easyengine
easyengine copied to clipboard
EasyEngine
Failed to renew SSL
Output:
root@server:~# ee site ssl-renew xxxx.nl
Starting SSL cert renewal
Loading current certificate for xxxx.nl
Starting SSL verification.
PHP Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: certificate has expired (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:186
Stack trace:
#0 phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(149): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)
#1 phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(102): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#2 phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))
#3 phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): Guz in phar:///usr/local/bin/ee/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 186
Warning: An Error occurred. Initiating clean-up.
Warning: Exiting gracefully after rolling back. This may take some time.
Success: Rollback complete. Exiting now.
System Information
- [x] ee cli info
+-------------------+----------------------------------------------------------------------------+
| OS | Linux 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 |
| Shell | /bin/bash |
| PHP binary | /usr/bin/php7.2 |
| PHP version | 7.2.17-1+ubuntu18.04.1+deb.sury.org+3 |
| php.ini used | /etc/php/7.2/cli/php.ini |
| EE root dir | phar://ee.phar |
| EE vendor dir | phar://ee.phar/vendor |
| EE phar path | /home/jens |
| EE packages dir | |
| EE global config | /opt/easyengine/config/config.yml |
| EE project config | |
| EE version | 4.0.14 |
+-------------------+----------------------------------------------------------------------------+
- [x] lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic
- [x] docker version
Docker version 18.09.5, build e8ff056 - [x] docker-compose version
docker-compose version 1.23.2, build 1110ad01
I believe this is a known issue: Once the certificate has expired it fails to renew.
I think the solution may be to delete the old certificate files (.pem and .crt) from the /var/lib/docker/volumes/global-nginx-proxy_certs/_data folder. Save a copy in case something goes wrong.
Then re-run the command to renew the certificates.
I suspect the problem is that all traffic is redirected from port 80 to port 443. Which means the letsencrypt probe fails on the bad cert. I think the proper solution is to add an exception for /.well-known/acme-challenge so that the non-secure probe can succeed like it does the first time a cert is created.
I'm having the same issue! I wonder, why was it not renewed automatically? Why let it expire in the first place? I think for me this is one of the big selling points of ee and it's a big oversight.
I see it's fixed at https://github.com/EasyEngine/site-command/commit/c39ea551f54fdc4b99de07c53ab477b49375f5ab
My setup hangs a long time at the marked arrow and fails.
Debug: Challenge loaded. (7.198s)
-> Debug: Testing the challenge for domain <redacted> (8.08s)
Error: Can not validate challenge for domain <redacted>
I can't either get a new fresh certificate or renew the expired one.
Was this issue ever resolved? I'm having the same problem!
I have no idea. I no longer use this solution. It was too slow fixing fundamental issues. Shame!