@BrandonIFI wrote:
The Let’s Encrypt cert on our site expired over the weekend, and I’m having trouble getting the site back online.
When I tried to enter the container, it prompted I needed to upgrade docker first. I did that, and then rebuilt and was able to get in. I still am unable to get the forum back online.
The logs have a bunch of lines like this:
nginx: [emerg] PEM_read_bio_X509_AUX("/shared/ssl/vexforum.cn.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
Relevant pats at the beginning of the log include:
run-parts: executing /etc/runit/1.d/letsencrypt
[Mon Dec 18 18:27:58 UTC 2017] Registering account
[Mon Dec 18 18:28:01 UTC 2017] Registered
[Mon Dec 18 18:28:01 UTC 2017] ACCOUNT_THUMBPRINT=‘zGKwI265ha0J7vIlTyJx_oXomiRaCF_pKPex4zaWsQc’
[Mon Dec 18 18:28:01 UTC 2017] Creating domain key
[Mon Dec 18 18:28:02 UTC 2017] The domain key is here: /shared/letsencrypt/vexforum.cn/vexforum.cn.key
[Mon Dec 18 18:28:02 UTC 2017] Single domain=‘vexforum.cn’
[Mon Dec 18 18:28:02 UTC 2017] Getting domain auth token for each domain
[Mon Dec 18 18:28:02 UTC 2017] Getting webroot for domain=‘vexforum.cn’
[Mon Dec 18 18:28:02 UTC 2017] Getting new-authz for domain=‘vexforum.cn’
[Mon Dec 18 18:28:06 UTC 2017] The new-authz request is ok.
[Mon Dec 18 18:28:06 UTC 2017] Verifying:vexforum.cn
[Mon Dec 18 18:28:11 UTC 2017] vexforum.cn:Verify error:Invalid response from .well-known/acme-challenge/iCC19XTIly-mShsL9NtjFyTin5AGXZ_BUVdCCE8H
OpA:
[Mon Dec 18 18:28:11 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Error loading file ca.cer
140313005983384:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen(‘ca.cer’,‘r’)
140313005983384:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:178:
140313005983384:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:253:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-no_alt_chains] [-attime timestamp] [-engine e] cert1 cert2 …
recognized usages:
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
timestampsign Time Stamp signing
[Mon Dec 18 18:28:14 UTC 2017] Single domain=‘vexforum.cn’
[Mon Dec 18 18:28:14 UTC 2017] Getting domain auth token for each domain
[Mon Dec 18 18:28:14 UTC 2017] Getting webroot for domain=‘vexforum.cn’
[Mon Dec 18 18:28:14 UTC 2017] Getting new-authz for domain=‘vexforum.cn’
[Mon Dec 18 18:28:17 UTC 2017] The new-authz request is ok.
[Mon Dec 18 18:28:17 UTC 2017] Verifying:vexforum.cn
[Mon Dec 18 18:28:24 UTC 2017] vexforum.cn:Verify error:Invalid response from vexforum.cn/.well-known/acme-challenge/PUsMqe1mjPwhnyGnNALAh4R-Wsx83Rz8F_1MLqgI
_jU:
[Mon Dec 18 18:28:24 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Mon Dec 18 18:28:27 UTC 2017] Installing key to:/shared/ssl/vexforum.cn.key
[Mon Dec 18 18:28:27 UTC 2017] Installing full chain to:/shared/ssl/vexforum.cn.cer
cat: /shared/letsencrypt/vexforum.cn/fullchain.cer: No such file or directory
[Mon Dec 18 18:28:27 UTC 2017] Run reload cmd: sv reload nginxI saw other discussions about ipv6 causing trouble, but I’ve got no AAAA records on vexforum.cn
Am I missing something? Other things to try?
Posts: 4
Participants: 2