Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution


#1

Hello, I googled and searched the forums already so i thought it would be appropriate to make a new thread.

I am using plesk on Ubuntu 14.04 LTS and as I go ahead to install the SSL cert under extension, a red error pops up (see pastebing below)

I am unsure how to approach this error. If you need the full log let me know.

http://pastebin.com/2Em8MUEp

Many Thanks!


#2

It’s failing on the ACME challenge. I assume you are using apache? “The client lacks sufficient authorization”

Have a look here


#3

Hello!

Yes, I use apache,

Do i just follow that link word for word (It says its outdated)? I assume this will allow me to use the plesk extension?


#4

I assume you are talking about this plesk extension ?

and yes you are allowed to use it. It’s not written or maintained by Let’s Encrypt, you are allowed to use it though.

That plugin doesn’t look as if it’s actively maintained, and there are a number of open issues (if you check the above link).

The error you are seeing is that when a token is placed in your

webroot/.well-known/acme-challenge/token

Then Let’s Encrypt tries to verify that from the internet. going to http://grayles.net/.well-known/acme-challenge/token it gets a 404 error - page no found. Exactly why it get’s a 404 I can’t be certain. If you place a file there yourself, is it reachable from the internet ?


#5

Well that link should at least start guiding you in the right direction, I’ve never used Plesk but have been using apache for years and that seems definitely to be a problem with the ACME challenge not working. You need to check your apache rules depending on version 2.2 or 2.4. 2.4 introduced changes to the way you grant access to locations. So depending on your Apache version I would start there, there is a lot of threads in here that might give you your answer, just search properly especially for “ACME challenge apache rules”


#6

Hello!

I found this https://support.plesk.com/hc/en-us/articles/213373069 - which could be the solution

But the problem is I don’t see an .htaccess or default when looking for

“/etc/apache2/sites-available/default”

Is that the possibility why things aren’t working?

It might be…

might have to do http://stackoverflow.com/questions/25816136/htaccess-not-being-loaded-in-ubuntu-14-04-apache-2-4-7

Am I going in the right direction?


Update: I followed the fixes, now i get a new error (though much shorter then the last one)

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa    /var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges: 
http-01 challenge for grayles.net
filemng: Error occurred during /bin/mkdir command.
Cleaning up challenges
Command '['/usr/local/psa/admin/bin/filemng', u'hotpotsoup', 'mkdir', '-p', u'/var/www/vhosts/grayles.net/httpdocs/.well-known/acme-challenge']' returned non-zero exit status 1

#7

From the error …

It would appear to be having a problem creating the directory .well-known/acme-challenge/ in your webroot (i.e. the folder where the top level index page for your site is). What are the ownership permissions on that folder ? does the .well-known folder exist ? if not can you create it and retest ?


#8

As @serverco mentioned, the best way to test is to manually create the .well-known folder in your site, place a plain text file in there test.txt for instance and see if you can access that from a browser. If you can access it then the ACME challenge should work but if you can not access yoursite.com/.well-known/test.txt then you still have permission issues on apache.


#9

im in the “httpdocs” folder and the permissions are that the owner is “me” (when right clicking then pressing permissions)

Is there a specific chmod i need to do?


I have made the folder “/var/www/vhosts/grayles.net/httpdocs/.well-known/acme-challenge”

But i get a The requested URL /.well-known was not found on this server. when accessing
"http://grayles.net/.well-known"


Do i need to stop apache before making changes then restart it after?


Is using this guide OK?


#10

That guide looks OK for permissions. yes. Your error is now not one of permissions though, rather a 404 error is “file not found”

Have you got the correct directory ? if I go to http://grayles.net/ I get the default apache page which says it’s at /var/www/html/index.html … if you edit the index file slightly can you see the change in your browser ? that way you will see if the file is really in /var/www/html/index.html or in /var/www/vhosts/grayles.net/index.net


#11

Hello and thank you for your help so far.

Yes the index.html that shows on the website is at " /var/www/html/index.html"

However the log error is at “/var/www/vhosts/grayles.net/httpdocs/”

I am very, very, very confused now. What on earth is going on >_<?


#12

I’m not sure how you set up your websites, so don’t know. (do you have more than one website on the server ? or just one ? Did you follow a particular method in setting up your apache config ? if so what ?


#13

Hello!z

Only one website on the plesk control panel.

And I did a reinstallation of apache2, not too long ago. I stopped the service - uninstalled - purged and did a "sudo apt-get install apache2 " on top.

Do you think I should start again? Perhaps i didn’t do the configuration properly?


#14

Yes, I’d suggest starting again. uninstalling, purging and reinstalling apache would have put the default apache config in - which would have overwritten all your plesk config for apache.


#15

Thanks!

I’m going to reinstall apache2 and such. But in regards to plesk… how do i get their settings back?


#16

I don’t use plesk much myself. I think you can use the self repair tool in plesk to reset the Web server configuration though.


#17

Thank you!

I will do my best from here then.

Will provide feedback if I’m successful


#18

Good luck.

depending on plesk version the command

/usr/local/psa/admin/bin/httpdmng --reconfigure-all

should recreate the apache configs needed for plesk


#19

Once you have reloaded apache set up one site in
/var/www/html/mywebsite.com

make the folder .well-known

sudo mkdir /var/www/html/mywebsite.com/.well-known

make sure that folder has write permission

sudo chmod -R 755 /var/www/html/mywebsite.com/.well-known

make a test file

sudo touch /var/www/html/mywebsite.com/.well-known/test.txt

place the word test into the file

echo "test" > /var/www/html/mywebsite.com/.well-known/test.txt

reset permissions now and make sure user www-data has full ownership of the entire web folder for all sites

sudo chown -R www-data:www-data /var/www

go to http://mywebsite.com/.well-known/test.txt and see if you can see the text file

good luck


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.