[Eisfair] Probleme mit certs_dehydrated nach update auf 1.1.11
Stefan H.
stefan-in-news at web.de
Do Apr 24 12:01:16 CEST 2025
Hallo,
ich habe eine Problem nach dem Update, denn ich kann kein neues
Zertifikat erhalten.
/etc/config.d/certs_dehydrated
START_DEHYDRATED='yes'
DEHYDRATED_CA='letsencrypt'
DEHYDRATED_EMAIL='postmaster at fam-heidrich.net'
DEHYDRATED_PRIVATE_KEY_RENEW='yes'
DEHYDRATED_PRIVATE_KEY_FILE=''
DEHYDRATED_PRIVATE_KEY_ALGO='rsa'
DEHYDRATED_ACCEPT_AGREEMENT='I ACCEPT THE AGREEMENT'
DEHYDRATED_DOMAIN_N='1'
DEHYDRATED_DOMAIN_1_ACTIVE='yes'
DEHYDRATED_DOMAIN_1_NAME='www.fam-heidrich.net'
DEHYDRATED_DOMAIN_1_USAGE='apache2:mail'
DEHYDRATED_HOOK_CHAIN='yes'
DEHYDRATED_HOOK_CMD_N='8'
DEHYDRATED_HOOK_CMD_1_ACTIVE='yes'
DEHYDRATED_HOOK_CMD_1_TYPE='startup_hook'
DEHYDRATED_HOOK_CMD_1_EXEC='/usr/sbin/service'
DEHYDRATED_HOOK_CMD_1_OPTIONS='stop apache2'
DEHYDRATED_HOOK_CMD_2_ACTIVE="no"
DEHYDRATED_HOOK_CMD_2_TYPE='startup_hook'
DEHYDRATED_HOOK_CMD_2_EXEC='/etc/init.d/certs_dehydrated'
DEHYDRATED_HOOK_CMD_2_OPTIONS='--quiet --start-alpn-server'
DEHYDRATED_HOOK_CMD_3_ACTIVE='yes'
DEHYDRATED_HOOK_CMD_3_TYPE='deploy_cert'
DEHYDRATED_HOOK_CMD_3_EXEC='/var/install/config.d/certs_dehydrated.sh'
DEHYDRATED_HOOK_CMD_3_OPTIONS='--create-eisfair-cert'
DEHYDRATED_HOOK_CMD_4_ACTIVE='yes'
DEHYDRATED_HOOK_CMD_4_TYPE='deploy_cert'
DEHYDRATED_HOOK_CMD_4_EXEC='/var/install/config.d/certs_dehydrated.sh'
DEHYDRATED_HOOK_CMD_4_OPTIONS='--cleanup-certs'
DEHYDRATED_HOOK_CMD_5_ACTIVE='yes'
DEHYDRATED_HOOK_CMD_5_TYPE='invalid_challenge'
DEHYDRATED_HOOK_CMD_5_EXEC='/var/install/config.d/certs_dehydrated.sh'
DEHYDRATED_HOOK_CMD_5_OPTIONS='--send-challenge-warning'
DEHYDRATED_HOOK_CMD_6_ACTIVE="no"
DEHYDRATED_HOOK_CMD_6_TYPE='exit_hook'
DEHYDRATED_HOOK_CMD_6_EXEC='/etc/init.d/certs_dehydrated'
DEHYDRATED_HOOK_CMD_6_OPTIONS='--quiet --stop-alpn-server'
DEHYDRATED_HOOK_CMD_7_ACTIVE='no'
DEHYDRATED_HOOK_CMD_7_TYPE='exit_hook'
DEHYDRATED_HOOK_CMD_7_EXEC='/var/install/config.d/certs_dehydrated.sh'
DEHYDRATED_HOOK_CMD_7_OPTIONS='--restart-eisfair-services-on-request'
DEHYDRATED_HOOK_CMD_8_ACTIVE='yes'
DEHYDRATED_HOOK_CMD_8_TYPE='exit_hook'
DEHYDRATED_HOOK_CMD_8_EXEC='/usr/sbin/service'
DEHYDRATED_HOOK_CMD_8_OPTIONS='start apache2'
DEHYDRATED_CHECK_ON_START='no'
DEHYDRATED_CHECK_CRON='yes'
DEHYDRATED_CHECK_CRON_SCHEDULE='13 0 * * 0'
DEHYDRATED_LOG_COUNT='12'
DEHYDRATED_LOG_INTERVAL='monthly'
Activate configuration now (y/n) [yes]?
version (eisfair-64): v1.1.11
creating domains.txt file ...
creating well-known configuration ...
creating index.html file ...
creating certs_dehydrated configuration ...
creating files/links required by eisfair ...
+ domain 'www.fam-heidrich.net':
- link '/usr/local/ssl/csr/www.fam-heidrich.net.csr' created/updated.
- link '/usr/local/ssl/private/www.fam-heidrich.net.key' created/updated.
- link '/usr/local/ssl/newcerts/www.fam-heidrich.net.crt'
created/updated.
- file '/usr/local/ssl/newcerts/www.fam-heidrich.net.dh' exists.
- file '/usr/local/ssl/certs/www.fam-heidrich.net.pem' created.
updating hashes '/usr/local/ssl/certs' ...
checking alpn server hook state ...
checking package usage definition ...
checking symbolic links to certificate ...
+ domain 'www.fam-heidrich.net':
- link 'apache.pem' ok.
- link 'exim.pem' ok.
- link 'imapd.pem' ok.
- link 'ipop3d.pem' ok.
looking for dead symbolic link to certificate files ...
adding cronjob ...
creating logrotate configuration ...
Creating Apache2 configuration ...
activating modules...
done activating modules
phpSysInfo: Write domain 'www.fam-heidrich.net/phpsysinfo' config ... [
OK ]
* Restarting Disk Cache Cleaning Daemon for Apache HTTP Server ...
[ OK ]
* Stopping The Apache HTTP Server ...
[ OK ]
* Starting The Apache HTTP Server ...
[ OK ]
requesting/updating certificate(s) ...
# INFO: Using main config file /etc/dehydrated/config
-> Executing hook script 'startup_hook' ...
* Stopping The Apache HTTP Server ...
=> OK
Processing www.fam-heidrich.net
+ Checking domain name(s) of existing cert... changed!
+ Domain name(s) are not matching!
+ Names in old certificate: autoconfig.fam-heidrich.net
autodiscover.fam-heidrich.net fam-heidrich.net www.fam-heidrich.net
+ Configured names: www.fam-heidrich.net
+ Forcing renew.
+ Checking expire date of existing cert...
+ Valid till Apr 11 22:14:53 2025 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for www.fam-heidrich.net
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for www.fam-heidrich.net authorization...
-> Executing hook script 'invalid_challenge' ...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]
"http-01"
["url"]
"https://acme-v02.api.letsencrypt.org/acme/chall/85823451/510377560267/XxTNcQ"
["status"] "invalid"
["validated"] "2025-04-24T09:37:19Z"
["error","type"] "urn:ietf:params:acme:error:connection"
["error","detail"] "93.210.91.188: Fetching
http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8:
Connection refused"
["error","status"] 400
["error"]
{"type":"urn:ietf:params:acme:error:connection","detail":"93.210.91.188:
Fetching
http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8:
Connection refused","status":400}
["token"] "Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8"
["validationRecord",0,"url"]
"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8"
["validationRecord",0,"hostname"] "www.fam-heidrich.net"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "93.210.91.188"
["validationRecord",0,"addressesResolved",1]
"2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"
["validationRecord",0,"addressesResolved"]
["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"]
["validationRecord",0,"addressUsed"]
"2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"
["validationRecord",0]
{"url":"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8","hostname":"www.fam-heidrich.net","port":"80","addressesResolved":["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"],"addressUsed":"2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"}
["validationRecord",1,"url"]
"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8"
["validationRecord",1,"hostname"] "www.fam-heidrich.net"
["validationRecord",1,"port"] "80"
["validationRecord",1,"addressesResolved",0] "93.210.91.188"
["validationRecord",1,"addressesResolved",1]
"2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"
["validationRecord",1,"addressesResolved"]
["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"]
["validationRecord",1,"addressUsed"] "93.210.91.188"
["validationRecord",1]
{"url":"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8","hostname":"www.fam-heidrich.net","port":"80","addressesResolved":["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"],"addressUsed":"93.210.91.188"}
["validationRecord"]
[{"url":"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8","hostname":"www.fam-heidrich.net","port":"80","addressesResolved":["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"],"addressUsed":"2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"},{"url":"http://www.fam-heidrich.net/.well-known/acme-challenge/Du8NuPLyYrZ-U2QuZIrOe81Govp8wo3rQ6wWhQy3MZ8","hostname":"www.fam-heidrich.net","port":"80","addressesResolved":["93.210.91.188","2003:d9:afff:4f6f:3ea6:2fff:fe6b:80c6"],"addressUsed":"93.210.91.188"}])
-> Executing hook script 'exit_hook' ...
* Starting The Apache HTTP Server ...
=> OK
finished.
* Stopping certs_dehydrated.service ...
[ OK ]
Press ENTER to continue
ls -la /var/www/htdocs/
[...]
drwxrwxrwx 3 wwwrun nogroup 4096 24. Apr 10:40 .well-known
lrwxrwxrwx 1 wwwrun root 18 11. Mai 2020 certs -> /var/certs/ssl/web
drwxrwxrwx 2 wwwrun nogroup 4096 24. Apr 11:37 certs_dehydrated
www # ls -la /var/www/htdocs/.well-known/
insgesamt 12
drwxrwxrwx 3 wwwrun nogroup 4096 24. Apr 10:40 .
drwxr-xr-x 12 wwwrun nogroup 4096 24. Apr 11:15 ..
drwxrwxrwx 2 wwwrun nogroup 4096 24. Apr 10:40 acme-challenge
www # ls -la /var/www/htdocs/.well-known/acme-challenge/
insgesamt 8
drwxrwxrwx 2 wwwrun nogroup 4096 24. Apr 10:40 .
drwxrwxrwx 3 wwwrun nogroup 4096 24. Apr 10:40 ..
Hat jemand eine Idee was zu tun ist / was ich falsch mache?
Viele Grüße
Stefan
Mehr Informationen über die Mailingliste Eisfair