• General

  • How to fix issue with Let's Encrypt certificates

I know I'm not very active here in the community but I did a little step by step that should help especially those who use DNS CloudFlare.

Edit the LetsEncrypt configuration file:
nano /etc/letsencrypt/config/account.conf

Insert the line:
DEFAULT_CA=https://acme-v02.api.letsencrypt.org/directory

Enter your cloudFlare token and email with the parameters below:
SAVED_CF_Key='token'
SAVED_CF_Email='cloudflare-email'

Then save the file and restart the services with:
wo stack restart

Now you should be able to issue SSL with:
wo site update dominio.com --le --dns=dns_cf

I also made a short step-by-step video.

Hope Google Translate translated well.

nice i will try this if i have a problem on ssl

2 months later

Hello VirtuBox,

There is an error: acme.sh: command not found

root@1U2G:~# acme.sh --set-default-ca  --server  letsencrypt
acme.sh: command not found

Details as below:

root@1U2G:~# source /etc/bash_completion.d/wo_auto.rc
root@1U2G:~# wo stack install --all
WP-CLI is already installed
Start : wo-kernel [OK]
Adding repository for MySQL, please wait...
Adding repository for NGINX, please wait...
Adding repository for PHP, please wait...
Adding repository for Redis, please wait...
Updating apt-cache              [OK]
Installing APT packages         [OK]
Applying Nginx configuration templates
Testing Nginx configuration     [OK]
Restarting Nginx                [OK]
Testing Nginx configuration     [OK]
Restarting Nginx                [OK]
Configuring php7.3-fpm
Restarting php7.3-fpm           [OK]
Configuring php7.4-fpm
Restarting php7.4-fpm           [OK]
Tuning MySQL configuration      [OK]
Restarting mysql                [OK]
Restarting proftpd              [OK]
Reloading proftpd               [OK]
Configuring Sendmail            [OK]
Tuning Redis configuration      [OK]
Restarting redis-server         [OK]
Downloading PHPMyAdmin           [Done]
Downloading phpRedisAdmin        [Done]
Downloading Composer             [Done]
Downloading Adminer              [Done]
Downloading Adminer theme        [Done]
Downloading MySQLTuner           [Done]
Downloading Netdata              [Done]
Downloading WordOps Dashboard    [Done]
Downloading eXtplorer            [Done]
Downloading cheat.sh             [Done]
Downloading bash_completion      [Done]
Downloading clean.php            [Done]
Downloading opcache.php          [Done]
Downloading Opgui                [Done]
Downloading OCP.php              [Done]
Downloading Webgrind             [Done]
Downloading pt-query-advisor     [Done]
Downloading Anemometer           [Done]
Installing composer             [OK]
Installing Netdata              [OK]
Restarting netdata              [OK]
Configuring packages            [OK]
HTTP Auth User Name: WordOps
HTTP Auth Password : 3y3Jc9o3yyVqjB0IzFo1ujDh5
WordOps backend is available on https://168.63.255.129:22222 or https://1U2G:22222
Successfully installed packages
root@1U2G:~# acme.sh --set-default-ca  --server  letsencrypt
acme.sh: command not found
root@1U2G:~#

Does that mean I need install acme.sh please? if yes, what is command line please?

Thanks

    Here is all right way:

    1# run command line:

    Nano /etc/letsencrypt/config/account.conf

    2# add the following line:

    DEFAULT_CA=https://acme-v02.api.letsencrypt.org/directory

    3# Save & close.

    4# After "Save & Close" of Nano editor, you have to exit the terminal and reopen a new terminal, and run the command line:

    acme.sh --set-default-ca --server letsencrypt

    It will show as below:

    Fri Aug 27 04:01:52 UTC 2021] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

    5# and now you should able to create site as usual like this way:

    export DO_API_KEY="6255df99cbcaasd0606s52694cfdddddc225f8b87a286e5dfec8e7fa367e07866dgd4c7g91212"
sudo -E wo site create mysite.com --wpsubdomain --wpredis --php74 --letsencrypt=wildcard --dns=dns_dgon

      alexlii1971 Please stop bumping up the old threads with the method that isn't safe. As suggested earlier, setting the default Certificate Authority with the following command can easily fix this issue. Editing the configuration isn't recommended at all.

      acme.sh --set-default-ca --server letsencrypt

          3 months later

          nsgoyat You comment on every thread that this solution works and to stop making other suggestions. But this doesn't work for me on a fresh install. Also you need to mention that you have to restart the commandline before that will work. I get the same error after running that command, it doesn't fix the issue.

              rsmith4321 Unless you share the logs I won't believe that this solution doesn't work on the fresh install. This resolution is officially suggested by Acme.sh team and WordOps developer Virtubox.

              Also, I am not against other solutions but it's just not the right approach to directly edit a configuration file that might be overwritten on a WordOps or Acme.sh update and your SSL certificates may not renew properly.

                7 days later

                Is there anyone succeed to install using --le option? I try most of commented ways, but I couldn't succeed. Thanks.

                  Yes.
                  .
                  .
                  .
                  But if you're asking for help then you need to at least say specifically what you've tried, what happens, what errors you get etc or how can anyone help. :-)

                    marty Would you help how to solve this issues? All configuration is using root.

                    Ubuntu 20.04 LTS fresh install
                    WordOps and stack fresh install
                    /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --set-default-ca --server letsencrypt
                    [Tue 07 Dec 2021 09:16:38 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

                    wo site create xxx.com --wpredis --user=admin --pass='XXXX' --email=admin@xxx.com -le --php74

                    RESULT

                    Certificate type : domain
                    Validation mode : Webroot challenge
                    Issuing SSL cert with acme.sh [KO]
                    Your domain is properly configured but acme.sh was unable to issue certificate.
                    You can find more informations in /var/log/wo/wordops.log

                        nsgoyat

                        I am using Vultr, so there is no firewall from fresh install.

                        [Tue 07 Dec 2021 09:26:46 AM UTC] Verifying: xxx.com
                        [Tue 07 Dec 2021 09:26:46 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
                        [Tue 07 Dec 2021 09:26:49 AM UTC] Pending, The CA is processing your order, please just wait. (2/30)
                        [Tue 07 Dec 2021 09:26:52 AM UTC] Pending, The CA is processing your order, please just wait. (3/30)
                        [Tue 07 Dec 2021 09:26:54 AM UTC] Pending, The CA is processing your order, please just wait. (4/30)
                        [Tue 07 Dec 2021 09:26:57 AM UTC] Pending, The CA is processing your order, please just wait. (5/30)
                        ,
                        Command Error: [Tue 07 Dec 2021 09:27:00 AM UTC] xxx.com:Verify error:Fetching http://xxx.com/.well-known/acme-challenge/vr6DC9_uj6B3c6Qqn-YOuanuBkaENFg_X5LaYySvbPk: Timeout during connect (likely firewall problem)
                        [Tue 07 Dec 2021 09:27:00 AM UTC] Please add '--debug' or '--log' to check more details.
                        [Tue 07 Dec 2021 09:27:00 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
                        ^[[0m
                        ^[[32m2021-12-07 09:27:01,330 (INFO) wo : ^[[91mIssuing SSL cert with acme.sh^[[0m
                        ^[[31m2021-12-07 09:27:01,331 (ERROR) wo : ^[[91mYour domain is properly configured but acme.sh was unable to issue certificate.
                        You can find more informations in /var/log/wo/wordops.log^[[0m

                            honggian What's your server provider? Maybe you have a firewall configured at the service provider level which might be blocking the important ports?

                                nsgoyat
                                Thank you very much for your interests. I said I am using Vultr.com's VPS.

                                Vultr block several ports from https://www.vultr.com/docs/what-ports-are-blocked. However when i install WordOps last time(around 6 months ago), I succeed all the time. Blocked ports are not main port.
                                25, 137, 138, 139, 445, 1688, 17, 19, 1900, 53413, 11211

                                When I install my own ESXi server, It works. I don't know why I couldn't succeed in using Vultr.
                                Digital Ocean has no problem for WordOps.

                                  2 months later

                                  @VirtuBox
                                  Problems again with SSL via Cloudflare

                                  There are prIssuing SSL cert with acme.sh [KO]
                                  Please make sure your properly set your DNS API credentials for acme.sh
                                  If you are using sudo, use "sudo -E wo"

                                  i have a correct /etc/letsencrypt/config/account.conf
                                  #LOG_FILE="/etc/letsencrypt/config/acme.sh.log"
                                  #LOG_LEVEL=1

                                  AUTO_UPGRADE='1'

                                  #NO_TIMESTAMP=1

                                  CERT_HOME='/etc/letsencrypt/renewal'
                                  UPGRADE_HASH='hashkey'
                                  DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'
                                  SAVED_CF_Key='key'
                                  SAVED_CF_Email='mail'
                                  USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin'

                                  I was able to issue certificates with the same server days ago

                                  8 months later
                                  VirtuBox unstickied the discussion .

                                  Hosted by VirtuBox