i have a webhosting plan at the german hoster “strato”.
On this plan i have SSH access.
It runs on SunOS Solaris 11.4.8.5.0.
For the normal Domain i have a single SSL-certificate from the hoster which was included by the plan, but for a subdomain i want to use letsencrypt to have also ssl on staging site.
Is it possible to use letsencrypt certificate on subdomain while theres another certificate on main domain?
And is there a guide to activate letsencrypt on sunOS-systems?
root> curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 775 0 775 0 0 1366 0 --:--:-- --:--:-- --:--:-- 2719
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 193k 100 193k 0 0 349k 0 --:--:-- --:--:-- --:--:-- 352k
[Sat Jul 25 23:50:18 2020] Installing from online archive.
[Sat Jul 25 23:50:18 2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Sat Jul 25 23:50:19 2020] Extracting master.tar.gz
[Sat Jul 25 23:50:20 2020] It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'.
[Sat Jul 25 23:50:20 2020] We need to set cron job to renew the certs automatically.
[Sat Jul 25 23:50:20 2020] Otherwise, your certs will not be able to be renewed automatically.
[Sat Jul 25 23:50:20 2020] Please add '--force' and try install again to go without crontab.
[Sat Jul 25 23:50:20 2020] ./acme.sh --install --force
[Sat Jul 25 23:50:20 2020] Pre-check failed, can not install.
Usually cron should be preinstalled on SunOS/Solaris, so do i also need to install any crontab things from a certain website?
Yes i tried that, but seems to not work with sunos
root> curl https://get.acme.sh | sh --force
sh: --force: invalid option
Usage: sh [GNU long option] [option] ...
sh [GNU long option] [option] script-file ...
GNU long options:
--debug
--debugger
--dump-po-strings
--dump-strings
--help
--init-file
--login
--noediting
--noprofile
--norc
--posix
--protected
--rcfile
--restricted
--verbose
--version
Shell options:
-irsD or -c command or -O shopt_option (invocation only)
-abefhkmnptuvxBCHP or -o option
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 775 0 775 0 0 3371 0 --:--:-- --:--:-- --:--:-- 3555
(23) Failed writing body
I would not install acme.sh inside /htdocs - your private keys and certificates would end up in there. Most likely you will want to keep this in a home directory or a system configuration directory.
Anyway, it seems you like should be able to run the acme.sh script now.
Thank you very much, so im able to use the command ./acme.sh now.
INSTALLATION MESSAGES
root> ./acme.sh --install --force
[Sun Jul 26 00:38:03 2020] It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'.
[Sun Jul 26 00:38:03 2020] We need to set cron job to renew the certs automatically.
[Sun Jul 26 00:38:03 2020] Otherwise, your certs will not be able to be renewed automatically.
[Sun Jul 26 00:38:03 2020] It is recommended to install socat first.
[Sun Jul 26 00:38:03 2020] We use socat for standalone server if you use standalone mode.
[Sun Jul 26 00:38:03 2020] If you don't use standalone mode, just ignore this warning.
[Sun Jul 26 00:38:03 2020] Installing to /mnt/web123/a0/12/123456/htdocs/.acme.sh
[Sun Jul 26 00:38:03 2020] Installed to /mnt/web123/a0/12/123456/htdocs/.acme.sh/acme.sh
[Sun Jul 26 00:38:03 2020] No profile is found, you will need to go into /mnt/web123/a0/12/123456/htdocs/.acme.sh to use acme.sh
[Sun Jul 26 00:38:04 2020] crontab/fcrontab doesn't exist, so, we can not install cron jobs.
[Sun Jul 26 00:38:04 2020] All your certs will not be renewed automatically.
[Sun Jul 26 00:38:04 2020] You must add your own cron job to call 'acme.sh --cron' everyday.
[Sun Jul 26 00:38:04 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Sun Jul 26 00:38:08 2020] OK
Currently the installation of acme.sh is in /mnt/web123/a0/12/123456/htdocs/, so should i uninstall it and reinstall to another folder? A subfolder in htdocs or what?
The command to create a certificate is then ./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com
?
Somewhere where it wouldn't be accessible via a browser. If it's secure in it's current location, then I guess you could keep it there. I'm just used to "htdocs" referring to the document root of a webserver.
You are so helpfull, thank you so much.
Unfortunatelly i have a verification error: Verify error:Invalid response
What can i do to find out whats wrong?
Inside of the folder my-staging-site there is already a wordpress-installation.
Now after that code there was created new subfolders which was not there before named:
/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge/
Inside this folder there is a file:
What's happening here is that acme.sh is creating the file in that folder, but it's not actually accessible from your browser - WordPress' index.php is intercepting it. Let's Encrypt needs to be able to request that file.
There can be a number of reasons for that: maybe some rewrite rules/.htaccess prevents it being read, maybe a permissions issue.
Try to access the file yourself in your browser, and try see what you need to change to make the file accessible.
Thank you so much, i disabled the rewrite rule in htaccess. Still not working, then i changed the command a little bit to: ./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/
(i deleted the url at end) now i got success messages:
-----END CERTIFICATE-----
[Sun Jul 26 01:46:03 2020] Your cert is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/staging.mydomain.com.cer
[Sun Jul 26 01:46:03 2020] Your cert key is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/staging.mydomain.com.key
[Sun Jul 26 01:46:03 2020] The intermediate CA cert is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/ca.cer
[Sun Jul 26 01:46:03 2020] And the full chain certs is there: /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/fullchain.cer
EDIT: Unfortunatelly i still get "Error code: SEC_ERROR_BAD_SIGNATURE"
If your hosting panel can take a certificate and private key path, you could configure it with that path.
If the hosting panel requires you to upload the certificate and private key, things are a little more complicated because uploading to a web panel is hard to automate without some kind of bespoke script. You can upload those files by hand but it’s not recommended to use Let’s Encrypt that way.
If your hosting panel doesn’t let you configure SSL at all, then you’re out of luck entirely.
Thanks for clearing out.
The Hoster does offer SSL-Settings but very downgraded.
Its just able to set SSL on or off and if you want to set it on you have to buy a certificat of the hoster.
But i found a blog article of the hoster where they wrote its possible to use lets encrypt on apache servers so it should also possible on the webserver here.
I think i have to write to the support of the hoster to get more informations.