Multi-Site Certificate Not Deploying

GeoffatMM · August 29, 2018, 8:48pm

My domains are:

mbdnet.net:
www.mbdnet.net:
uk.boutiquefrenchwine.com:
dev.boutiquefrenchwine.com:
oldcognacdistillery.eu:
www.oldcognacdistillery.eu

I ran this command (via cron):
~/.acme.sh/acme.sh --cron --home ~/.acme.sh --force 2>&1 >> ~/.acme.sh/cronlog.txt

It produced this output:

[Fri Aug 24 14:35:17 MST 2018] ===Starting cron===
[Fri Aug 24 14:35:17 MST 2018] Installing from online archive.
[Fri Aug 24 14:35:17 MST 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Aug 24 14:35:18 MST 2018] Extracting master.tar.gz
[Fri Aug 24 14:35:18 MST 2018] Installing to /home/xorex/.acme.sh
[Fri Aug 24 14:35:18 MST 2018] Installed to /home/xorex/.acme.sh/acme.sh
[Fri Aug 24 14:35:19 MST 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Aug 24 14:35:19 MST 2018] OK
[Fri Aug 24 14:35:19 MST 2018] Install success!
[Fri Aug 24 14:35:19 MST 2018] Upgrade success!
[Fri Aug 24 14:35:19 MST 2018] Auto upgraded to: 2.8.0
[Fri Aug 24 14:35:19 MST 2018] Renew: ‘mbdnet.net’
[Fri Aug 24 14:35:21 MST 2018] Multi domain=‘DNS:mbdnet.net,DNS:www.mbdnet.net,DNS:boutiquefrenchwine.com,DNS:www.boutiquefrenchwine.com,DNS:uk.boutiquefrenchwine.com,DNS:dev.boutiquefrenchwine.com,DNS:oldcognacdistillery.eu,DNS:www.oldcognacdistillery.eu’
[Fri Aug 24 14:35:21 MST 2018] Getting domain auth token for each domain
[Fri Aug 24 14:35:21 MST 2018] Getting webroot for domain=‘mbdnet.net’
[Fri Aug 24 14:35:21 MST 2018] Getting new-authz for domain=‘mbdnet.net’
[Fri Aug 24 14:35:23 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:23 MST 2018] Getting webroot for domain=‘www.mbdnet.net’
[Fri Aug 24 14:35:23 MST 2018] Getting new-authz for domain=‘www.mbdnet.net’
[Fri Aug 24 14:35:24 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:24 MST 2018] Getting webroot for domain=‘boutiquefrenchwine.com’
[Fri Aug 24 14:35:24 MST 2018] Getting new-authz for domain=‘boutiquefrenchwine.com’
[Fri Aug 24 14:35:25 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:25 MST 2018] Getting webroot for domain=‘www.boutiquefrenchwine.com’
[Fri Aug 24 14:35:25 MST 2018] Getting new-authz for domain=‘www.boutiquefrenchwine.com’
[Fri Aug 24 14:35:26 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:26 MST 2018] Getting webroot for domain=‘uk.boutiquefrenchwine.com’
[Fri Aug 24 14:35:26 MST 2018] Getting new-authz for domain=‘uk.boutiquefrenchwine.com’
[Fri Aug 24 14:35:27 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:27 MST 2018] Getting webroot for domain=‘dev.boutiquefrenchwine.com’
[Fri Aug 24 14:35:27 MST 2018] Getting new-authz for domain=‘dev.boutiquefrenchwine.com’
[Fri Aug 24 14:35:28 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:28 MST 2018] Getting webroot for domain=‘oldcognacdistillery.eu’
[Fri Aug 24 14:35:28 MST 2018] Getting new-authz for domain=‘oldcognacdistillery.eu’
[Fri Aug 24 14:35:29 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:29 MST 2018] Getting webroot for domain=‘www.oldcognacdistillery.eu’
[Fri Aug 24 14:35:29 MST 2018] Getting new-authz for domain=‘www.oldcognacdistillery.eu’
[Fri Aug 24 14:35:30 MST 2018] The new-authz request is ok.
[Fri Aug 24 14:35:32 MST 2018] mbdnet.net is already verified, skip http-01.
[Fri Aug 24 14:35:32 MST 2018] www.mbdnet.net is already verified, skip http-01.
[Fri Aug 24 14:35:32 MST 2018] boutiquefrenchwine.com is already verified, skip http-01.
[Fri Aug 24 14:35:32 MST 2018] www.boutiquefrenchwine.com is already verified, skip http-01.
[Fri Aug 24 14:35:32 MST 2018] uk.boutiquefrenchwine.com is already verified, skip http-01.
[Fri Aug 24 14:35:33 MST 2018] dev.boutiquefrenchwine.com is already verified, skip http-01.
[Fri Aug 24 14:35:33 MST 2018] oldcognacdistillery.eu is already verified, skip http-01.
[Fri Aug 24 14:35:33 MST 2018] www.oldcognacdistillery.eu is already verified, skip http-01.
[Fri Aug 24 14:35:33 MST 2018] Verify finished, start to sign.
[Fri Aug 24 14:35:34 MST 2018] Cert success.
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
[Fri Aug 24 14:35:34 MST 2018] Your cert is in /home/xorex/.acme.sh/mbdnet.net/mbdnet.net.cer
[Fri Aug 24 14:35:34 MST 2018] Your cert key is in /home/xorex/.acme.sh/mbdnet.net/mbdnet.net.key
[Fri Aug 24 14:35:35 MST 2018] The intermediate CA cert is in /home/xorex/.acme.sh/mbdnet.net/ca.cer
[Fri Aug 24 14:35:35 MST 2018] And the full chain certs is there: /home/xorex/.acme.sh/mbdnet.net/fullchain.cer
[Fri Aug 24 14:35:35 MST 2018] Installing key to:/home/xorex/ssl/certs/keys.pem
[Fri Aug 24 14:35:40 MST 2018] Certificate successfully deployed
[Fri Aug 24 14:35:40 MST 2018] Success
[Fri Aug 24 14:35:40 MST 2018] ===End cron===

My web server is (include version):

Apache (GoDaddy) version unknown

The operating system my web server runs on is (include version):

Linux version unknown

My hosting provider, if applicable, is:

GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):

No. Only local shell.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

CPanel version unknown

After generating the certificate I manually installed it to each of the other domains (not the www subdomains as they should be automatic). All sites show an installed SSL certificate.

I then ran the following commands via cron:

~/.acme.sh/acme.sh --cron --home ~/.acme.sh --force 2>&1 >> ~/.acme.sh/cronlog.txt

~/.acme.sh/acme.sh --deploy -d mbdnet.net --deploy-hook cpanel_uapi

~/.acme.sh/acme.sh --deploy -d uk.boutiquefrenchwine.com --deploy-hook cpanel_uapi

~/.acme.sh/acme.sh --deploy -d dev.boutiquefrenchwine.com --deploy-hook cpanel_uapi

~/.acme.sh/acme.sh --deploy -d oldcognacdistillery.eu --deploy-hook cpanel_uapi

acme.sh gave the following output:

[Mon Aug 27 00:40:01 MST 2018] ===Starting cron===
[Mon Aug 27 00:40:01 MST 2018] Installing from online archive.
[Mon Aug 27 00:40:01 MST 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Mon Aug 27 00:40:03 MST 2018] Extracting master.tar.gz
[Mon Aug 27 00:40:03 MST 2018] Installing to /home/xorex/.acme.sh
[Mon Aug 27 00:40:03 MST 2018] Installed to /home/xorex/.acme.sh/acme.sh
[Mon Aug 27 00:40:04 MST 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Mon Aug 27 00:40:04 MST 2018] OK
[Mon Aug 27 00:40:04 MST 2018] Install success!
[Mon Aug 27 00:40:04 MST 2018] Upgrade success!
[Mon Aug 27 00:40:04 MST 2018] Auto upgraded to: 2.8.0
[Mon Aug 27 00:40:04 MST 2018] Renew: ‘mbdnet.net’
[Mon Aug 27 00:40:04 MST 2018] Skip, Next renewal time is: Tue Oct 23 21:35:35 UTC 2018
[Mon Aug 27 00:40:04 MST 2018] Add ‘–force’ to force to renew.
[Mon Aug 27 00:40:04 MST 2018] Skipped mbdnet.net
[Mon Aug 27 00:40:04 MST 2018] ===End cron===

For the deployment crons I got:

For mbdnet.net:
[Mon Aug 27 00:05:09 MST 2018] Certificate successfully deployed
[Mon Aug 27 00:05:09 MST 2018] Success

For the others:
[Mon Aug 27 00:15:01 MST 2018] Domain is not valid:‘uk.boutiquefrenchwine.com’
[Mon Aug 27 00:25:01 MST 2018] Domain is not valid:‘dev.boutiquefrenchwine.com’
[Mon Aug 27 00:35:01 MST 2018] Domain is not valid:‘oldcognacdistillery.eu’

I am concerned that if the domain is not valid, the certificate will renew but only deploy to mbdnet.net. how do I ensure it deploys to all the other domains when it finally renews on October 23rd?

Thanks,

Geoff

stevenzhu · August 29, 2018, 9:22pm

Hi,

Did you manually deploy the certificate to the server (for this three domains)?

Because all domains are serving the same certificate from Aug. 24th (from my local time)

and is all domains mentioned above on the same cPanel server?

Thank you

GeoffatMM · August 30, 2018, 12:45pm

Yes.

On GoDaddy I was told I had to deploy each cert separately to start with. They are all on the same server and same CPanel control. I may even have deployed mbdnet.net manually but I cannot remember.

Have turned cron off as I exceeded very issues while testing. Everything will run again 1 September and I will post results then.

Thanks for your response.

Geoff Jankowski
+33 6 22 93 00 53

+44 7770 584838

iPhone 5SE

GeoffatMM · September 5, 2018, 2:42pm

Hi

I have had issues with my cron settings as I have discovered that my server is 9 hours behind me and that midnight is not 00.00.00 hours!

I have just managed to run it today. Same problem occurs with deployment. I have run the deployment manually over ssh for the main domain and the first of the other listed domains on the server (the result is the same for all the other domains on the certificate).

This time it does not want to deploy mbdnet.net and thinks all the other domains are invalid.

Any ideas on what the new messages mean?

Geoff

xorex@n3plcpnl0035 [~/logs] $ ~/.acme.sh/acme.sh --cron --home ~/.acme.sh

[Wed Sep 5 07:16:16 MST 2018] ===Starting cron===

[Wed Sep 5 07:16:16 MST 2018] Installing from online archive.

[Wed Sep 5 07:16:16 MST 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz

[Wed Sep 5 07:16:19 MST 2018] Extracting master.tar.gz

[Wed Sep 5 07:16:19 MST 2018] Installing to /home/xorex/.acme.sh

[Wed Sep 5 07:16:19 MST 2018] Installed to /home/xorex/.acme.sh/acme.sh

[Wed Sep 5 07:16:19 MST 2018] Good, bash is found, so change the shebang to use bash as preferred.

[Wed Sep 5 07:16:20 MST 2018] OK

[Wed Sep 5 07:16:20 MST 2018] Install success!

[Wed Sep 5 07:16:20 MST 2018] Upgrade success!

[Wed Sep 5 07:16:20 MST 2018] Auto upgraded to: 2.8.0

[Wed Sep 5 07:16:20 MST 2018] Renew: 'mbdnet.net’

[Wed Sep 5 07:16:20 MST 2018] Skip, Next renewal time is: Tue Oct 23 21:35:35 UTC 2018

[Wed Sep 5 07:16:20 MST 2018] Add ’ –force ’ to force to renew.

[Wed Sep 5 07:16:20 MST 2018] Skipped mbdnet.net

[Wed Sep 5 07:16:20 MST 2018] ===End cron===

xorex@n3plcpnl0035 [~/logs] $ ~/.acme.sh/acme.sh --deploy -d mbdnet.net --deploy-hook cpanel_uapi

[Wed Sep 5 07:32:00 MST 2018] Error in deploying certificate:

[Wed Sep 5 07:32:00 MST 2018] —

apiversion: 3

func: install_ssl

module: SSL

result:

data: ~

errors:

- "The system could not parse the certificate because of an error: A critical error occurred while parsing the ASN.1 data: Cpanel::Encoding::BER: corrupt data? data appears truncated

at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 984.

"

messages: ~

metadata: {}

status: 0

warnings: ~

[Wed Sep 5 07:32:00 MST 2018] Error deploy for domain:mbdnet.net

[Wed Sep 5 07:32:00 MST 2018] Deploy error.

xorex@n3plcpnl0035 [~/logs] $ ~/.acme.sh/acme.sh --deploy -d boutiquefrenchwine.com --deploy-hook cpanel_uapi

[Wed Sep 5 07:32:50 MST 2018] Domain is not valid:'boutiquefrenchwine.com’

xorex@n3plcpnl0035 [~/logs] $

GeoffatMM · September 10, 2018, 6:29am

Hi can anyone help me please?

JuergenAuer · September 10, 2018, 8:41am

Hi @GeoffatMM

if you have such an error, other users can't help.

Perhaps you should check if there is an update (but you installed one). Or @Neilpang should check your certificate which couldn't be parsed.

GeoffatMM · September 20, 2018, 7:42am

Thanks Jeugen but I came here because I have not had a reply from Neil Pang! I will try again. This can be closed.

JuergenAuer · September 24, 2018, 10:42am

Isn't it possible to delete all certificate files from mbdnet.net (first create a complete backup), then start new?

I don't use acme.sh, perhaps it's only a temporary problem.

Or is it possible that you skip the deploy part?

You are using cpanel_uapi. Perhaps this tool (independend from acme.sh) is the problem.

system · October 24, 2018, 10:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to add a domain to an existing set of certs using acme.sh? Help	125	6682	October 17, 2020
Using multiple domains Server	33	6179	December 7, 2017
[SOLVED] Certbot - Confusion About How To Deal with A Certificate Which Doesn't Cover the Right Domain Names Help	23	12095	June 27, 2017
Certificates name mismatch Server	51	25806	April 27, 2016
Linux noob getting gray hairs with certbot Help	23	3165	August 24, 2018

Multi-Site Certificate Not Deploying

Related topics