Easyengine and Letsencrypt setup


#1

Hi,

what do i have to do to get Lets encrypt && EE behave together ? im getting:

Letsencrypt is currently in beta phase. 
Do you wish to enable SSl now for --redacted--?
Type "y" to continue [n]:y
Please Wait while we fetch SSL Certificate for your site.
It may take time depending upon network.
Unable to setup, Let's Encrypt
Please make sure that your site is pointed to 
same server on which you are running Let's Encrypt Client 
to allow it to verify the site automatically.

#2

If you have your site pointed to CloudFlare you need to first pause your CloudFlare, after that you can set-up and install, after that you can unpause. I’m only presuming you have CloudFlare, if you don’t then I am unsure.


#3

I’d like a little more detail about this issue, if you don’t mind.

  1. What domain are you using and are their other domains sharing the IP Address this domain is pointed to?

  2. Which WordPress installation script did you use (exact text would be nice).

  3. Was…

    git clone https ://github.com/letsencrypt/letsencrypt …and…

    ./letsencrypt-auto certonly --webroot -w /var/www/example.com/htdocs/ -d example.com -d www.example.com --email admin@example.com --text --agree-tos

…run on the same system?


#4

OK i missed the last step with getting the certonly.

But it seems to be stuck on:

Please Wait while we reinstall SSL Certificate for your site.
It may take time depending upon network.

#5

It may not actually be stuck!

Just the other day, I waited over five minutes for it to pass that point. I got up, stretched and got a fresh cup of coffee. When I came back, it had finished.


#6

Its at this point for 45 minutes


#7

I’m truly sorry you are having such difficulty with Letsencrypt. I haven’t had a single issue with EE + WordPress + Letsencrypt (yet) but 45 minutes is way longer than I’d have waited /thumbs-down/

Did you take any steps, after the initial problem (your initial post), to remove Letsencrypt? If so, what?

Full disclosure: I’m having a couple issues getting Letsencrypt for a multisite environment, but its a complicated configuration and I don’t believe it is related to EE, WordPress or Letsencrypt. Admittedly this is more of a lack of knowledge on the issue, on my part.


HTTP/2 not detected
#8

I had to open my mouth…

sudo ee site update manage.wetakeitlive.com --letsencrypt

…does NOT work!

However, if I run:

./letsencrypt-auto certonly --webroot -w /var/www/manage.wetakeitlive.com/htdocs/ -d manage.wetakeitlive.com --email admin@wetakeitlive.com --text --agree-tos

…it WORKS just fine!

I am very concerned to see --no-self-upgrade on this though. I would like to hear from @rahul286 about this.


#9

I spent quite a bit of time researching this Let’s Encrypt issue and another similar issue I (and others) reported about the JetPack plugin. I may have discovered the underlying problem and think it (and the JetPack issue) is likely related to a problem with DNS Reverse Lookup and the corresponding PTR Records.

After making this discovery, I spent some time on pingdom, using their DNS Health Check Tool. My manage.wetakeitlive.com domain was giving me all kinds of issues, starting with Delegation (see: http://dnscheck.pingdom.com/?domain=manage.wetakeitlive.com&timestamp=1455319218&view=1). So I switched to a completely different Domain (not a subdomain), IP Address and Website.

Finally, after weeding through a bunch of documentation, I added PTR Records to my domain’s DNS (See below).

At the end of all this, see the results for reflexmedicalmolding.com here: http://dnscheck.pingdom.com/?domain=reflexmedicalmolding.com&timestamp=1455318564&view=1

I haven’t yet gone back and tried anything for the manage.wetakeitlive.com domain yet, but I do know, that after I was able to get reflexmedialmolding.com to pass the Pingdom DNS Health Check, the:

ee site update reflexmedicalmolding.com --letsencrypt

…command, worked without any problems.

I’ll test JetPack on this domain, later this evening.


#10

In case anyone is keeping score, the solution I listed above DID solve the problems I was having with Let’s Encrypt, but did NOT solve the problem with JetPack.


#11

Thanks @bamajr for your in depth research for this. I used ee on a different Maschine and it worked like a charm

ee site update example.com --letsencrypt

After it worked on this Server is switched back to the original server (which i had the isssue) and tried a different WP installation… it worked.

tried different ee installationtype. e.g. HTML / MYSQL (with and without hhvm)… worked

So back to my original Domain. und meeh… still the same problem. I tried all option available( Reinstallation, Keep the existing and the fetch new one).

Is there a way to reset the created SSL Certificate to get a completly new one ?


#12

I had this exact same problem. I had a working server. Then I did ee site update xyz.com – letsencrypt and it worked perfectly. Then I deleted that VPS completely, and setup another VPS with EE, and the same website configuration (wordpress). When I setup the site on the new server ee site create xyz.com --wp --php7 --wpfc --letsencrypt everything worked except letsencrypt threw

Unable to setup, Let’s Encrypt Please make sure that your site is pointed to same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically.

As root I also did the git clone https://github.com/letsencrypt/letsencrypt, and cd into /letsencrypt and did the ./letsencrypt-auto certonly… which threw this after about 100 lines of output to the terminal … Downloading certbot_apache-0.8.1-py2-none-any.whl (103kB) Requirement already satisfied (use --upgrade to upgrade): setuptools>=1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography==1.2.3->-r /tmp/tmp.MlvVK5hM4g/letsencrypt-auto-requirements.txt (line 35)) THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them. …

rerunning it gives the same output.

I my DNS records appear to be setup properly… it worked on the first server just fine.

the final lines of the output said You are using pip version 8.0.3, however version 8.1.2 is available. You should consider upgrading via the ‘pip install --upgrade pip’ command.

I tried the pip install at the root command line and bash threw “pip: command not found”. So not sure what this pip is.

Ideas?


#13

What do you get with the command below, just after a failed site update domain.com --le?

tail -50 /var/log/ee/ee.log

Please don’t just copy and paste the logs here, if you can’t use MarkDown to properly format it (please make easier for us, who are trying to help you); instead, use http://pastebin.com/ (you paste your log there, publish it, and then add the public link to your response, and we’ll be able to see your logs as they are meant to be viewed).


#14

I’m a bit embarrassed… I did NOT delete the original VPS that I installed the certificates on !! It is still running and so therefore when I tried to install the ssl certs on the second machine with the same domain name… I’m pretty sure it’s supposed to fail… wouldn’t want two machines with the same valid certs. haha … thanks for the rapid response. I’m loving the EE software… super useful! consider this thread solved.


#15

What about set Pause to CloudFlare??

That would not solve the

Please make sure that your site is pointed to
same server on which you are running Let's Encrypt Client
 to allow it to verify the site automatically.```

I just put pause to the domain in cloudflare , and I continue to have the problem :/

#16

Do you have DNS entries for domain.com and www.domain.com? Let’s Encrypt require both to point to same place in order to work fine.


#17

Thank you , yes I did!

Normally I always add an A register with @ and www @

But I have no success with any of my domains :confused:


#18

Was about to ask the same thing as portofacil about ensuring both @ and www are Apex records and not CNAME, however below is a step-by-step process which may prove useful:

Rather than using the simple “Pause” option in CloudFlare, navigate to the DNS tab, and toggle the cloud icon to gray instead of orange for the two A records @ and www so they don’t resolve through the reverse proxy.

CloudFlare uses anycast so it shouldn’t take very long to propagate (usually < 30 seconds), however you should use a lookup tool such as http://nwtools.com to do a DNS records check on your domain. Once you see the actual IP of the origin server showing up, and not those of CloudFlare, only then are you good to go for setting up Let’s Encrypt.

Assuming you’ve set up LE via the ee site update mydomain.com -- letsencrypt command, ensure you can access your website and it uses HTTPS correctly, and also ensure that you can login to the WordPress admin.

Head back to CloudFlare and first thing to do is goto the Crypto tab, enable HTTPS using the Full (Strict) option. Also ensure you turn off Automatic HTTPS Rewrites as nginx handles this. I’ve found disabling the Always On feature helps too in some very fringe cases although it’s always off for me as I personally prefer a blank page to CF’s glaring error page anyway. I also usually have no need for the Authenticated Origin Pulls, Opportunistic Encryption, TLS 1.3 BETA options for most websites I create but YMMV.

Finally, head to the DNS records tab and toggle the orange cloud for your @ and www records back to the on position. Then go back to http://nwtools.com and verify that your domain is using CloudFlare’s IP’s, and check recheck your website in the browser to make sure it works the same now that it’s being served by CloudFlare with the LE SSL passthrough.

Hope it helps!


#19

Excelent @paramdeo , Thank you very much for your help!


#21

When I try updating wordpress site with letsencrypt, it gives be following error

#ee site update hhwp.tk --letsencrypt Unable to setup, Let’s Encrypt Please make sure that your site is pointed to same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically.

ee logs have following logs

Command Error: Traceback (most recent call last): File “/usr/lib/python3/dist-packages/virtualenv.py”, line 2363, in main() File “/usr/lib/python3/dist-packages/virtualenv.py”, line 719, in main symlink=options.symlink) File “/usr/lib/python3/dist-packages/virtualenv.py”, line 988, in create_environment download=download, File “/usr/lib/python3/dist-packages/virtualenv.py”, line 918, in install_wheel call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT) File “/usr/lib/python3/dist-packages/virtualenv.py”, line 812, in call_subprocess % (cmd_desc, proc.returncode)) OSError: Command /root/.local/share/letsencrypt/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 1

Has someone come across such issue? Solution would be much appreciated, I am using easyengine on aws ec2 instance with Ubuntu 16.04.2 LTS.