mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-01-11 22:30:44 +01:00
I think I might have mucked up my config files #373
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @pavulon18 on GitHub (Sep 4, 2018).
I apologize if this is the wrong venue for this but I've been searching and trying and I think I've gone from bad to worse.
My setup:
Raspberry Pi running Raspbian Stretch
Apache 2.4
dns provider: duckdns.org
My website: gcems.duckdns.org
If I have it set up properly, I have everything automatically forwarded to https port 443
I am currently getting the error message
I've tried changing "fullchain.pem" to "cert.pem" but still get the same error message but with the change of file name noted.
the directory listing
I'm totally lost and apparently clueless. Any help would be appreciated.
@alainwolf commented on GitHub (Sep 5, 2018):
Did you notice the size of your *.pem files?
This sometimes happens, if dehydrated fails and dies while creating certs.
You have to run dehydrated again and look at its output to see what wrong there.
@pavulon18 commented on GitHub (Sep 5, 2018):
After I first started this thread, I switched to the staging server in fear of running into limits.
The following is the same error message I get when I was running against the live server.
Using the command:
I get the following output
I hope this helps.
@alainwolf commented on GitHub (Sep 5, 2018):
Looks like your server is not answering the http request from Let's Encrypt. Is your webserver up?
@pavulon18 commented on GitHub (Sep 5, 2018):
right now it won't start because of this problem. The first entry has the error message I am now getting from Apache when I try to start.
The second error message that I posted is the same message that I have been getting for a while. I was trying to fix this second error message when I created the problem that caused my first error message.
@pavulon18 commented on GitHub (Sep 5, 2018):
Ok. So what I did was to disable the ssl config for my website and run it as non-ssl. I ran dehydrated. The challenge passed muster. I re-enabled the ssl config and removed the staging line from dehydrated config.
It seems to be working, other than my phone is telling me the certificate is untrusted.
@alainwolf commented on GitHub (Sep 5, 2018):
Obviously your web server can't start with a zero-sized empty certificate file. But your webserver needs to be running and answering the challenge request when the Lets Encrypt asks for it. So you have a chicken and egg problem here, but an easy to solve one. Its not a problem of dehydrated.
@alainwolf commented on GitHub (Sep 5, 2018):
Its untrusted because its still running with certificates from the Let's encrypt staging servers.
https://www.ssllabs.com/ssltest/analyze.html?d=gcems.duckdns.org
@barmteccert commented on GitHub (Sep 5, 2018):
With all due respect, but who are you and why are you writing to me?
Von: Jim notifications@github.com
An: lukas2511/dehydrated dehydrated@noreply.github.com
Kopie: Subscribed subscribed@noreply.github.com
Datum: 04.09.2018 18:24
Betreff: [lukas2511/dehydrated] I think I might have mucked up my
config files (#591)
I apologize if this is the wrong venue for this but I've been searching
and trying and I think I've gone from bad to worse.
My setup:
Raspberry Pi running Raspbian Stretch
Apache 2.4
dns provider: duckdns.org
My website: gcems.duckdns.org
If I have it set up properly, I have everything automatically forwarded to
https port 443
I am currently getting the error message
AH00526: Syntax error on line 20 of
/etc/apache2/sites-enabled/gcems.duckdns.org.ssl.conf:
Sep 04 11:08:13 gcems apachectl[28748]: SSLCertificateFile: file
'/var/lib/dehydrated/certs/gcems.duckdns.org/fullchain.pem' does not exist
or is empty
Sep 04 11:08:13 gcems apachectl[28748]: Action 'start' failed.
Sep 04 11:08:13 gcems apachectl[28748]: The Apache error log may have more
information.
Sep 04 11:08:13 gcems systemd[1]: apache2.service: Control process exited,
code=exited status=1
Sep 04 11:08:13 gcems systemd[1]: Failed to start The Apache HTTP Server.
Sep 04 11:08:13 gcems systemd[1]: apache2.service: Unit entered failed
state.
Sep 04 11:08:13 gcems systemd[1]: apache2.service: Failed with result
'exit-code'.
I've tried changing "fullchain.pem" to "cert.pem" but still get the same
error message but with the change of file name noted.
the directory listing
-rw------- 1 root root 1659 Aug 30 23:16 cert-1535688967.csr
-rw------- 1 root root 0 Aug 30 23:16 cert-1535688967.pem
-rw------- 1 root root 1659 Sep 2 17:37 cert-1535927823.csr
-rw------- 1 root root 0 Sep 2 17:37 cert-1535927823.pem
-rw------- 1 root root 1659 Sep 3 05:37 cert-1535971022.csr
-rw------- 1 root root 0 Sep 3 05:37 cert-1535971022.pem
-rw------- 1 root root 1659 Sep 3 17:37 cert-1536014223.csr
-rw------- 1 root root 0 Sep 3 17:37 cert-1536014223.pem
-rw------- 1 root root 1659 Sep 3 21:38 cert-1536028683.csr
-rw------- 1 root root 0 Sep 3 21:38 cert-1536028683.pem
-rw------- 1 root root 1659 Sep 3 21:49 cert-1536029333.csr
-rw------- 1 root root 0 Sep 3 21:49 cert-1536029333.pem
-rw------- 1 root root 1659 Sep 4 05:37 cert-1536057423.csr
-rw------- 1 root root 0 Sep 4 05:37 cert-1536057423.pem
-rw------- 1 root root 1659 Sep 4 11:00 cert-1536076811.csr
-rw------- 1 root root 0 Sep 4 11:00 cert-1536076811.pem
-rw------- 1 root root 3239 Aug 30 23:16 privkey-1535688967.pem
-rw------- 1 root root 3247 Sep 2 17:37 privkey-1535927823.pem
-rw------- 1 root root 3243 Sep 3 05:37 privkey-1535971022.pem
-rw------- 1 root root 3243 Sep 3 17:37 privkey-1536014223.pem
-rw------- 1 root root 3243 Sep 3 21:38 privkey-1536028683.pem
-rw------- 1 root root 3243 Sep 3 21:49 privkey-1536029333.pem
-rw------- 1 root root 3243 Sep 4 05:37 privkey-1536057423.pem
-rw------- 1 root root 3243 Sep 4 11:00 privkey-1536076811.pem
I'm totally lost and apparently clueless. Any help would be appreciated.
?
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
www.barmenia.de
www.xing.de/companies/barmenia
www.facebook.de/barmenia
www.twitter.com/barmenia
www.youtube.de/barmenia
Barmenia Krankenversicherung a. G.
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Martin Risse - Kai Völker
Aufsichtsrats-Vors.: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Versicherungsverein auf Gegenseitigkeit;
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3871; St.-Nr. 132/5906/0047
Barmenia Allgemeine Versicherungs-AG
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Martin Risse - Kai Völker
Aufsichtsrats-Vors.: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Aktiengesellschaft;
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3033; St.-Nr. 132/5906/0025
Barmenia Lebensversicherung a. G.
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Martin Risse - Kai Völker
Aufsichtsrats-Vors.: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Versicherungsverein auf Gegenseitigkeit;
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3854; St.-Nr. 132/5906/0058
@pavulon18 commented on GitHub (Sep 5, 2018):
I removed the staging server information and did a
do I need to do
to revoke the staging cert and replace it with a live cert?
@txr13 commented on GitHub (Sep 5, 2018):
@pavulon18 You do not need to revoke the staging certificate. Dehydrated will update the symlinks to point to the correct certificate. You will also need to restart Apache so that it reads the new certificate into memory.
@barmteccert You’ve received a notification from GitHub. Check your notification settings if you don’t want to be receiving emails.
@pavulon18 commented on GitHub (Sep 5, 2018):
Thank you to those who helped me. I have it all working now. I will now close this issue.