• General

  • How to fix issue with Let's Encrypt certificates

alexlii1971 Please stop bumping up the old threads with the method that isn't safe. As suggested earlier, setting the default Certificate Authority with the following command can easily fix this issue. Editing the configuration isn't recommended at all.

acme.sh --set-default-ca --server letsencrypt

      3 months later

      nsgoyat You comment on every thread that this solution works and to stop making other suggestions. But this doesn't work for me on a fresh install. Also you need to mention that you have to restart the commandline before that will work. I get the same error after running that command, it doesn't fix the issue.

          rsmith4321 Unless you share the logs I won't believe that this solution doesn't work on the fresh install. This resolution is officially suggested by Acme.sh team and WordOps developer Virtubox.

          Also, I am not against other solutions but it's just not the right approach to directly edit a configuration file that might be overwritten on a WordOps or Acme.sh update and your SSL certificates may not renew properly.

            7 days later

            Is there anyone succeed to install using --le option? I try most of commented ways, but I couldn't succeed. Thanks.

              Yes.
              .
              .
              .
              But if you're asking for help then you need to at least say specifically what you've tried, what happens, what errors you get etc or how can anyone help. :-)

                marty Would you help how to solve this issues? All configuration is using root.

                Ubuntu 20.04 LTS fresh install
                WordOps and stack fresh install
                /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --set-default-ca --server letsencrypt
                [Tue 07 Dec 2021 09:16:38 AM UTC] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

                wo site create xxx.com --wpredis --user=admin --pass='XXXX' --email=admin@xxx.com -le --php74

                RESULT

                Certificate type : domain
                Validation mode : Webroot challenge
                Issuing SSL cert with acme.sh [KO]
                Your domain is properly configured but acme.sh was unable to issue certificate.
                You can find more informations in /var/log/wo/wordops.log

                    nsgoyat

                    I am using Vultr, so there is no firewall from fresh install.

                    [Tue 07 Dec 2021 09:26:46 AM UTC] Verifying: xxx.com
                    [Tue 07 Dec 2021 09:26:46 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
                    [Tue 07 Dec 2021 09:26:49 AM UTC] Pending, The CA is processing your order, please just wait. (2/30)
                    [Tue 07 Dec 2021 09:26:52 AM UTC] Pending, The CA is processing your order, please just wait. (3/30)
                    [Tue 07 Dec 2021 09:26:54 AM UTC] Pending, The CA is processing your order, please just wait. (4/30)
                    [Tue 07 Dec 2021 09:26:57 AM UTC] Pending, The CA is processing your order, please just wait. (5/30)
                    ,
                    Command Error: [Tue 07 Dec 2021 09:27:00 AM UTC] xxx.com:Verify error:Fetching http://xxx.com/.well-known/acme-challenge/vr6DC9_uj6B3c6Qqn-YOuanuBkaENFg_X5LaYySvbPk: Timeout during connect (likely firewall problem)
                    [Tue 07 Dec 2021 09:27:00 AM UTC] Please add '--debug' or '--log' to check more details.
                    [Tue 07 Dec 2021 09:27:00 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
                    ^[[0m
                    ^[[32m2021-12-07 09:27:01,330 (INFO) wo : ^[[91mIssuing SSL cert with acme.sh^[[0m
                    ^[[31m2021-12-07 09:27:01,331 (ERROR) wo : ^[[91mYour domain is properly configured but acme.sh was unable to issue certificate.
                    You can find more informations in /var/log/wo/wordops.log^[[0m

                        honggian What's your server provider? Maybe you have a firewall configured at the service provider level which might be blocking the important ports?

                            nsgoyat
                            Thank you very much for your interests. I said I am using Vultr.com's VPS.

                            Vultr block several ports from https://www.vultr.com/docs/what-ports-are-blocked. However when i install WordOps last time(around 6 months ago), I succeed all the time. Blocked ports are not main port.
                            25, 137, 138, 139, 445, 1688, 17, 19, 1900, 53413, 11211

                            When I install my own ESXi server, It works. I don't know why I couldn't succeed in using Vultr.
                            Digital Ocean has no problem for WordOps.

                              2 months later

                              @VirtuBox
                              Problems again with SSL via Cloudflare

                              There are prIssuing SSL cert with acme.sh [KO]
                              Please make sure your properly set your DNS API credentials for acme.sh
                              If you are using sudo, use "sudo -E wo"

                              i have a correct /etc/letsencrypt/config/account.conf
                              #LOG_FILE="/etc/letsencrypt/config/acme.sh.log"
                              #LOG_LEVEL=1

                              AUTO_UPGRADE='1'

                              #NO_TIMESTAMP=1

                              CERT_HOME='/etc/letsencrypt/renewal'
                              UPGRADE_HASH='hashkey'
                              DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'
                              SAVED_CF_Key='key'
                              SAVED_CF_Email='mail'
                              USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin'

                              I was able to issue certificates with the same server days ago

                              8 months later
                              VirtuBox unstickied the discussion .

                              Hosted by VirtuBox