Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vicidial.lanube.com.do

I ran this command: -e myemail@gmail.com -d vicididial.lanube.com.do

#!/bin/bash

while getopts “:e:d:” options; do
case “{options}" in e) EMAIL={OPTARG} ;;
d)
DOMAIN={OPTARG} ;; :) echo "Error: -{OPTARG} requires an argument.”; exit 1;;
*) echo “Internal error!” ; exit 1 ;;
esac
done

if [ -z “$EMAIL” ]
then
echo “Missing -e Email option!”
exit 1
fi
if [ -z “$DOMAIN” ]
then
echo “Missing -d Domain option!”
exit 1
fi

mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL

sed -i “/SSLCertificateFile/c\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem” /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i “/SSLCertificateKeyFile/c\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem” /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i “/SSLCACertificateFile/c\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem” /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i “/tlscertfile=/c\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem” /etc/asterisk/http.conf
sed -i “/tlsprivatekey=/c\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem” /etc/asterisk/http.conf
/usr/sbin/rasterisk -x ‘module reload http’
/sbin/service apache2 restart

echo " If this is a telephony server you will need to modify the ‘Web Socket URL’"
echo " field for this server under the Admin --> Servers section. It will need to be"
echo " changed to :"
echo " wss://$DOMAIN:8089/ws"
echo
echo " You will also need to modify the ‘webRTC’ template under the Admin --> Templates"
echo " section. You want to change the following options under the "
echo " ‘Template Contents’ :"
echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"

It produced this output:

the script doesn’t create fullchain.pem.

My web server is (include version): Apache2

The operating system my web server runs on is (include version):Opensuse 15.1 Vicidial

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

I want to get help with this, thank you in advanced

What are you trying to achieve?

I see no certbot in your script, just acme.sh

Hi, thanks for your reply,

I Ran:

zypper in python3-certbot

Later

zypper in socat

wget -O - https://get.acme.sh | sh

And later the script i posted in my first post.

And give me an error that cant create fullchain.pem.

Can you follow there instructions, please?

Or, better, these:

Hi, thanks again, i Tried and i got this for both options:

vicibox9:~ # certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘apache’

vicibox9:~ # certbot certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘apache’
Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘apache’
vicibox9:~ #

vicibox9:~ # certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘standalone’
Too many flags setting configurators/installers/authenticators ‘webroot’ -> ‘standalone’

Thanks for your help

Check the config files in /etc/letsencrypt/cli.ini and /etc/letsencrypt/renewal

This is /etc/letsencrypt/cli.ini

This is an example of the kind of things you can do in a configuration file.

All flags used by the client can be configured here. Run Certbot with

“–help” to learn more about the available options.

Note that these options apply automatically to all use of Certbot for

obtaining or renewing certificates, so options specific to a single

certificate on a system with several certificates should not be placed

here.

Use a 4096 bit RSA key instead of 2048

rsa-key-size = 4096

The staging/testing server

server = https://acme-staging.api.letsencrypt.org/directory

The production server.

server = https://acme-v01.api.letsencrypt.org/directory

Uncomment and update to register with the specified e-mail address

email = alfiomunoz@gmail.com

Uncomment and update to generate certificates for the specified

domains.

domains = vicidial.lanube.com.do, www.vicidial.lanube.com.do

Uncomment to use a text interface instead of ncurses

text = True

Uncomment

agree-eula = True

agree-tos = True
renew-by-default = True

Uncomment to use the standalone authenticator on port 443

If you want to use port 443, you must use standalone-supported-challenges

If you want to use port 80, you must use preferred-challenges = http-01

authenticator = webroot
#standalone-supported-challenges = tls-sni-01
#preferred-challenges = tls-sni-01

Uncomment to use the webroot authenticator. Replace webroot-path with the

path to the public_html / webroot folder being served by your web server.

authenticator = webroot

webroot-path = /usr/share/nginx/html

webroot-path = /srv/www/htdocs

And /etc/letsencrypt/renewal dont exist.

comment out this line and retry

(your cli.ini is too specific, why are there domain names in there? -- there's a lot of stuff that should never be there, please backup that file and start from an empty one.)

This is an example of the kind of things you can do in a configuration file.

All flags used by the client can be configured here. Run Certbot with

“–help” to learn more about the available options.

Note that these options apply automatically to all use of Certbot for

obtaining or renewing certificates, so options specific to a single

certificate on a system with several certificates should not be placed

here.

Use a 4096 bit RSA key instead of 2048

rsa-key-size = 4096

The staging/testing server

server = https://acme-staging.api.letsencrypt.org/directory

The production server.

server = https://acme-v01.api.letsencrypt.org/directory

Uncomment and update to register with the specified e-mail address

#email = alfiomunoz@gmail.com

Uncomment and update to generate certificates for the specified

domains.

#domains = vicidial.lanube.com.do, www.vicidial.lanube.com.do

Uncomment to use a text interface instead of ncurses

text = True

Uncomment

agree-eula = True

agree-tos = True
renew-by-default = True

Uncomment to use the standalone authenticator on port 443

If you want to use port 443, you must use standalone-supported-challenges

If you want to use port 80, you must use preferred-challenges = http-01

authenticator = webroot
#standalone-supported-challenges = tls-sni-01
#preferred-challenges = tls-sni-01

Uncomment to use the webroot authenticator. Replace webroot-path with the

path to the public_html / webroot folder being served by your web server.

authenticator = webroot

webroot-path = /usr/share/nginx/html

webroot-path = /srv/www/htdocs

The same results, I tried adding my domain in the .ini file, tried by deafult ini files and the results are the same.

Hi, if you can help me or anyone to show me how to do it in a real vicidial system (Opensuse 15) i would really appreciate, I can give you an small contribution maybe to buy five or six cup of coffee, my email is: alfiomunoz @ gmail. com.

Thanks in advanced and for your help

mv /etc/letsencrypt/cli.ini /somewhere/else

Hi, I mean the certbot configuration and the generation of certificates, if someone can email me or something like that, i will post the complete solution here when solved.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.