LetsEncrypt - SSL certificate is not valid

  • I tested the procedure on more boxes and it works for certificates creation and for certificates revocations. I don't know if it works for renewals. Please test it and kindly report back.

    Hope it helps,

    bye Kess.

    kess Thank you for your work!

    The certificates are created correctly, but the apache vhost ssl.conf files are no longer created automatically ...

  • In case where the i-mscp installer is used for re-generation tasks, problems could also arise here:

    Code
    1. #( ( $self->{'ca_bundle_container_path'} ne '' ) ? ( '-CAfile', $self->{'ca_bundle_container_path'} ) : () ),


    If that part remains deactivated, all Letsencrypt certificates will be restored but the certificates you have bought will probably be deleted or marked as invalid.


    So we still need a working solution or an update for the Letsencrypt plugin!

  • I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.

    Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all :D )

  • I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.

    Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all :D )

    I will try again, maybe a lock file from a previous test was in place ...

  • I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.

    Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all :D )


    the cert is created but the plugin removed the vhost-ssl.conf afterwards due to

    Code
    1. validateCertificate: error
    Code
    1. [Thu Oct 14 12:40:16 2021] [debug] Plugin::LetsEncrypt::_issueCertificate: Required action: issue
    2. [Thu Oct 14 12:40:16 2021] [debug] Plugin::LetsEncrypt::_deleteLineages: Deleting any SSL certificate lineage matching the mydomain.tld
    3. [Thu Oct 14 12:40:21 2021] [debug] iMSCP::Execute::execute: openssl pkey -in /tmp/rTVuzEeqte -noout
    4. [Thu Oct 14 12:40:21 2021] [debug] iMSCP::Execute::execute: openssl verify -CAfile /tmp/6ZHXxTYDem -purpose sslserver /tmp/byBK2q_un6
    5. [Thu Oct 14 12:40:21 2021] [debug] iMSCP::OpenSSL::validateCertificate: error /tmp/byBK2q_un6: verification failed
  • Funny, didn't get any validation error (else the panel wouldn't enable the SSL for the specified domain).


    Don't know what's wrong on your server, but something might be missing as it can't verify the certificate.

    I guess the chain of certbot-auto inside the LE plugin is still in use or re-activated after re-run update plugins:

    Code
    1. 4. edit the file & update the section as follows:
    2. nano /var/www/imscp/gui/plugins/LetsEncrypt/config.php
    3. 'certbot_create_options' => [
    4. '--preferred-chain ISRG Root X1'
    5. ],
    6. ...
    7. 6. HIT THE "UPDATE PLUGINS" BUTTON