Let's Encrypt issue after upgrade to 2.4.0-5

VitalPBX Community Support General Discussion Let's Encrypt issue after upgrade to 2.4.0-5

  • Post
    • February 19, 2020 at 3:23 pm
    TheG-Man
    Participant

    Hello,

    Let’s Encrypt cert stopped renewing after I upgraded to 2.4.0-5.

    When I click update on certificate, I get the attached error.

    I tried disabling firewall and it didn’t seem to correct the issue.

    Thanks!

    -G.

    0
Viewing 15 replies - 1 through 15 (of 28 total)
1 2
  • Replies
    • February 19, 2020 at 5:55 pm
    mo10
    Moderator
    none
    Up
    -1
    Down

    Just tried it here. Same problem.

    0
    • February 19, 2020 at 6:02 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    -1
    Down

    I think this is something related to let’s encrypt server, due, in this version of VitalPBX, nothing has changed on Let’s encrypt library.

    0
    • February 19, 2020 at 6:04 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    -1
    Down

    Try the following, enable the access of your PBX through HTTP (Port 80), then, delete the let’s encrypt certificate, and create it again. 

    0
    • February 19, 2020 at 6:34 pm
    TheG-Man
    Participant
    Up
    -1
    Down

    @ing-joserivera26

    Recreating certificate from scratch worked.

     

    0
    • February 19, 2020 at 6:40 pm
    mo10
    Moderator
    none
    Up
    -1
    Down

    Would auto renewal usually work on time? A few days before expire?

    Thanks

    0
    • February 19, 2020 at 6:44 pm
    TheG-Man
    Participant
    Up
    -1
    Down

    @mo10

    Yes, and if it can’t renew Let’s encrypt will send you email saying that your cert will expire in x days.

     

    0
    • February 19, 2020 at 7:22 pm
    mo10
    Moderator
    none
    Up
    -1
    Down
    Posted by: @ing-joserivera26

    Try the following, enable the access of your PBX through HTTP (Port 80), then, delete the let’s encrypt certificate, and create it again. 

    Did not work for me:
    valid until 1970-01-01

    0
    • February 19, 2020 at 7:44 pm
    TheG-Man
    Participant
    Up
    -1
    Down

    @mo10

    Are you sure you are not blocking it with firewall?

    Try running

    systemctl stop firewalld

    from console and try adding cert again.

     

    0
    • February 19, 2020 at 9:41 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    -1
    Down
    Posted by: @mo10
    Posted by: @ing-joserivera26

    Try the following, enable the access of your PBX through HTTP (Port 80), then, delete the let’s encrypt certificate, and create it again. 

    Did not work for me:
    valid until 1970-01-01

    Did you get some error on the web UI when trying to regenerate the certificate?

    0
    • February 19, 2020 at 9:49 pm
    mo10
    Moderator
    none
    Up
    -1
    Down

    @ing-joserivera26

    Nope, no error.

     

    0
    • February 19, 2020 at 9:58 pm
    Jose Miguel Rivera
    Keymaster
    NI
    Up
    -1
    Down

    Try executing this script on the Linux console

    /usr/share/ombutel/scripts/lets_encrypt

    Let me know if you get some output.

    Make sure you have enabled the access to your PBX trough the port 80

    0
    • February 19, 2020 at 10:04 pm
    mo10
    Moderator
    none
    Up
    0
    Down

    @ing-joserivera26

    Nothing happens.

    [root@vitalpbx ~]# /usr/share/ombutel/scripts/lets_encrypt
    [root@vitalpbx ~]# /usr/share/ombutel/scripts/lets_encrypt
    [root@vitalpbx ~]# /usr/share/ombutel/scripts/lets_encrypt

    Before deleting the Cert this showed up:

    [root@vitalpbx ~]# /usr/share/ombutel/scripts/lets_encrypt
    CertCron: Invalid response
    header: HTTP/1.1 404 Not Found
    Server: nginx
    Date: Wed, 19 Feb 2020 22:00:41 GMT
    Content-Type: application/problem+json
    Content-Length: 111
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"


    body: {
    "type": "urn:ietf:params:acme:error:malformed",
    "detail": "No order for ID 1807638746",
    "status": 404

     

    0
    • February 19, 2020 at 10:38 pm
    mo10
    Moderator
    none
    Up
    0
    Down
    Posted by: @theg-man

    @mo10

    Are you sure you are not blocking it with firewall?

    Try running

    systemctl stop firewalld

    from console and try adding cert again.

     

    Wow, this helped. Thanks. How is that possible?!

    Maybe because of Geo-Firewall?

    0
    • February 20, 2020 at 1:19 pm
    TheG-Man
    Participant
    Up
    0
    Down

    @mo10

    It could be. Can’t tell. Had a similar issue where I couldn’t update because of firewall and @giovanni-v suggested disabling firewall in console.

     

    0
    • February 20, 2020 at 1:21 pm
    mo10
    Moderator
    none
    Up
    0
    Down
    Posted by: @mo10
    Posted by: @theg-man

    @mo10

    Are you sure you are not blocking it with firewall?

    Try running

    systemctl stop firewalld

    from console and try adding cert again.

     

    Wow, this helped. Thanks. How is that possible?!

    Maybe because of Geo-Firewall?

    @ing-joserivera26

    Please Check! Thank you.

     

    0
Viewing 15 replies - 1 through 15 (of 28 total)
1 2

Tagged: 

  • You must be logged in to reply to this topic.