
    1. openssl x509 -noout -text -in /etc/letsencrypt/live/<panel.hostname.tld>/cert.pem

    don't forget to replace <panel.hostname.tld> by the subject alternative name of the certificate. (The panel hostname).

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • I Checked the Cert the way you told me, this is the result:

    Quote from Nuxwin

    No. the i-MSCP Let's Encrypt plugin do not make use of symlinks pointing to files from the /etc/letsencrypt directory. It generate it own PEM that contain the key, intermediate certificates and the certificate itself.

    At the initial Setup i used self signed Certificates, those Certs where stored in /etc/imscp.
    Later i use Certs from letsencrypt who fetched manually, and they stored in /etc/letsencrypt/live/dom.tld/..


    To keep it easy ive linked the Certs from /etc/letsencrypt/dom.tld to /etc/imscp.


    After i installed the letsencrypt Plugin i fetched new Certs with the Plugin for testing and it worked very well so i believed its ok.


    Again, thank you very much!!!

  • At the initial Setup i used self signed Certificates, those Certs where stored in /etc/imscp.
    Later i use Certs from letsencrypt who fetched manually, and they stored in /etc/letsencrypt/live/dom.tld/..


    To keep it easy ive linked the Certs from /etc/letsencrypt/dom.tld to /etc/imscp.


    After i installed the letsencrypt Plugin i fetched new Certs with the Plugin for testing and it worked very well so i believed its ok.


    Well, if you start to play in such way, don't ask us for a support <X


    So what now?


    Try to remove the certificate manually (all files/directory related to it under the /etc/letsencrypt directory ), and also the symlink that you have created under the /etc/imscp directory. Once done, retry.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • So.... shame on me!


    Ive deleted the Files in /etc/imscp and /etc/letsencrypt and retried ->SUCCESS


    The only thing i had to do is create emty files in /etc/imscp elsewise the Plugin runs in an error for Backup the old Certs.


    i thougt the error is comming from the mess i made, so i asked in my 3rd Post how to start over.


    Thank you for your patience!!!!

  • One more question,


    how to investigate why the Certs not renewed automatically, i cant find any hint.


    Thanks again!

    The answer is in our forums already ;)


    Please read: Let's encrypt autorenew

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif