Hello,
I’m running cPanel and WHM in a virtual private server. Currently, cPanel doesn’t fully support Let’s Encrypt, however, they’re working on it. With the default setup, cPanel set’s up something called Proxy Subdomains. If I wanted to check my mail, instead of going to mydomain.com:2096, I could simply go to webmail.mydomain.com
This is nice but I can’t setup any .well-known directories and Let’s Encrypt fails. cPanel’s webmail CGI stuff asks for a username / password. If I shutdown my Apache and cPanel servers, I can point Let’s Encrypt to the webmail directory and it’d work but that’s a real pain.
I found a little work around though. I disable Proxy Sub-Domains and enable sub-domain redirects. When I go to some place like http://webmail.mydomain.com, it’ll just forward me to http://mydomain.com:2096.
Using .htaccess redirect rules, I can then allow the .well-known directory through, like this:
RewriteEngine on
# Allow .well-known through for Let's Encrypt
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
# Redirect http://webmail.mydomain.com to https://www.mydomain.com:2096
RewriteCond %{HTTP_HOST} ^webmail.mydomain.com$
RewriteRule ^(.*)$ "https\:\/\/www\.MyDomain\.com\:2096\/$1" [R=301,L]
This seems to work. I can create a .well-known/acme-challenge/index.html file and access it by going to http://webmail.mydomain.com/.well-known/acme-challenge/index.html.
If I try going to https://webmail.mydomain.com/.well-known/acme-challenge/index.html, it fails, but it works when I try going to the http version.
When I run Let’s Encrypt, the log file gives me a message saying it succeeded. Here’s a long snippet of the log. I can post the whole thing if you want.
...
2016-05-15 17:27:29,413:DEBUG:acme.client:Requesting issuance...
2016-05-15 17:27:29,413:DEBUG:acme.client:Serialized JSON: {"resource": "new-cert", "csr": "MIIDLDCCAhQCAQIwGTEXMBUGA1UEAwwOd3d3LmpldGJicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG57a79LLnho0yUpt-LADAM5FtqRy2GqItuKqMkCgQbRs241sFQSnY7YR07CvyDsLE7FD4KINMKV8eYF_hKGCxMt_N-qySmt0jfxMldRaagQFz6Pkh9FxLSzjU8H_Ip7_xEv2jqv91ZV2J1q6sGutROsqDIbuHcNtDtxGfTkTfDuCvSTJZ_1vYEfoE1RdNSECaNzuS0Dd64UqWOCXUih0gIEjblYV4KCzh1sd-PRNafYgA0xxJoy55xibpmNG7inJSSFTtEcACAyiyjBfUXUPCaJvAyvZXZ0ucnpcutLHj6I3dqMvtcX8GV1S6PPbLuuq38hkNpD7QqeDYLsALVcI5AgMBAAGggc0wgcoGCSqGSIb3DQEJDjGBvDCBuTCBtgYDVR0RBIGuMIGrgg53d3cuamV0YmJzLmNvbYIKamV0YmJzLmNvbYIRY3BhbmVsLmpldGJicy5jb22CFmNwY2FsZW5kYXJzLmpldGJicy5jb22CFWNwY29udGFjdHMuamV0YmJzLmNvbYISd2ViZGlzay5qZXRiYnMuY29tghJ3ZWJtYWlsLmpldGJicy5jb22CDndobS5qZXRiYnMuY29tghNmcmFua2xpbi5qZXRiYnMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCspejTHPxpW2RuewYFWMu0SkMTYgpSgd7jLRvyTLiAbUFqJg9eUAzowoLjCLAVSjcbhn6L31wnSHPVgLoCCvFawiqKBH2RdTSotgz_ojAoHSb8jfDolCjP7BEyE_wwTCU9S-Cl1YN2Wp2IMZE_DuFe6DbuK1LjtgswNR8CbjBpVDbFmZhnM379Y9XSQ7MlU3IPy6UKWOeSoqwUwigAdv0uwciqEyTlW4VPwuhDmw6eUDlG438xtF3Fbjo7yLVLexui-WYhKxTPa-eBx4fKVqN71__-nqOq4m0BFnL1ATAEe9IQJTQOnp0bZsMTrNPuyHNH4uWYAoXQJTl4HdWq3W1w"}
2016-05-15 17:27:29,415:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, kid=None, alg=None, x5t=None, jku=None, x5u=None, x5tS256=None, jwk=None, cty=None
2016-05-15 17:27:29,417:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, kid=None, nonce=None, x5t=None, jku=None, x5u=None, x5tS256=None, cty=None
2016-05-15 17:27:29,417:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert. args: (), kwargs: {'headers': {'Accept': 'application/pkix-cert'}, 'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "6S5TnRC68jChq2NNUbipKzkV8gDkA89THji5UeCk8MXaAAHIAMEEZg7g0Zn5_9-LYRq1K_49fY_xOIn_QHqzaaxCz4MVlt8rt-VgR3-T26XBI3pEVPQFShrOdUOl0lUvQ2rtwvPXU9fKmeNGWpAkwEpos86U9emM2SCeEKk4L3vnVhQiaaI01zFsQvWDhukCfHNV8XHdDBfIDRqlTqnOBd9fBl4Hwsy-lNUTzyQVvXiRaeMPh97iRelBZXeO4xi18VXyyfl_Wh8hzggsv81qCmGVSg0oCM-p8cYcW54FGbdOMrf_yr7k14jNS7zSdNRtFsD2fvWuynbEQJlMRiRw8Q"}}, "protected": "eyJub25jZSI6ICJKalFUTngyeG42c051Y0x5TC1leWt0NHpsVGZIMUI3WEt1N0ZIYTJTVUdvIn0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJRExEQ0NBaFFDQVFJd0dURVhNQlVHQTFVRUF3d09kM2QzTG1wbGRHSmljeTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURHNTdhNzlMTG5obzB5VXB0LUxBREFNNUZ0cVJ5MkdxSXR1S3FNa0NnUWJSczI0MXNGUVNuWTdZUjA3Q3Z5RHNMRTdGRDRLSU5NS1Y4ZVlGX2hLR0N4TXRfTi1xeVNtdDBqZnhNbGRSYWFnUUZ6NlBraDlGeExTempVOEhfSXA3X3hFdjJqcXY5MVpWMkoxcTZzR3V0Uk9zcURJYnVIY050RHR4R2ZUa1RmRHVDdlNUSlpfMXZZRWZvRTFSZE5TRUNhTnp1UzBEZDY0VXFXT0NYVWloMGdJRWpibFlWNEtDemgxc2QtUFJOYWZZZ0EweHhKb3k1NXhpYnBtTkc3aW5KU1NGVHRFY0FDQXlpeWpCZlVYVVBDYUp2QXl2WlhaMHVjbnBjdXRMSGo2STNkcU12dGNYOEdWMVM2UFBiTHV1cTM4aGtOcEQ3UXFlRFlMc0FMVmNJNUFnTUJBQUdnZ2Mwd2djb0dDU3FHU0liM0RRRUpEakdCdkRDQnVUQ0J0Z1lEVlIwUkJJR3VNSUdyZ2c1M2QzY3VhbVYwWW1KekxtTnZiWUlLYW1WMFltSnpMbU52YllJUlkzQmhibVZzTG1wbGRHSmljeTVqYjIyQ0ZtTndZMkZzWlc1a1lYSnpMbXBsZEdKaWN5NWpiMjJDRldOd1kyOXVkR0ZqZEhNdWFtVjBZbUp6TG1OdmJZSVNkMlZpWkdsemF5NXFaWFJpWW5NdVkyOXRnaEozWldKdFlXbHNMbXBsZEdKaWN5NWpiMjJDRG5kb2JTNXFaWFJpWW5NdVkyOXRnaE5tY21GdWEyeHBiaTVxWlhSaVluTXVZMjl0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDc3BlalRIUHhwVzJSdWV3WUZXTXUwU2tNVFlncFNnZDdqTFJ2eVRMaUFiVUZxSmc5ZVVBem93b0xqQ0xBVlNqY2JobjZMMzF3blNIUFZnTG9DQ3ZGYXdpcUtCSDJSZFRTb3Rnel9vakFvSFNiOGpmRG9sQ2pQN0JFeUVfd3dUQ1U5Uy1DbDFZTjJXcDJJTVpFX0R1RmU2RGJ1SzFManRnc3dOUjhDYmpCcFZEYkZtWmhuTTM3OVk5WFNRN01sVTNJUHk2VUtXT2VTb3F3VXdpZ0FkdjB1d2NpcUV5VGxXNFZQd3VoRG13NmVVRGxHNDM4eHRGM0Ziam83eUxWTGV4dWktV1loS3hUUGEtZUJ4NGZLVnFONzFfXy1ucU9xNG0wQkZuTDFBVEFFZTlJUUpUUU9ucDBiWnNNVHJOUHV5SE5INHVXWUFvWFFKVGw0SGRXcTNXMXcifQ", "signature": "umsP2U6MNMSpku9YbQXzXNv7juq7sX5t66yxuc3_lMGG6ue_uVxnBZaL83sWhfR3AqCLx4SI145RdKTSjybeR9MY1Gz9IRPKu4PnsHnKWDpQD5bAIFf1r8WJWaFfJSa7aKxQA_bTglivgGAE7557XNcuZyMFavK6sYuaV6gIvQDSDSz_0a8cE5Yjg3MlYPfxg91pR85za6eofS7vO37ZZYtl-NuyL3RAPDdRnWhNzJZ6PyMUlqNZ1EL33pqeXsru8RQr-G2w3wZMMc-BQw7-LhryxtapgSlWJx4e4J63Gg4YW3IewXYWSAQQ-xWuPOUTutqaHA8bS_vabChrTxxG6Q"}'}
2016-05-15 17:27:29,419:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-15 17:27:29,557:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 201 1442
2016-05-15 17:27:29,560:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1442', 'Expires': 'Sun, 15 May 2016 17:27:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/issuer-cert>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/cert/03135b4b1a7aaa8e374c7ee639acb739b1c0', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 15 May 2016 17:27:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/pkix-cert', 'Replay-Nonce': 'hz-gjVMQumNSM2H1La0q1tLopeZ8W1Lg2Mx4-6Qarh8'}. Content: '0\x82\x05\x9e0\x82\x04\x86\xa0\x03\x02\x01\x02\x02\x12\x03\x13[K\x1az\xaa\x8e7L~\xe69\xac\xb79\xb1\xc00\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000J1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rLet\'s Encrypt1#0!\x06\x03U\x04\x03\x13\x1aLet\'s Encrypt Authority X30\x1e\x17\r160515162700Z\x17\r160813162700Z0\x191\x170\x15\x06\x03U\x04\x03\x13\x0ewww.jetbbs.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc6\xe7\xb6\xbb\xf4\xb2\xe7\x86\x8d2R\x9b~,\x00\xc03\x91m\xa9\x1c\xb6\x1a\xa2-\xb8\xaa\x8c\x90(\x10m\x1b6\xe3[\x05A)\xd8\xed\x84t\xec+\xf2\x0e\xc2\xc4\xecP\xf8(\x83L)_\x1e`_\xe1(`\xb12\xdf\xcd\xfa\xac\x92\x9a\xdd#\x7f\x13%u\x16\x9a\x81\x01s\xe8\xf9!\xf4\\KK8\xd4\xf0\x7f\xc8\xa7\xbf\xf1\x12\xfd\xa3\xaa\xffue]\x89\xd6\xae\xac\x1a\xebQ:\xca\x83!\xbb\x87p\xdbC\xb7\x11\x9fND\xdf\x0e\xe0\xafI2Y\xff[\xd8\x11\xfa\x04\xd5\x17MH@\x9a7;\x92\xd07z\xe1J\x968%\xd4\x8a\x1d H\xdb\x95\x85x(,\xe1\xd6\xc7~=\x13Z}\x88\x00\xd3\x1cI\xa3.y\xc6&\xe9\x98\xd1\xbb\x8arRHT\xed\x11\xc0\x02\x03(\xb2\x8c\x17\xd4]C\xc2h\x9b\xc0\xca\xf6WgK\x9c\x9e\x97.\xb4\xb1\xe3\xe8\x8d\xdd\xa8\xcb\xedq\x7f\x06WT\xba<\xf6\xcb\xba\xea\xb7\xf2\x19\r\xa4>\xd0\xa9\xe0\xd8.\xc0\x0bU\xc29\x02\x03\x01\x00\x01\xa3\x82\x02\xad0\x82\x02\xa90\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x05\xa00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\x000\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xb7\x01\xdb\xde \xa6\xbd\xfc\x15Ia\tn\xc7\x91\x9fc\x14\xc9U0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa10p\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04d0b0/\x06\x08+\x06\x01\x05\x05\x070\x01\x86#http://ocsp.int-x3.letsencrypt.org/0/\x06\x08+\x06\x01\x05\x05\x070\x02\x86#http://cert.int-x3.letsencrypt.org/0\x81\xb6\x06\x03U\x1d\x11\x04\x81\xae0\x81\xab\x82\x11cpanel.jetbbs.com\x82\x16cpcalendars.jetbbs.com\x82\x15cpcontacts.jetbbs.com\x82\x13franklin.jetbbs.com\x82\njetbbs.com\x82\x12webdisk.jetbbs.com\x82\x12webmail.jetbbs.com\x82\x0ewhm.jetbbs.com\x82\x0ewww.jetbbs.com0\x81\xfe\x06\x03U\x1d \x04\x81\xf60\x81\xf30\x08\x06\x06g\x81\x0c\x01\x02\x010\x81\xe6\x06\x0b+\x06\x01\x04\x01\x82\xdf\x13\x01\x01\x010\x81\xd60&\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1ahttp://cps.letsencrypt.org0\x81\xab\x06\x08+\x06\x01\x05\x05\x07\x02\x020\x81\x9e\x0c\x81\x9bThis Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00E\xf4+v^\x06\x00\'BWa\x86\xb0\xc3n\xc3\xca+\xb3\x00\x830\x1b~Y["\xca\x93\xdfx\x07\\,\xff\xae\x17\x8c\xc9\xc6\xdfG\xbf)OFez$L\xa4P\x8e\xd8\x95D\x00\x07\xa2\x08I\xe9\x04\x08I\xc0\x0bT\xa4$\x8dJ\rv\x87T\xed\xa9bL\xf8\xf6\xcfq\xde]\xea\xf4-z`c\x82\x94,\xa1a\x97\xd1F\xff]\x93#\xf2\x9a\x19\xa0\x0ceN\xcc\xd1\xc4\x0b\x12\xbb\x16Uo4\x03Q\x03S\x91\xbeBXYh\xacK)\\\'\x8a\x13\xde\xebw\x80gf)+\xbdD\xff0\xc4U\xccfyE!\xe0%\x86\xfb$}G\xb7E\x9e\xf9\xbee\xdc\x00\xbd\xc4{\x16\xa8M\xe0Z\xe5\xafa\xb5\xf9\xca\xeb\xf0\xcf\xd0:\xcf\xe6\xe9\x18>\xb8\xdfB~\t\xc7\xf62\xc0o\x15?\x83\x13\xcf\xfc\xa2t\xf9\x1f\xe9\x05\xc8\x03\xfb\x9e8kD\xfet\xae\xc3\xeb\xa6\xb5\xef\xa0\xd9\xef\xc2q\xd9\xf1n\xe5Vs9M\xb2\xb0DC\xc8\xc7+\xac\r0'
2016-05-15 17:27:29,560:DEBUG:acme.client:Storing nonce: '\x87?\xa0\x8dS\x10\xbacR3a\xf5-\xad*\xd6\xd2\xe8\xa5\xe6|[R\xe0\xd8\xccx\xfb\xa4\x1a\xae\x1f'
2016-05-15 17:27:29,561:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1442', 'Expires': 'Sun, 15 May 2016 17:27:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/issuer-cert>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/cert/03135b4b1a7aaa8e374c7ee639acb739b1c0', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 15 May 2016 17:27:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/pkix-cert', 'Replay-Nonce': 'hz-gjVMQumNSM2H1La0q1tLopeZ8W1Lg2Mx4-6Qarh8'}): '0\x82\x05\x9e0\x82\x04\x86\xa0\x03\x02\x01\x02\x02\x12\x03\x13[K\x1az\xaa\x8e7L~\xe69\xac\xb79\xb1\xc00\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000J1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rLet\'s Encrypt1#0!\x06\x03U\x04\x03\x13\x1aLet\'s Encrypt Authority X30\x1e\x17\r160515162700Z\x17\r160813162700Z0\x191\x170\x15\x06\x03U\x04\x03\x13\x0ewww.jetbbs.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc6\xe7\xb6\xbb\xf4\xb2\xe7\x86\x8d2R\x9b~,\x00\xc03\x91m\xa9\x1c\xb6\x1a\xa2-\xb8\xaa\x8c\x90(\x10m\x1b6\xe3[\x05A)\xd8\xed\x84t\xec+\xf2\x0e\xc2\xc4\xecP\xf8(\x83L)_\x1e`_\xe1(`\xb12\xdf\xcd\xfa\xac\x92\x9a\xdd#\x7f\x13%u\x16\x9a\x81\x01s\xe8\xf9!\xf4\\KK8\xd4\xf0\x7f\xc8\xa7\xbf\xf1\x12\xfd\xa3\xaa\xffue]\x89\xd6\xae\xac\x1a\xebQ:\xca\x83!\xbb\x87p\xdbC\xb7\x11\x9fND\xdf\x0e\xe0\xafI2Y\xff[\xd8\x11\xfa\x04\xd5\x17MH@\x9a7;\x92\xd07z\xe1J\x968%\xd4\x8a\x1d H\xdb\x95\x85x(,\xe1\xd6\xc7~=\x13Z}\x88\x00\xd3\x1cI\xa3.y\xc6&\xe9\x98\xd1\xbb\x8arRHT\xed\x11\xc0\x02\x03(\xb2\x8c\x17\xd4]C\xc2h\x9b\xc0\xca\xf6WgK\x9c\x9e\x97.\xb4\xb1\xe3\xe8\x8d\xdd\xa8\xcb\xedq\x7f\x06WT\xba<\xf6\xcb\xba\xea\xb7\xf2\x19\r\xa4>\xd0\xa9\xe0\xd8.\xc0\x0bU\xc29\x02\x03\x01\x00\x01\xa3\x82\x02\xad0\x82\x02\xa90\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x05\xa00\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x0c\x06\x03U\x1d\x13\x01\x01\xff\x04\x020\x000\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xb7\x01\xdb\xde \xa6\xbd\xfc\x15Ia\tn\xc7\x91\x9fc\x14\xc9U0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa10p\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04d0b0/\x06\x08+\x06\x01\x05\x05\x070\x01\x86#http://ocsp.int-x3.letsencrypt.org/0/\x06\x08+\x06\x01\x05\x05\x070\x02\x86#http://cert.int-x3.letsencrypt.org/0\x81\xb6\x06\x03U\x1d\x11\x04\x81\xae0\x81\xab\x82\x11cpanel.jetbbs.com\x82\x16cpcalendars.jetbbs.com\x82\x15cpcontacts.jetbbs.com\x82\x13franklin.jetbbs.com\x82\njetbbs.com\x82\x12webdisk.jetbbs.com\x82\x12webmail.jetbbs.com\x82\x0ewhm.jetbbs.com\x82\x0ewww.jetbbs.com0\x81\xfe\x06\x03U\x1d \x04\x81\xf60\x81\xf30\x08\x06\x06g\x81\x0c\x01\x02\x010\x81\xe6\x06\x0b+\x06\x01\x04\x01\x82\xdf\x13\x01\x01\x010\x81\xd60&\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16\x1ahttp://cps.letsencrypt.org0\x81\xab\x06\x08+\x06\x01\x05\x05\x07\x02\x020\x81\x9e\x0c\x81\x9bThis Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00E\xf4+v^\x06\x00\'BWa\x86\xb0\xc3n\xc3\xca+\xb3\x00\x830\x1b~Y["\xca\x93\xdfx\x07\\,\xff\xae\x17\x8c\xc9\xc6\xdfG\xbf)OFez$L\xa4P\x8e\xd8\x95D\x00\x07\xa2\x08I\xe9\x04\x08I\xc0\x0bT\xa4$\x8dJ\rv\x87T\xed\xa9bL\xf8\xf6\xcfq\xde]\xea\xf4-z`c\x82\x94,\xa1a\x97\xd1F\xff]\x93#\xf2\x9a\x19\xa0\x0ceN\xcc\xd1\xc4\x0b\x12\xbb\x16Uo4\x03Q\x03S\x91\xbeBXYh\xacK)\\\'\x8a\x13\xde\xebw\x80gf)+\xbdD\xff0\xc4U\xccfyE!\xe0%\x86\xfb$}G\xb7E\x9e\xf9\xbee\xdc\x00\xbd\xc4{\x16\xa8M\xe0Z\xe5\xafa\xb5\xf9\xca\xeb\xf0\xcf\xd0:\xcf\xe6\xe9\x18>\xb8\xdfB~\t\xc7\xf62\xc0o\x15?\x83\x13\xcf\xfc\xa2t\xf9\x1f\xe9\x05\xc8\x03\xfb\x9e8kD\xfet\xae\xc3\xeb\xa6\xb5\xef\xa0\xd9\xef\xc2q\xd9\xf1n\xe5Vs9M\xb2\xb0DC\xc8\xc7+\xac\r0'
2016-05-15 17:27:29,611:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/issuer-cert. args: (), kwargs: {'headers': {'Accept': 'application/pkix-cert'}}
2016-05-15 17:27:29,612:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-15 17:27:29,693:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/issuer-cert HTTP/1.1" 200 1174
2016-05-15 17:27:29,695:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1174', 'Expires': 'Sun, 15 May 2016 17:27:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 15 May 2016 17:27:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/pkix-cert', 'Replay-Nonce': 'jgKaice6MoinB-Kd6mZP82eTkGfnQcuq6l3PJMFDLtE'}. Content: '0\x82\x04\x920\x82\x03z\xa0\x03\x02\x01\x02\x02\x10\n\x01AB\x00\x00\x01S\x85sj\x0b\x85\xec\xa7\x080\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000?1$0"\x06\x03U\x04\n\x13\x1bDigital Signature Trust Co.1\x170\x15\x06\x03U\x04\x03\x13\x0eDST Root CA X30\x1e\x17\r160317164046Z\x17\r210317164046Z0J1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rLet\'s Encrypt1#0!\x06\x03U\x04\x03\x13\x1aLet\'s Encrypt Authority X30\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x9c\xd3\x0c\xf0Z\xe5.G\xb7r]7\x83\xb3hc0\xea\xd75&\x19%\xe1\xbd\xbe5\xf1p\x92/\xb7\xb8KA\x05\xab\xa9\x9e5\x08X\xec\xb1*\xc4h\x87\x0b\xa3\xe3u\xe4\xe6\xf3\xa7bq\xbay\x81`\x1f\xd7\x91\x9a\x9f\xf3\xd0xgq\xc8i\x0e\x95\x91\xcf\xfe\xe6\x99\xe9`<H\xcc~\xcaMw\x12$\x9dG\x1bZ\xeb\xb9\xec\x1e7\x00\x1c\x9c\xac{\xa7\x05\xea\xceJ\xeb\xbdA\xe56\x98\xb9\xcb\xfdm<\x96h\xdf#*B\x90\x0c\x86tg\xc8\x7f\xa5\x9a\xb8Ra\x14\x13?e\xe9\x82\x87\xcb\xdb\xfa\x0eV\xf6\x86\x89\xf3\x85?\x97\x86\xaf\xb0\xdc\x1a\xefk\r\x95\x16}\xc4+\xa0e\xb2\x99\x046u\x80k\xacJ\xf3\x1b\x90Ix/\xa2\x96O* %)\x04\xc6t\xc0\xd01\xcd\x8f18\x95\x16\xba\xa83\xb8C\xf1\xb1\x1f\xc30\x7f\xa2y1\x13=-6\xf8\xe3\xfc\xf23j\xb991\xc5\xaf\xc4\x8d\r\x1dd\x163\xaa\xfa\x84)\xb6\xd4\x0b\xc0\xd8}\xc3\x93\x02\x03\x01\x00\x01\xa3\x82\x01}0\x82\x01y0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x7f\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04s0q02\x06\x08+\x06\x01\x05\x05\x070\x01\x86&http://isrg.trustid.ocsp.identrust.com0;\x06\x08+\x06\x01\x05\x05\x070\x02\x86/http://apps.identrust.com/roots/dstrootcax3.p7c0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc4\xa7\xb1\xa4{,q\xfa\xdb\xe1K\x90u\xff\xc4\x15`\x85\x89\x100T\x06\x03U\x1d \x04M0K0\x08\x06\x06g\x81\x0c\x01\x02\x010?\x06\x0b+\x06\x01\x04\x01\x82\xdf\x13\x01\x01\x01000.\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16"http://cps.root-x1.letsencrypt.org0<\x06\x03U\x1d\x1f\x0450301\xa0/\xa0-\x86+http://crl.identrust.com/DSTROOTCAX3CRL.crl0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa10\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xdd3\xd7\x11\xf3cX8\xdd\x18\x15\xfb\tU\xbevV\xb9pH\xa5iG\'{\xc2$\x08\x92\xf1Z\x1fJ\x12)7$tQ\x1cbh\xb8\xcd\x95pg\xe5\xf7\xa4\xbcN(Q\xcd\x9b\xe8\xae\x87\x9d\xea\xd8\xbaZ\xa1\x01\x9a\xdc\xf0\xddj\x1dj\xd8>W#\x9e\xa6\x1e\x04b\x9a\xff\xd7\x05\xca\xb7\x1f?\xc0\nH\xbc\x94\xb0\xb6eb\xe0\xc1T\xe5\xa3*\xad \xc4\xe9\xe6\xbb\xdc\xc8\xf6\xb5\xc32\xa3\x98\xccw\xa8\xe6ye\x07+\xcb(\xfe:\x16R\x81\xceR\x0c._\x83\xe8\xd5\x063\xfbwl\xce@\xea2\x9e\x1f\x92\\A\xc1tl[]\n_3\xccM\x9f\xac8\xf0/{,b\x9d\xd9\xa3\x91o%\x1b/\x90\xb1\x19F=\xf6~\x1b\xa6z\x87\xb9\xa3zm\x18\xfa%\xa5\x91\x87\x15\xe0\xf2\x16/X\xb0\x06/,h&\xc6K\x98\xcd\xda\x9f\x0c\xf9\x7f\x90\xedCJ\x12DNosz(\xea\xa4\xaan{L}\x87\xdd\xe0\xc9\x02D\xa7\x87\xaf\xc34[\xb4B'
2016-05-15 17:27:29,696:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1174', 'Expires': 'Sun, 15 May 2016 17:27:29 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 15 May 2016 17:27:29 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/pkix-cert', 'Replay-Nonce': 'jgKaice6MoinB-Kd6mZP82eTkGfnQcuq6l3PJMFDLtE'}): '0\x82\x04\x920\x82\x03z\xa0\x03\x02\x01\x02\x02\x10\n\x01AB\x00\x00\x01S\x85sj\x0b\x85\xec\xa7\x080\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000?1$0"\x06\x03U\x04\n\x13\x1bDigital Signature Trust Co.1\x170\x15\x06\x03U\x04\x03\x13\x0eDST Root CA X30\x1e\x17\r160317164046Z\x17\r210317164046Z0J1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x160\x14\x06\x03U\x04\n\x13\rLet\'s Encrypt1#0!\x06\x03U\x04\x03\x13\x1aLet\'s Encrypt Authority X30\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x9c\xd3\x0c\xf0Z\xe5.G\xb7r]7\x83\xb3hc0\xea\xd75&\x19%\xe1\xbd\xbe5\xf1p\x92/\xb7\xb8KA\x05\xab\xa9\x9e5\x08X\xec\xb1*\xc4h\x87\x0b\xa3\xe3u\xe4\xe6\xf3\xa7bq\xbay\x81`\x1f\xd7\x91\x9a\x9f\xf3\xd0xgq\xc8i\x0e\x95\x91\xcf\xfe\xe6\x99\xe9`<H\xcc~\xcaMw\x12$\x9dG\x1bZ\xeb\xb9\xec\x1e7\x00\x1c\x9c\xac{\xa7\x05\xea\xceJ\xeb\xbdA\xe56\x98\xb9\xcb\xfdm<\x96h\xdf#*B\x90\x0c\x86tg\xc8\x7f\xa5\x9a\xb8Ra\x14\x13?e\xe9\x82\x87\xcb\xdb\xfa\x0eV\xf6\x86\x89\xf3\x85?\x97\x86\xaf\xb0\xdc\x1a\xefk\r\x95\x16}\xc4+\xa0e\xb2\x99\x046u\x80k\xacJ\xf3\x1b\x90Ix/\xa2\x96O* %)\x04\xc6t\xc0\xd01\xcd\x8f18\x95\x16\xba\xa83\xb8C\xf1\xb1\x1f\xc30\x7f\xa2y1\x13=-6\xf8\xe3\xfc\xf23j\xb991\xc5\xaf\xc4\x8d\r\x1dd\x163\xaa\xfa\x84)\xb6\xd4\x0b\xc0\xd8}\xc3\x93\x02\x03\x01\x00\x01\xa3\x82\x01}0\x82\x01y0\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x7f\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04s0q02\x06\x08+\x06\x01\x05\x05\x070\x01\x86&http://isrg.trustid.ocsp.identrust.com0;\x06\x08+\x06\x01\x05\x05\x070\x02\x86/http://apps.identrust.com/roots/dstrootcax3.p7c0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xc4\xa7\xb1\xa4{,q\xfa\xdb\xe1K\x90u\xff\xc4\x15`\x85\x89\x100T\x06\x03U\x1d \x04M0K0\x08\x06\x06g\x81\x0c\x01\x02\x010?\x06\x0b+\x06\x01\x04\x01\x82\xdf\x13\x01\x01\x01000.\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16"http://cps.root-x1.letsencrypt.org0<\x06\x03U\x1d\x1f\x0450301\xa0/\xa0-\x86+http://crl.identrust.com/DSTROOTCAX3CRL.crl0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa8Jjc\x04}\xdd\xba\xe6\xd19\xb7\xa6Ee\xef\xf3\xa8\xec\xa10\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\xdd3\xd7\x11\xf3cX8\xdd\x18\x15\xfb\tU\xbevV\xb9pH\xa5iG\'{\xc2$\x08\x92\xf1Z\x1fJ\x12)7$tQ\x1cbh\xb8\xcd\x95pg\xe5\xf7\xa4\xbcN(Q\xcd\x9b\xe8\xae\x87\x9d\xea\xd8\xbaZ\xa1\x01\x9a\xdc\xf0\xddj\x1dj\xd8>W#\x9e\xa6\x1e\x04b\x9a\xff\xd7\x05\xca\xb7\x1f?\xc0\nH\xbc\x94\xb0\xb6eb\xe0\xc1T\xe5\xa3*\xad \xc4\xe9\xe6\xbb\xdc\xc8\xf6\xb5\xc32\xa3\x98\xccw\xa8\xe6ye\x07+\xcb(\xfe:\x16R\x81\xceR\x0c._\x83\xe8\xd5\x063\xfbwl\xce@\xea2\x9e\x1f\x92\\A\xc1tl[]\n_3\xccM\x9f\xac8\xf0/{,b\x9d\xd9\xa3\x91o%\x1b/\x90\xb1\x19F=\xf6~\x1b\xa6z\x87\xb9\xa3zm\x18\xfa%\xa5\x91\x87\x15\xe0\xf2\x16/X\xb0\x06/,h&\xc6K\x98\xcd\xda\x9f\x0c\xf9\x7f\x90\xedCJ\x12DNosz(\xea\xa4\xaan{L}\x87\xdd\xe0\xc9\x02D\xa7\x87\xaf\xc34[\xb4B'
2016-05-15 17:27:29,715:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/www.jetbbs.com/privkey3.pem.
2016-05-15 17:27:29,715:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/www.jetbbs.com/cert3.pem.
2016-05-15 17:27:29,716:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/www.jetbbs.com/chain3.pem.
2016-05-15 17:27:29,716:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/www.jetbbs.com/fullchain3.pem.
2016-05-15 17:27:29,803:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7fbd2ebcf350>
2016-05-15 17:27:29,803:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x7fbd2f08bc10>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x7fbd2f08b9d0>, apache=<certbot.cli._Default object at 0x7fbd2ebcf450>, apache_challenge_location=<certbot.cli._Default object at 0x7fbd2ebcfcd0>, apache_ctl=<certbot.cli._Default object at 0x7fbd2ebd74d0>, apache_dismod=<certbot.cli._Default object at 0x7fbd2ebcff50>, apache_enmod=<certbot.cli._Default object at 0x7fbd2ebcfe50>, apache_handle_modules=<certbot.cli._Default object at 0x7fbd2ebd7290>, apache_handle_sites=<certbot.cli._Default object at 0x7fbd2ebd71d0>, apache_init_script=<certbot.cli._Default object at 0x7fbd2ebd7550>, apache_le_vhost_ext=<certbot.cli._Default object at 0x7fbd2ebcfc50>, apache_server_root=<certbot.cli._Default object at 0x7fbd2ebcfd90>, apache_vhost_root=<certbot.cli._Default object at 0x7fbd2ebcfa10>, authenticator='webroot', break_my_certs=<certbot.cli._Default object at 0x7fbd2ebce550>, cert_path=<certbot.cli._Default object at 0x7fbd2f08bfd0>, chain_path=<certbot.cli._Default object at 0x7fbd2f08b990>, checkpoints=<certbot.cli._Default object at 0x7fbd2ebcea10>, config_dir=<certbot.cli._Default object at 0x7fbd2f08b7d0>, config_file=None, configurator=<certbot.cli._Default object at 0x7fbd2ebcf350>, csr=<certbot.cli._Default object at 0x7fbd2ebcec10>, debug=<certbot.cli._Default object at 0x7fbd2ebce150>, domains='franklin.jetbbs.com', dry_run=<certbot.cli._Default object at 0x7fbd2f08b210>, duplicate=<certbot.cli._Default object at 0x7fbd2f08bd10>, email='myemail@fake.com', expand=<certbot.cli._Default object at 0x7fbd2f08b710>, fullchain_path=<certbot.cli._Default object at 0x7fbd2f08bbd0>, func=<function obtain_cert at 0x7fbd2ffdaf50>, hsts=<certbot.cli._Default object at 0x7fbd2ebce950>, http01_port=<certbot.cli._Default object at 0x7fbd2ebce450>, ifaces=<certbot.cli._Default object at 0x7fbd2ebce410>, init=<certbot.cli._Default object at 0x7fbd2ebce810>, installer=<certbot.cli._Default object at 0x7fbd2ebcf350>, key_path=<certbot.cli._Default object at 0x7fbd2f08bdd0>, logs_dir=<certbot.cli._Default object at 0x7fbd2f08b3d0>, manual=<certbot.cli._Default object at 0x7fbd2ebcf750>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x7fbd2ebd78d0>, manual_test_mode=<certbot.cli._Default object at 0x7fbd2ebd77d0>, nginx=<certbot.cli._Default object at 0x7fbd2ebcf550>, no_self_upgrade=<certbot.cli._Default object at 0x7fbd2f08bf10>, no_verify_ssl=<certbot.cli._Default object at 0x7fbd2ebce250>, noninteractive_mode=True, num=<certbot.cli._Default object at 0x7fbd2ebcefd0>, os_packages_only=<certbot.cli._Default object at 0x7fbd2f08be10>, post_hook=<certbot.cli._Default object at 0x7fbd2ebcef50>, pre_hook=<certbot.cli._Default object at 0x7fbd2ebcee50>, prepare=<certbot.cli._Default object at 0x7fbd2ebce610>, quiet=<certbot.cli._Default object at 0x7fbd2ebce050>, redirect=<certbot.cli._Default object at 0x7fbd2ebce750>, register_unsafely_without_email=<certbot.cli._Default object at 0x7fbd2f08b310>, reinstall=True, renew_by_default=<certbot.cli._Default object at 0x7fbd2f08b8d0>, renew_hook=<certbot.cli._Default object at 0x7fbd2ebcf090>, rsa_key_size=<certbot.cli._Default object at 0x7fbd2ebce650>, server=<certbot.cli._Default object at 0x7fbd2f08b1d0>, staging=<certbot.cli._Default object at 0x7fbd2f075f90>, standalone=<certbot.cli._Default object at 0x7fbd2ebcf650>, standalone_supported_challenges=<certbot.cli._Default object at 0x7fbd2ebd7490>, strict_permissions=<certbot.cli._Default object at 0x7fbd2ebced50>, text_mode=<certbot.cli._Default object at 0x7fbd2f075fd0>, tls_sni_01_port=<certbot.cli._Default object at 0x7fbd2ebce350>, tos=True, uir=<certbot.cli._Default object at 0x7fbd2ebceb50>, user_agent=<certbot.cli._Default object at 0x7fbd2ebcee10>, verb='certonly', verbose_count=<certbot.cli._Default object at 0x7fbd2f075ed0>, webroot=True, webroot_map=<certbot.cli._Default object at 0x7fbd2ebd7610>, webroot_path='/usr/local/apache/htdocs', work_dir=<certbot.cli._Default object at 0x7fbd2f08b5d0>)
2016-05-15 17:27:31,584:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/www.jetbbs.com.conf.new.
2016-05-15 17:27:31,675:INFO:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/www.jetbbs.com/fullchain.pem. Your cert will expire on 2016-08-13. To obtain a new version of the certificate in the future, simply run Certbot again.
2016-05-15 17:27:31,676:INFO:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
I’m confused though. The bottom part says Congratulations! But it looks like the certificates failed. When I try to install them, I get an error message saying verification failed:
...
Attempting to install the SSL certificate for the exim service...
{"metadata":{"version":1,"reason":"Certificate verification failed!\nCertificate verified:\nstdin: CN = www.jetbbs.com\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n\n\n","result":0,"command":"install_service_ssl_certificate"}}
...
I was thinking maybe Let’s Encrypt requires the https stuff to be working, like maybe it needs to be able to go to https://webmail.mydomain.com/.well-kown/acme-challenge/ and because it can only go there when it’s an http request, the certs don’t fully work.
Am I right in thinking that? Does anyone have any ideas what might be going on and why I cannot generate valid certificates anymore? Thanks!