LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page trying to generate https cert for misskey using acme.sh cant find folders to generate
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-12-2022, 01:56 PM   #1
hacknorris
LQ Newbie
 
Registered: Nov 2022
Distribution: slackware 15
Posts: 8

Rep: Reputation: 0
Angry trying to generate https cert for misskey using acme.sh cant find folders to generate

so yes, i use engine x and my OS is slackware 15 (might be useful so you will know i dont like to install anything there)

running commands :

Code:
acme.sh --issue --nginx -d hacknorris.darksysadmin.com
(fails with :

Code:
[Sat Nov 12 20:27:56 CET 2022] nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
[Sat Nov 12 20:27:56 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Nov 12 20:27:56 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
)

and

Code:
acme.sh --install-cert -d hacknorris.darksysadmin.com \
--key-file       /etc/letsencrypt/live/hacknorris.darksysadmin.com/privkey.pem  \
--fullchain-file /etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem \
--reloadcmd     "service nginx force-reload"
(fails with :

Code:
[Sat Nov 12 20:38:46 CET 2022] Installing key to: /keys/hacknorris.darksysadmin.com/privkey.pem
touch: cannot touch '/keys/hacknorris.darksysadmin.com/privkey.pem': No such file or directory
)

and

Code:
acme.sh --issue -d $DOMAIN_NAME -d *.$DOMAIN_NAME  --dns dns_cf -k ec-384
ends with
Code:
[Sat Nov 12 23:02:24 CET 2022] Can not find dns api hook for: dns_cf
[Sat Nov 12 23:02:24 CET 2022] You need to add the txt record manually.
[Sat Nov 12 23:02:24 CET 2022] Add the following TXT record:
[Sat Nov 12 23:02:24 CET 2022] Domain: '_acme-challenge.hacknorris.darksysadmin.com'
[Sat Nov 12 23:02:24 CET 2022] TXT value: 'NSi86xTuzs4QEG7mA0zeOq-q5oTSelQLHf07zQ-1GWo'
[Sat Nov 12 23:02:24 CET 2022] Please be aware that you prepend _acme-challenge. before your domain
[Sat Nov 12 23:02:24 CET 2022] so the resulting subdomain will be: _acme-challenge.hacknorris.darksysadmin.com
[Sat Nov 12 23:02:24 CET 2022] Can not find dns api hook for: dns_cf
[Sat Nov 12 23:02:24 CET 2022] You need to add the txt record manually.
[Sat Nov 12 23:02:24 CET 2022] Add the following TXT record:
[Sat Nov 12 23:02:24 CET 2022] Domain: '_acme-challenge.hacknorris.darksysadmin.com'
[Sat Nov 12 23:02:24 CET 2022] TXT value: '0FX4AGHSdd6TCKJU0cHL9UMWozjcdSJzZFuXO0Bl5NM'
[Sat Nov 12 23:02:24 CET 2022] Please be aware that you prepend _acme-challenge. before your domain
[Sat Nov 12 23:02:24 CET 2022] so the resulting subdomain will be: _acme-challenge.hacknorris.darksysadmin.com
[Sat Nov 12 23:02:24 CET 2022] Please add the TXT records to the domains, and re-run with --renew.
[Sat Nov 12 23:02:24 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Nov 12 23:02:24 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
and

Code:
acme.sh --issue -d hacknorris.darksysadmin.com --nginx
ends with
Code:
[Sat Nov 12 22:15:43 CET 2022] nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed
[Sat Nov 12 22:15:43 CET 2022] pid
[Sat Nov 12 22:15:43 CET 2022] No need to restore nginx, skip.
[Sat Nov 12 22:15:43 CET 2022] _clearupdns
[Sat Nov 12 22:15:43 CET 2022] dns_entries
[Sat Nov 12 22:15:43 CET 2022] skip dns.
[Sat Nov 12 22:15:43 CET 2022] _on_issue_err
[Sat Nov 12 22:15:43 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Nov 12 22:15:43 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
someone knows how can i get https in browser ?



attachment - misskey/engine x config file renamed to txt (this site doesnt allow conf files lol)

this i was trying to use : https://github.com/acmesh-official/acme.sh and https://misskey-hub.net/en/docs/admi...config-example and https://kb.virtubox.net/knowledgebas...acme-sh-nginx/

server is up and running, i just want https cause without it friend dont want to join =]
Attached Files
File Type: txt misskey.txt (2.3 KB, 12 views)
Last edited by hacknorris; 11-12-2022 at 04:37 PM. Reason: more commands tried. logs
 
Old 11-12-2022, 02:48 PM   #2
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 3,616

Rep: Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555Reputation: 2555
Quote:
Originally Posted by hacknorris View Post
Code:
[Sat Nov 12 20:27:56 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Nov 12 20:27:56 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Start with doing those things?
 
Old 11-12-2022, 02:57 PM   #3
hacknorris
LQ Newbie
 
Registered: Nov 2022
Distribution: slackware 15
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by boughtonp View Post
Start with doing those things?
well... tried to debug and doesnt throw more important things
 
Old 11-12-2022, 03:00 PM   #4
hacknorris
LQ Newbie
 
Registered: Nov 2022
Distribution: slackware 15
Posts: 8

Original Poster
Rep: Reputation: 0
these are logs for first command :
Code:
[Sat Nov 12 21:59:45 CET 2022] /etc/nginx/conf.d/misskey.conf is found.
[Sat Nov 12 21:59:45 CET 2022] Found conf file: /etc/nginx/conf.d/misskey.conf
[Sat Nov 12 21:59:45 CET 2022] _ln='12'
[Sat Nov 12 21:59:45 CET 2022] _lnn='13'
[Sat Nov 12 21:59:45 CET 2022] _start_tag
[Sat Nov 12 21:59:45 CET 2022] _backup_conf='/root/.acme.sh/hacknorris.darksysadmin.com/backup/hacknorris.darksysadmin.com.nginx.conf'
[Sat Nov 12 21:59:45 CET 2022] Backup /etc/nginx/conf.d/misskey.conf to /root/.acme.sh/hacknorris.darksysadmin.com/backup/hacknorris.darksysadmin.com.nginx.conf
[Sat Nov 12 21:59:45 CET 2022] Check the nginx conf before setting up.
[Sat Nov 12 21:59:45 CET 2022] nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/hacknorris.darksysadmin.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
[Sat Nov 12 21:59:45 CET 2022] pid
[Sat Nov 12 21:59:45 CET 2022] No need to restore nginx, skip.
[Sat Nov 12 21:59:45 CET 2022] _clearupdns
[Sat Nov 12 21:59:45 CET 2022] dns_entries
[Sat Nov 12 21:59:45 CET 2022] skip dns.
[Sat Nov 12 21:59:45 CET 2022] _on_issue_err
[Sat Nov 12 21:59:45 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Nov 12 21:59:45 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sat Nov 12 21:59:45 CET 2022] url='https://acme.zerossl.com/v2/DV90/chall/VtMeiTspfD-ufoFCZZR_Kw'
[Sat Nov 12 21:59:45 CET 2022] payload='{}'
[Sat Nov 12 21:59:45 CET 2022] POST
[Sat Nov 12 21:59:45 CET 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/VtMeiTspfD-ufoFCZZR_Kw'
[Sat Nov 12 21:59:45 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Sat Nov 12 21:59:53 CET 2022] _ret='0'
[Sat Nov 12 21:59:53 CET 2022] code='200'
 
Old 11-12-2022, 10:00 PM   #5
elgrandeperro
Member
 
Registered: Apr 2021
Posts: 415
Blog Entries: 2

Rep: Reputation: Disabled
Well, why is it asking for a CERT to begin with? This is a chicken/egg problem, you have to run http FIRST without https to let LetsEncrypt get the verification from your web server before ever turning HTTPS on. You can put the TXT record in DNS without the hook as stated. To do the DNS hook you probably need to configure dynamic DNS (I've done this before), but this requires a bit more work.
 
Old 11-13-2022, 04:31 AM   #6
hacknorris
LQ Newbie
 
Registered: Nov 2022
Distribution: slackware 15
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by elgrandeperro View Post
Well, why is it asking for a CERT to begin with? This is a chicken/egg problem, you have to run http FIRST without https to let LetsEncrypt get the verification from your web server before ever turning HTTPS on. You can put the TXT record in DNS without the hook as stated. To do the DNS hook you probably need to configure dynamic DNS (I've done this before), but this requires a bit more work.
exactly. so any easier way for engine x to get https ?
 
Old 11-13-2022, 08:53 AM   #7
elgrandeperro
Member
 
Registered: Apr 2021
Posts: 415
Blog Entries: 2

Rep: Reputation: Disabled
Read this. If you just turn off https to allow LetsEncrypt get the verification, it will probably work (provided you set up the DNS and access).

https://www.nginx.com/blog/using-fre...pt-with-nginx/

Step 2, only http.
 
Old 11-14-2022, 03:28 AM   #8
hacknorris
LQ Newbie
 
Registered: Nov 2022
Distribution: slackware 15
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by elgrandeperro View Post
Read this. If you just turn off https to allow LetsEncrypt get the verification, it will probably work (provided you set up the DNS and access).

https://www.nginx.com/blog/using-fre...pt-with-nginx/

Step 2, only http.
firstly - i use not certbot but acme.sh

secondly - i have http opened cause i can use site over http, i just cant get cert...
 
  


Reply

Tags
certificate, nginx, slackware 15.0



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
trying to install misskey server under slacky... postgres broken along with users annd sudo/su :/ hacknorris Slackware 4 11-12-2022 06:32 AM
how to configure Apache with one SSL cert for primary domain, another wildcard cert for subdomains? sneakyimp Linux - Server 5 05-08-2018 12:36 AM
concat server SSL cert and chain cert LYC Linux - Newbie 2 07-20-2015 07:08 AM
Error: Can't read cert file /etc/pki/tls/certs/cert.pem in Twiki jsaravana87 Linux - Server 1 09-09-2011 06:01 PM
OpenSSL / Sendmail verifies both "TLS cert" and "x509 cert" in client mode, why? fast-reflexes Linux - Server 0 09-12-2010 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:33 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration