That's strange. Check how your CSR gets generated. What domains get included.
I assume there's some bug there. (And also in boulder, if it makes a request to some random path)
That's strange. Check how your CSR gets generated. What domains get included.
I assume there's some bug there. (And also in boulder, if it makes a request to some random path)
I did add a few lines in my posting above, while you were writing your lastest posting.
Because Letsencrypt killed the domain.csr (set "0" bytes) I did create it manually.
root@ucs:/etc/univention/letsencrypt# openssl req -text -noout -verify -in domain.csr
verify OK
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = ucs.kmvw-io.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Yes, I assume you are asking for a certificate with literally
ucs.kmvw-io.de/[https:/ucs.kmvw-io.de
as a domain name, and similar ones. How do these strings get in your CSR, I do not know.
Why doesn't boulder catch it as an invalid domain, I don't know either
Check "Subject Alternative Name" not just "Common Name"
I get:
root@ucs:/etc/univention/letsencrypt# openssl x509 -text -noout -in chain.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
xxxxxxxxxxxx
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Dec 5 07:05:58 2021 GMT
Not After : Mar 5 07:05:57 2022 GMT
Subject: CN = ucs.kmvw-io.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
...
X509v3 Subject Alternative Name:
DNS:autoconfig.kmvw-io.de, DNS:autodiscover.kmvw-io.de, DNS:kmvw-io.de, DNS:mail.kmvw-io.de, DNS:smtp.kmvw-io.de, DNS:ucs.kmvw-io.de, DNS:web.kmvw-io.de
...
That's for the valid, already issued certificate. You need to check the CSR.
Sorry, I did not read your posting propeerly enough
root@ucs:/etc/univention/letsencrypt# openssl req -in domain.csr -text -noout
root@ucs:/etc/univention/letsencrypt# openssl req -text -noout -verify -in domain.csr verify OK
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = ucs.kmvw-io.de, CN = dav.kmvw-io.de, CN = mail.kmvw-io.de, CN = web.kmvw-io.de, CN = smtp.kmvw-io.de, CN = autoconfig.kmvw-io.de, CN = autodiscover.kmvw-io.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
...
It does not seem to contain alternate names. - Maybe caused by the error, which is the reason of this thread.
I did recreate the CSR and executed the script again - now I get different error messages:
root@ucs:/etc/univention/letsencrypt# sudo -u letsencrypt /usr/share/univention-letsencrypt/refresh-cert
Sa 5. Feb 16:48:05 CET 2022
Refreshing certificate for following domains:
kmvw-io.de autodiscover.kmvw-io.de autoconfig.kmvw-io.de dav.kmvw-io.de ucs.kmvw-io.de web.kmvw-io.de smtp.kmvw-io.de mail.kmvw-io.de
Parsing account key...
Parsing CSR...
Found domains: ucs.kmvw-io.de
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying ucs.kmvw-io.de...
Traceback (most recent call last):
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 197, in <module>
main(sys.argv[1:])
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 193, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for ucs.kmvw-io.de: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA', u'hostname': u'ucs.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'80', u'addressesResolved': [u'84.153.195.198']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/75514231160/jxZ8lQ', u'token': u'HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from http://ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA [84.153.195.198]: "<!DOCTYPE HTML PUBLIC \\"-//IETF//DTD HTML 2.0//EN\\">\\n<html><head>\\n<title>500 Internal Server Error</title>\\n</head><body>\\n<h1>Inter"'}, u'validated': u'2022-02-05T15:48:11Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'ucs.kmvw-io.de'}, u'expires': u'2022-02-12T15:48:09Z'}
Apache access_log:
18.159.196.172 - - [05/Feb/2022:16:48:11 +0100] "GET /.well-known/acme-challenge/HHIBIWc28
HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA HTTP/1.1" 500 817 "-" "Mozilla/5.0 (compatible; Let's E
ncrypt validation server; +https://www.letsencrypt.org)"
18.116.86.117 - - [05/Feb/2022:16:48:12 +0100] "GET /.well-known/acme-challenge/HHIBIWc28H
A8J_7-m3jnO65eyVUmLvxc99EzolEV0LA HTTP/1.1" 500 817 "-" "Mozilla/5.0 (compatible; Let's En
crypt validation server; +https://www.letsencrypt.org)"
34.221.255.206 - - [05/Feb/2022:16:48:12 +0100] "GET /.well-known/acme-challenge/HHIBIWc28
HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA HTTP/1.1" 500 817 "-" "Mozilla/5.0 (compatible; Let's E
ncrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [05/Feb/2022:16:48:14 +0100] "GET /.well-known/acme-challenge/HHIBIWc28H
A8J_7-m3jnO65eyVUmLvxc99EzolEV0LA HTTP/1.1" 500 817 "-" "Mozilla/5.0 (compatible; Let's En
crypt validation server; +https://www.letsencrypt.org)"
Making progress. Check your Apache config for why it responds with http error 500
Could test using this which should result in 404 to see why get 500 instead
curl -I http://ucs.kmvw-io.de/.well-known/acme-challenge/ForumTest_123
@MikeMcQ:
Thank you - that helped me a little bit:
If I call https
curl -I https://ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 200 OK
Date: Sat, 05 Feb 2022 16:36:02 GMT
Server: Apache/2.4.25 (Univention)
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Sat, 05 Feb 2022 15:48:10 GMT
ETag: "57-5d7474b58d5a4"
Accept-Ranges: bytes
Content-Length: 87
it works.
If I call http
curl -I http://ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 500 Internal Server Error
Date: Sat, 05 Feb 2022 16:34:41 GMT
Server: Apache/2.4.25 (Univention)
Connection: close
Content-Type: text/html; charset=iso-8859-1
I get the error 500.
Now I have to find out, why verification over http does not work anymore. I guess, that anywhere the is hidden a redirection to https.
Yes, Let's Encrypt always makes an HTTP request. You can redirect it to HTTPS if you want but best would be to respond correct to HTTP request.
I know this, because I am working since more than 2 years with Letsencrypt on several servers.
But since the trouble with the expired Letsencrypt root certificate and its "workarounds" to get the successor to work, a lot of problems raised.
Very strange: If I call f.ex. web.kmvw-io.de with http, I get reply. If I call it with the .well-known over http, I get an error 500 but everything still worked in December.
Something must have changed in your Apache setup since then. If you can't figure it out show the results of this and maybe someone here will see problem.
sudo apachectl -S
Seems to look good:
root@ucs:/etc/univention/letsencrypt# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server ucs.kmvw-io.de (/etc/apache2/sites-enabled/000-default.conf:13)
port 80 namevhost ucs.kmvw-io.de (/etc/apache2/sites-enabled/000-default.conf:13)
port 80 namevhost ucs-sso.kmvw-io.de (/etc/apache2/sites-enabled/univention-saml.conf:63)
*:443 is a NameVirtualHost
default server ucs.kmvw-io.de (/etc/apache2/sites-enabled/default-ssl.conf:17)
port 443 namevhost ucs.kmvw-io.de (/etc/apache2/sites-enabled/default-ssl.conf:17)
port 443 namevhost dav.kmvw-io.de (/etc/apache2/sites-enabled/kdav.conf:2)
port 443 namevhost kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:21)
port 443 namevhost autodiscover.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:42)
port 443 namevhost autoconfig.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:63)
port 443 namevhost web.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:84)
port 443 namevhost ucs.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:105)
port 443 namevhost smtp.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:126)
port 443 namevhost mail.kmvw-io.de (/etc/apache2/sites-enabled/univention-letsencrypt.conf:147)
port 443 namevhost ucs-sso.kmvw-io.de (/etc/apache2/sites-enabled/univention-saml.conf:38)
port 443 namevhost web.kmvw-io.de (/etc/apache2/sites-enabled/web.kmvw-io.de.conf:3)
alias web.kmvw-io.de
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ldap-cache: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
Would you show the contents of this:
UPDATE: And this too for comparison since it works better
000.default.conf:
<VirtualHost *:80>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
</VirtualHost>
univention-letsencrypt.conf:
alias /.well-known/acme-challenge/ /var/www/.well-known/acme-challenge/
<Directory /var/www/.well-known/acme-challenge/>
AllowOverride None
Options -Indexes
Require all granted
</Directory>
<IfModule mod_ssl.c>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName autodiscover.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName autoconfig.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName web.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName ucs.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName smtp.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
<VirtualHost *:443>
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
ServerName mail.kmvw-io.de
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
</VirtualHost>
</IfModule>
default-ssl.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ProxyPass /nextcloud http://127.0.0.1:40000/nextcloud retry=0
ProxyPassReverse /nextcloud http://127.0.0.1:40000/nextcloud
Redirect 301 /.well-known/carddav https://ucs.kmvw-io.de/nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav https://ucs.kmvw-io.de/nextcloud/remote.php/dav
Redirect 301 /.well-known/webfinger https://ucs.kmvw-io.de/nextcloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo https://ucs.kmvw-io.de/nextcloud/index.php/.well-known/nodeinfo
</VirtualHost>
</IfModule>
Are there any files in that folder? Can you show them?
The post you made that showed result of apachectl -S
is missing. Did you delete it?
No, it is there: Univention Corporate Server: no renewal possible - #17 by Mornsgrans
Edit: It became hidden by the forum spam filter and needed a review by admin.
The folder /etc/apache2/ucs-sites.conf.d contains three config files. All these files were auto-generated by UCS last summer.
1st:
root@ucs:/etc/univention/letsencrypt# cat /etc/apache2/ucs-sites.conf.d/ucs-sites.conf
#...
RewriteEngine on
RewriteOptions Inherit
ProxyPreserveHost on
ProxyTimeout 600
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
DocumentRoot /var/www/
CustomLog /var/log/apache2/access.log combined
RedirectMatch ^/$ /univention/
2nd:
root@ucs:/etc/univention/letsencrypt# cat /etc/apache2/ucs-sites.conf.d/collabora-code.conf
#######################################
# generated by code app join script, do not edit manually #
#######################################
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
# Capabilities
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
3rd:
root@ucs:/etc/univention/letsencrypt# cat /etc/apache2/ucs-sites.conf.d/univention-portal.conf
#...
ProxyPass /univention/portal/portal.json http://127.0.0.1:8095/ retry=0
ProxyPassReverse /univention/portal/portal.json http://127.0.0.1:8095/
<Directory /var/www/univention/portal/>
<FilesMatch "(portal|apps)\.json|portal\.css">
Header set Cache-Control "max-age=0, must-revalidate"
</FilesMatch>
</Directory>
<Directory /var/www/univention/portal/icons>
Header set Cache-Control "max-age=0, must-revalidate"
</Directory>
Maybe I could solve the http-problem:
after setting
ucr set apache2/force_https=yes
and restarting Apache I did the curl
instructions mentioned above again:
root@ucs:/etc/univention/letsencrypt# curl -I http://web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Feb 2022 20:15:03 GMT
Server: Apache/2.4.25 (Univention)
Location: https://web.kmvw-io.de/%5bhttps:/web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
Content-Type: text/html; charset=iso-8859-1
root@ucs:/etc/univention/letsencrypt# curl -I http://ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Feb 2022 20:15:30 GMT
Server: Apache/2.4.25 (Univention)
Location: https://ucs.kmvw-io.de/%5bhttps:/ucs.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
Content-Type: text/html; charset=iso-8859-1
Please notice the entry in the lines starting with "Location"
I think you should reverse what you just did with forcing redirects since it did not work. Ideally your port 80 http server would handle the challenge requests anyway.
Can you try copying these lines which do seem to work from your port 443 VirtualHost and add them to your 000.default.conf
file? Don't forget to restart Apache after.
Getting the same:
root@ucs:/etc/univention/letsencrypt# curl -I http://autoconfig.kmvw-io.de/.well-known/acme-challenge/nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Feb 2022 21:05:13 GMT
Server: Apache/2.4.25 (Univention)
Location: https://autoconfig.kmvw-io.de/%5bhttps:/autoconfig.kmvw-io.de/.well-known/acme-challenge/nh_11HrXJHoeCet5DDdh8E82V8vb1Vx5ucOhpsj5L8k
Content-Type: text/html; charset=iso-8859-1
with /%5b
in the "Location" line. - Yes, I did restart Apache after changing 000-default.conf
The problem is, that I do not know the changes in the configuration before last successful renewal. - I think, I will give up and try a new installation, if there are no new ideas . - Damn...
Thank you for your support.
I could solve the problem!!
The output of the curl
instruction in my postings above
root@ucs:/etc/univention/letsencrypt# curl -I http://web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Feb 2022 20:15:03 GMT
Server: Apache/2.4.25 (Univention)
Location: https://web.kmvw-io.de/%5bhttps:/web.kmvw-io.de/.well-known/acme-challenge/HHIBIWc28HA8J_7-m3jnO65eyVUmLvxc99EzolEV0LA
Content-Type: text/html; charset=iso-8859-1
showed a /%5b
.in the line starting with Location
This morning in the Univention knowledge-base I could find a guide, how to redirect http to https and configure Letsencrypt manually.
One step is:
Then create /var/www/.htaccess with the following content:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) [https://%{HTTP_HOST}%{REQUEST_URI}
The RewiteRule contains a "[
" . So I did check my .htaccess file and could find the RewriteRule in it. I did remove the RewriteRule - line, restarted Apache and executed
root@ucs:/etc/univention/letsencrypt# sudo -u letsencrypt /usr/share/univention-letsencrypt/refresh-cert
So 6. Feb 09:04:35 CET 2022
Refreshing certificate for following domains:
kmvw-io.de autodiscover.kmvw-io.de autoconfig.kmvw-io.de ucs.kmvw-io.de web.kmvw-io.de smtp.kmvw-io.de mail.kmvw-io.de
Parsing account key...
Parsing CSR...
Found domains: web.kmvw-io.de, ucs.kmvw-io.de, mail.kmvw-io.de, autoconfig.kmvw-io.de, smtp.kmvw-io.de, autodiscover.kmvw-io.de, kmvw-io.de
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying autodiscover.kmvw-io.de...
autodiscover.kmvw-io.de verified!
Verifying kmvw-io.de...
kmvw-io.de verified!
Verifying mail.kmvw-io.de...
mail.kmvw-io.de verified!
Verifying smtp.kmvw-io.de...
smtp.kmvw-io.de verified!
Verifying ucs.kmvw-io.de...
ucs.kmvw-io.de verified!
Verifying web.kmvw-io.de...
web.kmvw-io.de verified!
Verifying autoconfig.kmvw-io.de...
autoconfig.kmvw-io.de verified!
Signing certificate...
Certificate signed!
Certificate refreshed at So 6. Feb 09:05:17 CET 2022
Yeah! - Success!!!
Then I added the RewiriteRule
-line in the .htaccess
again and restarted Apache.
Now I will ask in the Univention forum, why the RewriteRule suddenly generates garbage.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.