Thanks so much for clarifying this. Worked perfectly.
Indeed, many thanks !!! Great work, thanks to all of you !
LetsEncrypt - SSL certificate is not valid
- fulltilt
- Thread is marked as Resolved.
-
-
I tested the procedure on more boxes and it works for certificates creation and for certificates revocations. I don't know if it works for renewals. Please test it and kindly report back.
Hope it helps,
bye Kess.
kess Thank you for your work!
The certificates are created correctly, but the apache vhost ssl.conf files are no longer created automatically ...
-
-
Display Morewe had the same problems, here is a hot fix which worked for us:
Display MoreCode- cd /usr/share/ca-certificates/mozilla/
- wget https://letsencrypt.org/certs/lets-encrypt-r3.pem
- mv lets-encrypt-r3.pem lets-encrypt-r3.crt
- dpkg-reconfigure ca-certificates # -->> add new letsencrypt Cert
- vi /var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm +134 #comment out line 134
- my $cmd = [
- 'openssl', 'verify',
- # ( ( $self->{'ca_bundle_container_path'} ne '' ) ? ( '-CAfile', $self->{'ca_bundle_container_path'} ) : () ),
- '-purpose', 'sslserver', $self->{'certificate_container_path'}
- ];
what it does:
- adding new letsencrypt CA cert to /etc/ssl/certs
- removing "-CAfile fullchain1.pem" from openssl command (its not necessary anymore because openssl knows it now)
Regards, Joern
ps: Debian 9 / i-MSCP 1.5.3 Build: 2018120800
Build: 2018120800
In case where the i-mscp installer is used for re-generation tasks, problems could also arise here:
If that part remains deactivated, all Letsencrypt certificates will be restored but the certificates you have bought will probably be deleted or marked as invalid.
So we still need a working solution or an update for the Letsencrypt plugin!
-
For me, the solution provided by Kess remain the best at the moment ==> LetsEncrypt - SSL certificate is not valid
-
-
For me, the solution provided by Kess remain the best at the moment ==> LetsEncrypt - SSL certificate is not valid
yes, certificates are created correctly, but my apache vhost ssl.conf files are no longer created automatically when request a new cert
-
I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.
Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all
) -
-
I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.
Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all
)I will try again, maybe a lock file from a previous test was in place ...
-
I did remove a few certs during my tests, so I did create some fresh new certs for those, no issues.
Same for a domain which never get enrolled with LE, it worked (SSL is working for this site, so the VHost is created, else would not work at all
)the cert is created but the plugin removed the vhost-ssl.conf afterwards due to
Code- [Thu Oct 14 12:40:16 2021] [debug] Plugin::LetsEncrypt::_issueCertificate: Required action: issue
- [Thu Oct 14 12:40:16 2021] [debug] Plugin::LetsEncrypt::_deleteLineages: Deleting any SSL certificate lineage matching the mydomain.tld
- [Thu Oct 14 12:40:21 2021] [debug] iMSCP::Execute::execute: openssl pkey -in /tmp/rTVuzEeqte -noout
- [Thu Oct 14 12:40:21 2021] [debug] iMSCP::Execute::execute: openssl verify -CAfile /tmp/6ZHXxTYDem -purpose sslserver /tmp/byBK2q_un6
- [Thu Oct 14 12:40:21 2021] [debug] iMSCP::OpenSSL::validateCertificate: error /tmp/byBK2q_un6: verification failed
-
-
Funny, didn't get any validation error (else the panel wouldn't enable the SSL for the specified domain).
Don't know what's wrong on your server, but something might be missing as it can't verify the certificate.
-
Funny, didn't get any validation error (else the panel wouldn't enable the SSL for the specified domain).
Don't know what's wrong on your server, but something might be missing as it can't verify the certificate.
I guess the chain of certbot-auto inside the LE plugin is still in use or re-activated after re-run update plugins:
-