azgoku
January 16, 2019, 9:31am
1
I dont know how to ask this properly so please excuse me.
I need to renew my certificate on the apache.
I have a vps with windows server using xampp apache.
I used letsencrypt win simple method.
I got no error everything went ok .
[INFO] Renewing certificate for www.globaldoom.net
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate www.globaldoom.net 2019/1/16 11:43:00 AM
[INFO] Saving certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate www.globaldoom.net 2019/1/16 11:43:00 AM to store My
[INFO] Uninstalling certificate from the certificate store
[INFO] Removing certificate www.globaldoom.net 2019/1/16 10:12:15 AM from store My
[INFO] Renewal for www.globaldoom.net succeeded
[INFO] Next renewal scheduled at 2019/3/12 9:43:04 AM
It said that certificate was renewed for another 3 months.
I restarted apache but no luck.
The problem is that the xampp/apache/conf/ssl.crt/server.crt is still expired. It did not changed to a new license.
Do i have to generate the certificate somehow manualy and put it there?
I just dont know what to do anymore , totaly lost here.
My domain is:www.globaldoom.net
Thank You.
_az
January 16, 2019, 9:49am
2
You'll probably want to change your Apache configuration to use the private key and certificate from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
, instead of the ones from xampp/apache/conf/ssl.crt
.
This will involve changing the part of the Apache configuration that says SSLCertificateFile
and SSLCertificateKeyFile
.
That way, when letsencrypt-win-simple renews the certificate, you don't need to do anything except restart Apache.
Edit: there's a tutorial how to do this on the win-acme wiki: GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
3 Likes
azgoku
January 16, 2019, 10:27am
3
Define CERTROOT “C:/Users/Administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org”
Define SITEROOT “C:/xampp/htdocs/globaldoom.net”
<VirtualHost *:443>
ServerAdmin mail@gmail.com
DocumentRoot “${SITEROOT}”
ServerName globaldoom.net
ServerAlias globaldoom.net
ErrorLog “logs/globaldoom.net.com-error.log”
CustomLog “logs/globaldoom.net.com-access.log” common
SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"
<VirtualHost *:443>
ServerAdmin mail@gmail.com
DocumentRoot “${SITEROOT}”
ServerName www.globaldoom.net
ServerAlias www.globaldoom.net
ErrorLog “logs/www.globaldoom.net.com-error.log”
CustomLog “logs/www.globaldoom.net.com-access.log” common
SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"
<VirtualHost *:443>
ServerAdmin mailt@gmail.com
DocumentRoot “${SITEROOT}”
ServerName mu.globaldoom.net
ErrorLog “logs/mu.globaldoom.net.com-error.log”
CustomLog “logs/mu.globaldoom.net.com-access.log” common
SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"
I modified, restart apache but its not working , the certificate is showing INVALID , the dates are good tho.
Any ideea what i’ve dont wrong ?
I disabled https for now people cant access the site.
_az
January 16, 2019, 10:33am
4
In fact, you configured everything correctly.
The problem you face now is that your certificate is only valid for www.globaldoom.net
, not for mu.globaldoom.net
.
What you probably want to do next, is to issue a certificate that is valid for both domains, and then configure Apache to use that one.
You can review the win-acme docs for how to do this. For example, it might be:
--manualhost www.globaldoom.net,mu.globaldoom.net
(depending how you issued the certificate initially)
Alternatively you can create a separate certificate for mu.globaldoom.net
, and then change your Apache configuration only for that one domain.
azgoku
January 16, 2019, 10:43am
5
Hm i try to create a new certificate , also renew all , but i get this error
[INFO] Renewing certificate for www.globaldoom.net
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: www.mu.globaldoom.net
[EROR] Unable to activate HttpListener, this may be due to non-Microsoft webserver using port 80
[EROR] Error resolving validation plugin
Totaly lost here
_az
January 16, 2019, 10:51am
6
You’ll have to forgive me, I’ve never used win-acme and don’t have Windows, but I believe what you probably want is something like:
letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net,www.globaldoom.net,globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net"
and then update Apache with the new certificate.
azgoku
January 16, 2019, 10:56am
7
Thank for helping :).
I tried your code and i get this . There is nothing in .well-known.
[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [3 bindings - mu.globaldoom.net , …]
[INFO] Authorize identifier: mu.globaldoom.net
[INFO] Authorizing mu.globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://mu.globaldoom.net/.well-known/acme-challenge/KRz3TQ1OUUyFFgI-U4gg_D3g4m6Qjgx7Qw2Sz_AcXa8
[EROR] Authorization result: invalid
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: globaldoom.net
[INFO] Authorizing globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://globaldoom.net/.well-known/acme-challenge/OG4JUHswbjPuQaWFILIZFs8M1HVuJQAoHER2nwhZCWk
[INFO] Authorization result: valid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:unauthorized
[EROR] [detail] Invalid response from http://mu.globaldoom.net/.well-known/acme-challenge/KRz3TQ1OUUyFFgI-U4gg_D3g4m6Qjgx7Qw2Sz_AcXa8: “\r\t\t\t\t<html lang=“en”>\r\t\t\t\t\r\t\t\t\tError\r\t\t\t\t<style type=“text/css”>\r\r\t\t\t\t::selection{ backgroun”
[EROR] [status] 403
[EROR] Create certificate failed
_az
January 16, 2019, 11:02am
8
It looks like your domains do not all have the same DocumentRoot
. From your earlier Apache config you posted, I thought they did.
What directory does mu.globaldoom.net
get served from?
azgoku
January 16, 2019, 11:03am
9
mu is a folder inside globaldoom.net , the sub domain.
xampp/htdocs/globaldoom.net/mu
_az
January 16, 2019, 11:06am
10
OK, I think this should work:
letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net/mu"
and then also:
letsencrypt.exe --plugin manual --manualhost www.globaldoom.net,globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net"
You should end up with two certificates, one for mu
, and one for www
+non-www.
Once you have those, update your Apache config for each respective domain.
azgoku
January 16, 2019, 11:13am
11
Hmm , i think im missing the files from the .well-known/acme-challenge , this files here should be created automaticaly right ? Sorry im not pro .
c:\letsencrypt-win-simple>letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net --webroot “C:/xampp/htdocs/globaldoom.net/mu”
[INFO] A Simple ACME Client for Windows (WACS)
[INFO] Software version 1912.2.6907.35819 (RELEASE)
[INFO] IIS not detected
[INFO] ACME server https://acme-v01.api.letsencrypt.org/
[INFO] Please report issues at https://github.com/PKISharp/win-acme
[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [1 binding - mu.globaldoom.net ]
[INFO] Authorize identifier: mu.globaldoom.net
[INFO] Authorizing mu.globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://mu.globaldoom.net/.well-known/acme-challenge/ZtQxnvN1ttL8u9XZvN6XRyWfh9VKSHJlO9HJg9PyE80
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:unauthorized
[EROR] [detail] Invalid response from http://mu.globaldoom.net/.well-known/acme-challenge/ZtQxnvN1ttL8u9XZvN6XRyWfh9VKSHJlO9HJg9PyE80: “\r\t\t\t\t<html lang=“en”>\r\t\t\t\t\r\t\t\t\tError\r\t\t\t\t<style type=“text/css”>\r\r\t\t\t\t::selection{ backgroun”
[EROR] [status] 403
[EROR] Create certificate failed
_az
January 16, 2019, 11:17am
12
The files are automatically created and deleted. So when you look, it's normal that they're not there.
It might help to manually create a /.well-known/acme-challenge/test.txt
file, to confirm you can reach it in a browser.
This is also to confirm that your .htaccess
is not interfering with it or anything.
Sometimes content management systems intercept requests when they shouldn't, but there's ways to work around that.
azgoku
January 16, 2019, 11:24am
13
This works http://globaldoom.net/.well-known/acme-challenge/text.txt ,but not this
http://mu.globaldoom.net/.well-known/acme-challenge/text.txt , maybe because the website code.
Still getting errors dunno what to do anymore.
What if i delete the certificate and the well known folders?
And try again fresh ?
_az
January 16, 2019, 11:27am
14
Do you have an .htaccess
file in the mu
directory?
If you add these two lines to the top of it, can you access that test file in the browser then?
RewriteEngine On
RewriteRule ^\.well-known - [L]
Won't help. We're making progress, just slowly :).
azgoku
January 16, 2019, 11:31am
15
Yes i have .htaccess , i added your line and it shows 404 error now .
The ones below is for the game im runing .
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteRule ^.well-known - [L]
ServerSignature Off
RewriteRule ^(assets|forum|application|index.php|favicon.ico|sitemap.xml|setup|interface|launcherupdate)(|/) - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^news/(.*)/([0-9]+)\/? home/read-news/$1/2 [NC,L]
RewriteRule ^character/(.*)/(.*)\/? info/character/$1/2 [NC,L]
RewriteRule ^guild/(.*)/(.*)\/? info/guild/$1/2 [NC,L]
RewriteRule ^vote-reward\/? account-panel/vote-reward [NC,L]
RewriteRule ^account-logs/? account-panel/logs [NC,L]
RewriteRule ^settings\/? account-panel/settings [NC,L]
RewriteRule ^logout/? account-panel/logout [NC,L]
RewriteRule ^reset-character\/? account-panel/reset [NC,L]
RewriteRule ^grand-reset-character/? account-panel/grand-reset [NC,L]
RewriteRule ^add-stats\/? account-panel/add-stats [NC,L]
RewriteRule ^add-stats/(.)/?$ account-panel/add-stats/1 [NC,L]
RewriteRule ^reset-stats\/? account-panel/reset-stats [NC,L]
RewriteRule ^hide-character-info/? account-panel/hide-info [NC,L]
RewriteRule ^exchange-wcoins\/? account-panel/exchange-wcoins [NC,L]
RewriteRule ^warp-char/? account-panel/warp-char [NC,L]
RewriteRule ^pk-clear\/? account-panel/pk-clear [NC,L]
RewriteRule ^clear-inventory/? account-panel/clear-inventory [NC,L]
RewriteRule ^zen-wallet\/? account-panel/zen-wallet [NC,L]
RewriteRule ^clear-skilltree/? account-panel/clear-skilltree [NC,L]
RewriteRule ^logs\/? account-panel/logs [NC,L]
RewriteRule ^(. ) index.php?action=$1 [QSA,L]
<FilesMatch “(?:.xml|.json|.dmn|license.txt)$”>
Order allow,deny
Deny from all
_az
January 16, 2019, 11:31am
16
Did you delete the mu/.well-known/acme-challenge/test.txt
file? If so, could you re-create it?
azgoku
January 16, 2019, 11:34am
17
from what i see the folder .wellknown its not inside the mu folder.
Its inside globaldoom.net , where mu folder also is.
And that htaccess from the image only has this , i disabled https.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
_az
January 16, 2019, 11:35am
18
Right, but could you please copy the .well-known
folder into the mu/
directory for me?
Edit: it works!
So, I believe you should be able to go run those two commands from earlier again.
However, if you run into rate limit (there is a failed attempts limit of 5 tries per hour), you may need to wait upto an hour to try again.
It’s late here and I gotta scoot, but hopefully you’re like 99% of the way there.
2 Likes
azgoku
January 16, 2019, 11:35am
19
Ok done , now its working http://mu.globaldoom.net/.well-known/acme-challenge/text.txt
Ok thank you , hope i can make it .
2 Likes