Generate letsencrypt will success but miss cert path. #91

Closed
opened 2022-10-26 00:52:04 +00:00 by akong77 · 4 comments
akong77 commented 2022-10-26 00:52:04 +00:00 (Migrated from github.com)
    Hello,

I use latest version to install.It's install done but nginx failed start.I found it's can't found follow path.
/etc/letsencrypt/live/
I make sure letsencrypt will generate done.

[Wed 26 Oct 2022 08:35:05 AM CST] Installing from online archive. [Wed 26 Oct 2022 08:35:05 AM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Wed 26 Oct 2022 08:35:06 AM CST] Extracting master.tar.gz [Wed 26 Oct 2022 08:35:06 AM CST] It is recommended to install socat first. [Wed 26 Oct 2022 08:35:06 AM CST] We use socat for standalone server if you use standalone mode. [Wed 26 Oct 2022 08:35:06 AM CST] If you don't use standalone mode, just ignore this warning. [Wed 26 Oct 2022 08:35:06 AM CST] Installing to /opt/acmesh/.acme.sh [Wed 26 Oct 2022 08:35:06 AM CST] Installed to /opt/acmesh/.acme.sh/acme.sh [Wed 26 Oct 2022 08:35:06 AM CST] No profile is found, you will need to go into /opt/acmesh/.acme.sh to use acme.sh [Wed 26 Oct 2022 08:35:07 AM CST] Installing cron job [Wed 26 Oct 2022 08:35:07 AM CST] Good, bash is found, so change the shebang to use bash as preferred. [Wed 26 Oct 2022 08:35:07 AM CST] OK [Wed 26 Oct 2022 08:35:07 AM CST] Install success! [Wed 26 Oct 2022 08:35:08 AM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed 26 Oct 2022 08:35:08 AM CST] Create account key ok. [Wed 26 Oct 2022 08:35:08 AM CST] Registering account: https://acme-v02.api.letsencrypt.org/directory [Wed 26 Oct 2022 08:35:09 AM CST] Registered [Wed 26 Oct 2022 08:35:09 AM CST] ACCOUNT_THUMBPRINT='cvu7sRJ8C9fTVrf1z1W3XcmhQ6M4n48wcFIpYoZelnM' [Wed 26 Oct 2022 08:35:09 AM CST] Creating domain key [Wed 26 Oct 2022 08:35:09 AM CST] The domain key is here: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:09 AM CST] Single domain='meet.linguitronics.com' [Wed 26 Oct 2022 08:35:09 AM CST] Getting domain auth token for each domain [Wed 26 Oct 2022 08:35:10 AM CST] Getting webroot for domain='meet.linguitronics.com' [Wed 26 Oct 2022 08:35:10 AM CST] Verifying: meet.linguitronics.com [Wed 26 Oct 2022 08:35:11 AM CST] Pending, The CA is processing your order, please just wait. (1/30) [Wed 26 Oct 2022 08:35:14 AM CST] Success [Wed 26 Oct 2022 08:35:14 AM CST] Verify finished, start to sign. [Wed 26 Oct 2022 08:35:14 AM CST] Lets finalize the order. [Wed 26 Oct 2022 08:35:14 AM CST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/794641877/137969457697' [Wed 26 Oct 2022 08:35:16 AM CST] Downloading cert. [Wed 26 Oct 2022 08:35:16 AM CST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04ca5223b784e54037701cbfccfaffc3f0eb' [Wed 26 Oct 2022 08:35:16 AM CST] Cert success. -----BEGIN CERTIFICATE----- MIIFMjCCBBqgAwIBAgISBMpSI7eE5UA3cBy/zPr/w/DrMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjEwMjUyMzM1MTVaFw0yMzAxMjMyMzM1MTRaMCExHzAdBgNVBAMT Fm1lZXQubGluZ3VpdHJvbmljcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC31yObAfQzi+VJr3GAjmbFTVQab27cjzPdNZV0uKaOeMSb/1dFPpN8 h1hGIGeGpQShbaWZK3zV3hRIbC4GbvIahI/12CpoQYzMQgVl1+X1Wp5aXfZ+1qhZ ZGbBwCshbB4TEkYHMA24n/Zh1vl5ZyYFYiG2o6QWt2LsJ20vwmA5vVDFi+3qHi8O jFEOUg7zLq+yg3blsDg+PgOdPAed9RFTtBwgkqEtZ30py1/gNAsqwY5ouLu5zXRB 8nLwYB0v5Nu6U6OLjb42ERdFqbOJQnYf0Qy9PsNSb2Ei32tzf0b9WLWVqyI/6Y36 O9O4W+YABTsQTB70/gGfuyUMo5FiRdK1AgMBAAGjggJRMIICTTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFGVvZmLSPOjHw+F2JUEFgdxuUXwNMB8GA1UdIwQYMBaAFBQu sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s ZW5jci5vcmcvMCEGA1UdEQQaMBiCFm1lZXQubGluZ3VpdHJvbmljcy5jb20wTAYD VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHy APAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYQRtvyzAAAE AwBHMEUCIQCnT+FTx1JuWt2y5W7lrV7QBiohRBjhhE94DuekLZd7YAIgIQNjdZJ1 jqoh0idv1XID9kXuHfmx+QayaX2qlgKZaJgAdgB6MoxU2LcttiDqOOBSHumEFnAy E4VNO9IrwTpXo1LrUgAAAYQRtvzYAAAEAwBHMEUCIEVHnog2WvgJKSCW1iqTxMaK ZFNxqwZtOkwKwdY/JF04AiEA3i/e0ggrpHWJus7FhNxxeqMAmx79BCaVhc///INj /pEwDQYJKoZIhvcNAQELBQADggEBABI+MWmlyZsqKMvKHakUivl3P47vLeDerVpN 6PIDojYqe7iOzDQxiiCL3c4bRvbfj77rsFa/IVNaDQF7Ciuqae87Gt3iLkxsrthr Oh044LiTuZdSDGUPcrNOtZ5M1M/wG16e11hdH3D2hHEsZFMBEJdc3dC66102DKG1 cnqdDFLhIDE33weTsbbpCf0voFhtsXx09OqK7EdyyLdm3ws7o4Xz+JDGmuzJyGCA xqxmvZNYDSvfZUmriiyxCXbDNk/Bju/NgYwtQAh+2oFI5+MWsA1Y6QFNJWvk7MjC rBewf8Cmw6u3uzEnZ7kDcBAmp8ck6DQ+CDZK1TrEVd7d5rE7Rd8= -----END CERTIFICATE----- [Wed 26 Oct 2022 08:35:16 AM CST] Your cert is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.cer [Wed 26 Oct 2022 08:35:16 AM CST] Your cert key is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:16 AM CST] The intermediate CA cert is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/ca.cer [Wed 26 Oct 2022 08:35:16 AM CST] And the full chain certs is there: /opt/acmesh/.acme.sh/meet.linguitronics.com/fullchain.cer [Wed 26 Oct 2022 08:35:16 AM CST] Installing key to: /etc/jitsi/meet/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:16 AM CST] Installing full chain to: /etc/jitsi/meet/meet.linguitronics.com.crt [Wed 26 Oct 2022 08:35:16 AM CST] Run reload cmd: systemctl force-reload nginx.service && /usr/share/jitsi-meet/scripts/coturn-le-update.sh meet.linguitronics.com [Wed 26 Oct 2022 08:35:16 AM CST] Reload success

Originally posted by @akong77 in https://github.com/switnet-ltd/quick-jibri-installer/issues/89#issuecomment-1291290527

Hello, I use latest version to install.It's install done but nginx failed start.I found it's can't found follow path. /etc/letsencrypt/live/ I make sure letsencrypt will generate done. `[Wed 26 Oct 2022 08:35:05 AM CST] Installing from online archive. [Wed 26 Oct 2022 08:35:05 AM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Wed 26 Oct 2022 08:35:06 AM CST] Extracting master.tar.gz [Wed 26 Oct 2022 08:35:06 AM CST] It is recommended to install socat first. [Wed 26 Oct 2022 08:35:06 AM CST] We use socat for standalone server if you use standalone mode. [Wed 26 Oct 2022 08:35:06 AM CST] If you don't use standalone mode, just ignore this warning. [Wed 26 Oct 2022 08:35:06 AM CST] Installing to /opt/acmesh/.acme.sh [Wed 26 Oct 2022 08:35:06 AM CST] Installed to /opt/acmesh/.acme.sh/acme.sh [Wed 26 Oct 2022 08:35:06 AM CST] No profile is found, you will need to go into /opt/acmesh/.acme.sh to use acme.sh [Wed 26 Oct 2022 08:35:07 AM CST] Installing cron job [Wed 26 Oct 2022 08:35:07 AM CST] Good, bash is found, so change the shebang to use bash as preferred. [Wed 26 Oct 2022 08:35:07 AM CST] OK [Wed 26 Oct 2022 08:35:07 AM CST] Install success! [Wed 26 Oct 2022 08:35:08 AM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed 26 Oct 2022 08:35:08 AM CST] Create account key ok. [Wed 26 Oct 2022 08:35:08 AM CST] Registering account: https://acme-v02.api.letsencrypt.org/directory [Wed 26 Oct 2022 08:35:09 AM CST] Registered [Wed 26 Oct 2022 08:35:09 AM CST] ACCOUNT_THUMBPRINT='cvu7sRJ8C9fTVrf1z1W3XcmhQ6M4n48wcFIpYoZelnM' [Wed 26 Oct 2022 08:35:09 AM CST] Creating domain key [Wed 26 Oct 2022 08:35:09 AM CST] The domain key is here: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:09 AM CST] Single domain='meet.linguitronics.com' [Wed 26 Oct 2022 08:35:09 AM CST] Getting domain auth token for each domain [Wed 26 Oct 2022 08:35:10 AM CST] Getting webroot for domain='meet.linguitronics.com' [Wed 26 Oct 2022 08:35:10 AM CST] Verifying: meet.linguitronics.com [Wed 26 Oct 2022 08:35:11 AM CST] Pending, The CA is processing your order, please just wait. (1/30) [Wed 26 Oct 2022 08:35:14 AM CST] Success [Wed 26 Oct 2022 08:35:14 AM CST] Verify finished, start to sign. [Wed 26 Oct 2022 08:35:14 AM CST] Lets finalize the order. [Wed 26 Oct 2022 08:35:14 AM CST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/794641877/137969457697' [Wed 26 Oct 2022 08:35:16 AM CST] Downloading cert. [Wed 26 Oct 2022 08:35:16 AM CST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04ca5223b784e54037701cbfccfaffc3f0eb' [Wed 26 Oct 2022 08:35:16 AM CST] Cert success. -----BEGIN CERTIFICATE----- MIIFMjCCBBqgAwIBAgISBMpSI7eE5UA3cBy/zPr/w/DrMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjEwMjUyMzM1MTVaFw0yMzAxMjMyMzM1MTRaMCExHzAdBgNVBAMT Fm1lZXQubGluZ3VpdHJvbmljcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC31yObAfQzi+VJr3GAjmbFTVQab27cjzPdNZV0uKaOeMSb/1dFPpN8 h1hGIGeGpQShbaWZK3zV3hRIbC4GbvIahI/12CpoQYzMQgVl1+X1Wp5aXfZ+1qhZ ZGbBwCshbB4TEkYHMA24n/Zh1vl5ZyYFYiG2o6QWt2LsJ20vwmA5vVDFi+3qHi8O jFEOUg7zLq+yg3blsDg+PgOdPAed9RFTtBwgkqEtZ30py1/gNAsqwY5ouLu5zXRB 8nLwYB0v5Nu6U6OLjb42ERdFqbOJQnYf0Qy9PsNSb2Ei32tzf0b9WLWVqyI/6Y36 O9O4W+YABTsQTB70/gGfuyUMo5FiRdK1AgMBAAGjggJRMIICTTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFGVvZmLSPOjHw+F2JUEFgdxuUXwNMB8GA1UdIwQYMBaAFBQu sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s ZW5jci5vcmcvMCEGA1UdEQQaMBiCFm1lZXQubGluZ3VpdHJvbmljcy5jb20wTAYD VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHy APAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYQRtvyzAAAE AwBHMEUCIQCnT+FTx1JuWt2y5W7lrV7QBiohRBjhhE94DuekLZd7YAIgIQNjdZJ1 jqoh0idv1XID9kXuHfmx+QayaX2qlgKZaJgAdgB6MoxU2LcttiDqOOBSHumEFnAy E4VNO9IrwTpXo1LrUgAAAYQRtvzYAAAEAwBHMEUCIEVHnog2WvgJKSCW1iqTxMaK ZFNxqwZtOkwKwdY/JF04AiEA3i/e0ggrpHWJus7FhNxxeqMAmx79BCaVhc///INj /pEwDQYJKoZIhvcNAQELBQADggEBABI+MWmlyZsqKMvKHakUivl3P47vLeDerVpN 6PIDojYqe7iOzDQxiiCL3c4bRvbfj77rsFa/IVNaDQF7Ciuqae87Gt3iLkxsrthr Oh044LiTuZdSDGUPcrNOtZ5M1M/wG16e11hdH3D2hHEsZFMBEJdc3dC66102DKG1 cnqdDFLhIDE33weTsbbpCf0voFhtsXx09OqK7EdyyLdm3ws7o4Xz+JDGmuzJyGCA xqxmvZNYDSvfZUmriiyxCXbDNk/Bju/NgYwtQAh+2oFI5+MWsA1Y6QFNJWvk7MjC rBewf8Cmw6u3uzEnZ7kDcBAmp8ck6DQ+CDZK1TrEVd7d5rE7Rd8= -----END CERTIFICATE----- [Wed 26 Oct 2022 08:35:16 AM CST] Your cert is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.cer [Wed 26 Oct 2022 08:35:16 AM CST] Your cert key is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:16 AM CST] The intermediate CA cert is in: /opt/acmesh/.acme.sh/meet.linguitronics.com/ca.cer [Wed 26 Oct 2022 08:35:16 AM CST] And the full chain certs is there: /opt/acmesh/.acme.sh/meet.linguitronics.com/fullchain.cer [Wed 26 Oct 2022 08:35:16 AM CST] Installing key to: /etc/jitsi/meet/meet.linguitronics.com.key [Wed 26 Oct 2022 08:35:16 AM CST] Installing full chain to: /etc/jitsi/meet/meet.linguitronics.com.crt [Wed 26 Oct 2022 08:35:16 AM CST] Run reload cmd: systemctl force-reload nginx.service && /usr/share/jitsi-meet/scripts/coturn-le-update.sh meet.linguitronics.com [Wed 26 Oct 2022 08:35:16 AM CST] Reload success` _Originally posted by @akong77 in https://github.com/switnet-ltd/quick-jibri-installer/issues/89#issuecomment-1291290527_
akong77 commented 2022-10-26 03:51:30 +00:00 (Migrated from github.com)

But it's no /etc/letsencrypt/live this directory.

But it's no /etc/letsencrypt/live this directory.
Ark74 commented 2022-10-26 13:38:23 +00:00 (Migrated from github.com)

Hello again,
Is your instance a clean one?, do you have a firewall or some other service blocking ports 80/443? letsencrypt uses such ports to validate the cert.
Some IaaS providers add a second layer of firewall, just like what AWS does with their security groups, or maybe your DNS is not updated?
My final guess, are you trying to use a custom ssl cert?

I can't replicate your issue, I've done 2 consecutive installations successfully.
Maybe you'll like to remove any password your installation log might have and attach it here, maybe we can see the error there.

Hello again, Is your instance a clean one?, do you have a firewall or some other service blocking ports 80/443? letsencrypt uses such ports to validate the cert. Some IaaS providers add a second layer of firewall, just like what AWS does with their security groups, or maybe your DNS is not updated? My final guess, are you trying to use a custom ssl cert? I can't replicate your issue, I've done 2 consecutive installations successfully. Maybe you'll like to remove any password your installation log might have and attach it here, maybe we can see the error there.
Ark74 commented 2022-10-26 13:42:56 +00:00 (Migrated from github.com)

Another option, let me know if you'll be interested on purchase custom support for your installation setup.
Regards.

Another option, let me know if you'll be interested on purchase custom support for your installation setup. Regards.
Ark74 commented 2022-10-27 13:34:56 +00:00 (Migrated from github.com)

Feel free to reopen if you have more details.
Cheers

Feel free to reopen if you have more details. Cheers
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: switnet/quick-jibri-installer#91
No description provided.