Didn't misread, but mistyped--but a very odd assumption either way.
4 Likes
I removed the previously generated keys and certificates and went through the process again, using certsage. It will not proceed, claiming my code is incorrect when it is not...but I am not going to donate again just to get nowhere.
Crazy Domains wants 'the entire bundle'. whatever that is.
Well that is really only two choices.
- the chain file(s) only
- the cert and the chain file(s) [altogether in one file]
Try both, one should do the trick.
3 Likes
This is really a key point of context about this whole situation.
If you want to be very charitable toward CrazyDomains, you could say that Let's Encrypt's service is simply not especially suitable for use with this hosting provider, or at least not this particular hosting plan. It is, of course, permitted and possible to use them together, but not a recommended course of action.
@rabb, none of the people who are trying to help in this forum thread are getting paid out of your donation to Let's Encrypt (and none except @griffin from your donation to CertSage). Your donation is very much appreciated and helps something that millions of people benefit from continue to operate, but the people trying to help you here are all unpaid volunteers. As @Osiris said elsewhere,
which is to say that the Let's Encrypt service itself is structured for computer software, not human beings, to interact with. (That's how it's able to issue 2.5 million certificates per day!) Therefore the best experience comes when using appropriately compatible software in an appropriately compatible environment.
The workflow that CrazyDomains is suggesting here involves concepts and methods that are more traditional for paid 1-year or 2-year certificates from CAs that offer a web UI for human customers. As Let's Encrypt offers comparatively very short-lived certificates and no web UI, this workflow is significantly mismatched to the Let's Encrypt service.
9 Likes
- The code changes every time you open the
certsage.phppage. You need to open thecertsage.phppage then opencode.txtto copy the code. - I don't know how to be more clear when saying that the
certificate.crtfile generated by CertSage contains both your certificate (the first certificate in the file) and the CA bundle (the remaining certificates in the file). If CrazyDomains is somehow confused by this, please point them to this thread.
3 Likes
I'm sorry you've had so much trouble. I've refunded your entire donation to CertSage.
6 Likes
I don't want a refund. I just want it to work. not that it matters much because I'm not selling anything yet and maybe never will. I regularly donate to all free computer services like Mozilla , Linux and Wiki foundation. I greatly appreciate their efforts. My problem is that on repeating the certsage process, the php page would not take the new 'code.txt' that it just gave me, when I clicked either 'staging' or 'production' . It just says, "problem, wrong code". Wouldn't that make anyone wonder what hell is going on? The first time I used it, it took the code as soon as I donated.
I am using filezilla which is a bit different from the one used in the howto example.
1 Like
All of the code being executed is in the PHP file you downloaded and installed. You are free to observe that there is no "hidden code" or other nonsense going on. I wrote every last line of that PHP file myself and have tested it extensively both on my own shared hosting instances as well as the various systems of numerous others. I feel like you are insinuating that your donation is somehow correlated with code.txt. The 16 characters found in that file are simply the base64 encoding of 12 randomly-generated bytes.
This is all of the related code copied straight out of certsage.php:
$version = "1.1.0";
$dataDirectory = "../CertSage";
// *** PROCESS CODE ***
if (!isset($_POST["code"]))
throw new Exception("code was missing");
if (!is_string($_POST["code"]))
throw new Exception("code was not a string");
$code = $_POST["code"];
// *** CREATE DATA DIRECTORY, CHECK CODE, AND UPDATE CODE ***
$certsage = new CertSage($version, $dataDirectory, $code);
public function __construct($version, $dataDirectory, $code = null)
{
// *** SET VERSION ***
$this->version = $version;
// *** CREATE DATA DIRECTORY ***
$this->createDirectory($dataDirectory, 0700);
$this->dataDirectory = $dataDirectory;
$filePath = $dataDirectory . "/code.txt";
try
{
if (isset($code))
{
// *** CHECK CODE ***
$correctCode = $this->readFile($filePath);
if (!isset($correctCode))
throw new Exception("code.txt was missing");
if ($code !== $correctCode)
throw new Exception("code was incorrect");
}
}
finally
{
// *** UPDATE CODE ***
$this->writeFile($filePath,
$this->encodeBase64(random_bytes(12)),
0600);
}
}
Not really.
Either:
- You're downloading the
code.txtfile before loading thecertsage.phppage, which is the wrong order in which to do things.
or
- Something is loading
certsage.phpafter you've downloadedcode.txt.
3 Likes
I wasn't talking about the code of the program itself. It is 'code.txt' that doesn't work when i plug it into the form that opens when I go to CertSage.
Sure it puts a code into my certsage folder but when I use it, it says "Problem.Code is wrong".
See it here: http://www.ralfslab.net/pics/Certform.jpg
1 Like
What order are you adhering to? The correct order should be:
- Open CertSage in a browser;
- Get contents of
code.txt; - Do not refresh, reload or open CertSage in a new browser window/tab from this point on;
- Go to your CertSage page;
- Enter information into CertSage without reloading/refreshing CertSage (this step can also be done anywhere above);
- Get your certificate.
4 Likes
I am pretty sure that is what I did. I will wipe everything and repeat the procedure if that is OK.
I notice the certsage page takes some time to appear on my site. I assume that is normal.
2 Likes
'certsage folder' I meant.
2 Likes
You shouldn't need to wipe anything, but it won't hurt anything to start fresh.
Since the HTML generated by certsage.php is very, very small (less than a few kilobytes), the load time is almost entirely due to the server processing the PHP code itself. The initial presentation of the blank form should happen almost instantly. Once you submit the form, the ACME process, which involves your server communicating back and forth with the Let's Encrypt server to satisfy the HTTP-01 challenge(s), usually takes somewhere from 5 to 15 seconds.
I'm wondering if there's some type of caching or proxy behavior that's causing the page to be loaded in the background somewhere and thus changing the contents of code.txt prematurely. To bypass that potential issue, here's a version with the code.txt requirement removed:
certsagenc.txt (24.3 KB)
- Put
certsagenc.txtinto the same folder you putcertsage.txt - Rename
certsagenc.txttocertsagenc.php - Visit
http://www.ralfslab.net/certsagenc.php
3 Likes
certsage.php opens in firefox immediately. It is the certsage folder that takes time to appear on my filezilla root. That contains code.txt. I will have another attempt.
1 Like
ok that was fine...only one problem. No certsage directory has appeared in my website root... but that was the case before I used cesagenc.txt
1 Like
As far as I know, the certsage folder is created one level below the webroot directory.
4 Likes
@Osiris is absolutely correct. CertSage will automatically create the CertSage directory in the parent directory of the directory in which certsage.php is located. It should be in the same location as before. Did you erase the CertSage directory?
3 Likes
I did delete it but it has finally reappeared....after about 15 hours. It contains the required certificate and keys. The ssl and ssh folders are on the same level
Griffin's instructions for using certsage don't really apply to filezilla. The ssl folder has three subfolders, 'certs', 'csrs' and 'keys'. I have copied the contents of certificate.crt into 'certs'. What should I do with the keys. None of the rest makes sense on filezilla.
Can Griffin write new instructions applicable to the latest version of filezilla, which I'm sure a lot of people must be using these days.
The certificate installation instructions I provided are for cPanel. Now that you have your certificate and CA bundle (all in certificate.crt) along with the private key for your certificate (certificate.key), they need to be installed. This is usually accomplished by using a user interface your hosting provider provides (like cPanel), modifying your webserver software configuration (VirtualHost or server configuration blocks), or notifying your hosting provider to install them. Which one depends upon your situation. Simply copying the certificate file into a specific directory is usually not adequate.
3 Likes
Filezilla has a .cpanel folder in root but there is nothing it in that seems related to ssl,
It also has an .ssl folder with subfolder 'certs' which is where I copied certificate.crt. It has two other subfolders, csrs and keys. These were filled when I first attempted this exercise last week, presumably by the host. Should I copy the keys into the 'keys' folder?
I just received this reply from CD, after I sent them the latest certificate.crt file.
"I have tried to install the new file you have provided, however, the error is still the same.
With this, I would highly suggest if you can re-issue the SSL certificate, and I will provide you with a new CSR file."
I getting a bit lost now. I don't know why the CSR file has changed or what I should do with a new one. Maybe I should not have deleted the previous one.
1 Like