Page 1 of 1

Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 11 Mar 2018 17:59
by jogomes
Hi to all,
:angry-banghead:
I searched and found some similarities but no actual solution or problem like this.

I have a EFA that has a letsencrypt 'manual' installation, and I wanted to change it to the automated one from the menu.

So this morning I tried to renew my cert from my EFA, but I cannot it keeps telling me that there is no Virtual Server running on port 80.

Despite some efforts, even activated the Virtualhost on port 80, nothing seems to work.
When I try to install/renew, it does an update of the Python to 3.4 version (?). Found somewhere that this can be a problem to certbot ??? But no solution found, or I didn't apply it to this system, since it has an automated procedure, and I want not to change it.

I'm not doing it again since I restored a snapshot and copied back the settings back to the production server since there were some emails that already entered and I want to keep it on history.

So, EFA is running with the 'old' cert, and I have 15 days to solve this issue until it expires.

Its not a FW problem, neither a NAT.
I tried the manual and automated ways, all failed with the same issue.

Looking for some help from you guys.

Stay sharp and well.

JG

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 17 Apr 2018 23:00
by theEFAmenace
Same problem here, any solution ?

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 17 Apr 2018 23:30
by theEFAmenace
I ended up adding a virtual host at the end of the httpd.conf - uncommented the last block and updated the details with my own.
Worked like a charm.

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 02 May 2018 12:40
by jamerson
Hi,
Do you have port 80/443 nat to your EFA ?

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 13 Jun 2018 16:34
by aetadmin
I just had this problem too; my let's encrypt (letsencrypt) was not renewing the cert. I'm sure this is because I have the force ssl redirect enabled. So, I managed to fix it by the following:

edit the file /etc/httpd/conf.d/redirectssl.conf
and change it to this:

Code: Select all

RewriteEngine On

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Notice that I also commented out the RewriteCond to check for HTTPS is not on. This will still redirect all HTTP requests, just not the ones for letsencrypt.

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 14 Jun 2018 09:08
by pdwalker
:clap: Good tip!

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 14 Jun 2018 21:43
by shawniverson

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 15 Jun 2018 23:36
by jamerson
Hi Guys,
after adding this line
RewriteEngine On

[*]RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Whcih command we have to run to renew the SSL or it will do it automatically ?

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 04 Sep 2018 15:16
by northwindit
I had this same problem and the solutions listed in here didn't work for me. Not even webmin would load. This was my solution to get everything working again. Just passing the info along in case it can help someone else.

////////////////////////////////////////////////////
Disable Lets Encrypt

Disable HTTPS Configure under EFA Menu 11 (Apache Settings)


sudo nano /etc/httpd/conf.d/redirectssl.conf
Paste the following and write out:

RewriteEngine On

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

sudo nano /etc/httpd/conf/httpd.conf
Remove the line near the end: Listen 443

sudo nano /etc/httpd/conf.d/ssl.conf
remove the Include lets encrypt line at the end

sudo service httpd restart

Verify that /etc/httpd/conf.d/redirectssl.conf still contains the info above

Run EFA Menu 16 Lets Encrypt
This should now complete successfully

Run EFA Menu 11 Apache Settings and Configure HTTPS

Enable port 443 by typing "Y" and hit Enter... however do nothing after this and close the terminal. Do not hit enter the second time or go past that point and enable port 80 redirection otherwise httpd will fail to start.

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 09 Jan 2019 08:52
by bob.lenz
This worked for me. Thanks! Great instructions.
northwindit wrote: 04 Sep 2018 15:16 I had this same problem and the solutions listed in here didn't work for me. Not even webmin would load. This was my solution to get everything working again. Just passing the info along in case it can help someone else.

////////////////////////////////////////////////////
Disable Lets Encrypt

Disable HTTPS Configure under EFA Menu 11 (Apache Settings)


sudo nano /etc/httpd/conf.d/redirectssl.conf
Paste the following and write out:

RewriteEngine On

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

sudo nano /etc/httpd/conf/httpd.conf
Remove the line near the end: Listen 443

sudo nano /etc/httpd/conf.d/ssl.conf
remove the Include lets encrypt line at the end

sudo service httpd restart

Verify that /etc/httpd/conf.d/redirectssl.conf still contains the info above

Run EFA Menu 16 Lets Encrypt
This should now complete successfully

Run EFA Menu 11 Apache Settings and Configure HTTPS

Enable port 443 by typing "Y" and hit Enter... however do nothing after this and close the terminal. Do not hit enter the second time or go past that point and enable port 80 redirection otherwise httpd will fail to start.

Re: Letsencrypt not installing/renewing on EFA 3.0.2.6

Posted: 22 Nov 2019 08:56
by barbours
This worked well in EFA 4.0. With letsencrypt, it is critical to have port 80 passing through into the server being configured. It is also critical to the eventual renewal request.

One question, at the very end of the configuration from the EFA menu, it asks if you want to apply to Postfix. Is that necesary, desired, ?? What is required here? Say yes to applying it to postfix or no?