Plesk 12.5.30 Create and Renewal errors - new

dl3no · August 10, 2017, 5:22am

While the installation with Plesk went ok some time ago and there was no issue I no get the message:

Internal error.
ERROR: Call to undefined method pm_Domain::getIpAddresses() (Domain.php:213)

The helpful hint of Plesk’s FAQ is: Update to Onyx. Because i alway had problems to restore my sites after a “update” I do not like this.

So I tried to use certbot-auto giving an DNS error also. My DNS entries are correct and working for a long time now

Any workaround known?

Thank you.

Domain(s): mail-aachen.de, www.mail-aachen.de

schoen · August 10, 2017, 7:48pm

Hi @dl3no,

Could you quote the exact error that you got from Certbot, please?

dl3no · August 11, 2017, 5:40am

I tried first by Plesk and second by cert-bot:

Betriebssystem ‪CentOS Linux 7.3.1611 (Core)‬
Plesk Version 12.5.30 Update #68,
zuletzt aktualisiert: 10. Aug. 2017 03:07:54

SSL-Zertifikat von Let’s Encrypt für mail-aachen.de
Internal error.
ERROR: Call to undefined method pm_Domain::getIpAddresses() (Domain.php:213)

Search for related Knowledge Base articles

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.mail-aachen.de
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
e5752e79124a3486db0a50b46b0c279c.ac9ef33004b59e87c5f830a79901245a.acme.invalid
from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s),
first certificate had names “mail-aachen.de, www.mail-aachen.de”

Domain: mail-aachen.de
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d79519696f64b592c9b4530f2b784f44.49e0db75184b2f32da41ab5e9970a839.acme.invalid
from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s),
first certificate had names “mail-aachen.de, www.mail-aachen.de”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

schoen · August 11, 2017, 5:46am

Do you know what Certbot command you ran that resulted in this error?

dl3no · August 11, 2017, 6:20am

Interactive. Choosing Domains by Number…

Maybe a problem by IPv6 ??

Domain: www.mail-aachen.de
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested e5752e79124a3486db0a50b46b0c279c.ac9ef33004b59e87c5f830a79901245a.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names “mail-aachen.de, www.mail-aachen.de”

Domain: mail-aachen.de
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested d79519696f64b592c9b4530f2b784f44.49e0db75184b2f32da41ab5e9970a839.acme.invalid from [2001:8d8:848:5800::35:c5a2]:443. Received 1 certificate(s), first certificate had names “mail-aachen.de, www.mail-aachen.de”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

schoen · August 11, 2017, 4:56pm

I previously thought that but your site does appear to serve the same content for IPv6 and IPv4, unlike many other sites.

Are you using apache or nginx plugin?

dl3no · August 11, 2017, 11:23pm

The server is using Apache.

Zitat:

dl3no · August 12, 2017, 9:45am

I found nginx on the server started it and received:

[root@mail-aachen ~]# nginx
nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/cert-Y29PVB") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/usr/local/psa/var/certificates/cert-Y29PVB’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)

Zitat:

schoen · August 12, 2017, 5:21pm

Does Certbot know that? How did you run Certbot?

dl3no · August 13, 2017, 5:36am

As I have found nginx now on the system, maybe certbot uses that one? I just ran the bot interactively.

schoen · August 14, 2017, 4:52pm

Can you post the Certbot command that you ran and the output from that command? Alternatively, can you post the log file from /var/log/letsencrypt corresponding to when you ran Certbot?

HMnet · August 16, 2017, 9:00am

Hallo!

I have the exact the same problem. Debian 7.11 with Plesk 12.5.30 MU69 - no renewal with the letsencrypt extension
I have running the plesk-nginx module, too.

The cronjob to renew the certificates execute the following command:
/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php ‘/opt/psa/admin/plib/modules/letsencrypt/scripts/renew.php’

This is the answer:
[2017-08-16 10:52:07] ERR [extension/letsencrypt] Failed to renew certificate of domain ‘[DOMAIN.TLD]’: Failed to pass challenges for domain ‘[DOMAIN.TLD]’

In the logfile /var/log/letsencrypt/letsencrypt.log, there is no entry from today.

Thomas

HMnet · August 16, 2017, 9:36am

There is also no new entry in /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log.

dl3no · August 16, 2017, 10:20am

I just wanted to send the logfile. But “newusers can only put 20 links” ?!

So you will find it with http://mail-aachen.de/letsencrypt.log

dl3no · August 30, 2017, 11:32am

still not working here. Maybe when I am back to Germany I will update Plesk.

dl3no · September 6, 2017, 6:41am

After a recent update of Plesk the error message got clearer. The Problem could be solved by choosing the IPV6 Address in the domains hosting settings. It was unset. The certifikate could be installed correctly now.

system · October 6, 2017, 6:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.