Due to some changes in the Let's Encrypt API, I've released version 2.1 of the Let's Encrypt script for Hiawatha.
Stumpy
13 September 2019, 19:21
Thanks for the new script. Weirdly, v2.1 of the script doesn't seem to correctly parse my config. If I run the script as-is, it only ever errors out with:
"Read the lefh manual page and follow its instructions before using this tool."
If I comment out the line with the configuration check, it doesn't error but it also doesn't do anything according to the debug log. `letsencrypt expire` does list my domains correctly.
Is this script compatible with PHP 7.3.8? Is it capable of re-using the existing account.key?
Thank you!
Vladas Palubinskas
15 September 2019, 08:46
According to INSTALL, the new version does not use an old access.key of previous versions: "When running the tool for the first time, it will create a Let's Encrypt account key."
Hugo Leisink
16 September 2019, 12:48
@Stumpy: the location for the account.key file is ~/.letsencrypt/. Is that where your account key is stored?
Günther
18 September 2019, 15:21
This Update generates an error on renewing certificates:
"- Error getting challange for mydomain.example.org"
debuglog says: "type": "urn:ietf:params:acme:error:malformed", "detail": "No such authorization", "status": 404
Günther
19 September 2019, 10:09
Finding the error, the path has changed to /usr/lib/... what a mess! corrected the above, now it cant find hiawatha.conf in /het/hiawatha (it sill exists there): - Can't find config file HIAWATHA_CONFIG_DIR/hiawatha.conf
Hugo Leisink
25 September 2019, 11:41
I have no idea what you're doing. My guess is that you manually copied files from different versions. Try reinstalling Hiawatha and use the script that comes with it.
Joe Schmoe
2 March 2020, 17:41
I'm having a problem with renewing certificates. Below is the tail end of the log file. It looks it sends the authorization strings with "authz-v3" as part of the URL.
But then when it subsequently requests that URL it only uses "authz" as part of the request and not "authz-v3" which is why I think it returns a 404 error.
If I use either of the URLs in the authorizations config it works just fine. I tried to figure out where in the code it is replacing the "authz-v3" but cannot find it.
I just figured out that it was still using old libraries in the /usr/lib/hiawatha/letsencrypt directory. Once I replaced that with the new library files the problem was solved.
Vladas
14 February 2021, 11:28
Renewing of certificates does not complete after PHP 7.0 upgrade to PHP8.0:
Renewing certificate for a-z.on.lt. Generating RSA key. Generating Certificate Signing Request (CSR). Ordering certificate. Getting authorization challenge for a-z.on.lt. - Creating reponse for authorization challenge. - Requesting authorization for host. - Polling authorization status. Finalizing order. Removing challenge responses. Downloading certificates. PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59 Stack trace: #0 /usr/lib/hiawatha/letsencrypt/acmev2.php(357): logfile->clean() #1 /usr/lib/hiawatha/letsencrypt/letsencrypt.php(300): ACMEv2->get_certificate() #2 /usr/sbin/lefh(152): LetsEncrypt->request_certificate() #3 {main} thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59 PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59 Stack trace: #0 /usr/lib/hiawatha/letsencrypt/logfile.php(53): logfile->clean() #1 /usr/lib/hiawatha/letsencrypt/logfile.php(30): logfile->flush() #2 [internal function]: logfile->__destruct() #3 {main} thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59
Hugo Leisink
14 February 2021, 14:37
Remove line 59 and 61 from logfile.php.
Vladas
15 February 2021, 07:58
Yes, lefh renewed now, thank you very much!
elomraydino
15 April 2022, 21:01
Hi all ! Please I have some issue with lefh on ubuntu 20.04.
Is there a proxy in between? The script works, so I think the cause is somewhere in your network or system.
elomraydino
17 April 2022, 19:09
No proxy in front of hiawatha but i'm using it as reverse proxy to nodejs app. In acmev2.php if i change GET into POST in the get_chalange function the script is able to retreive the chalenge but the probing fails. I try that becose of this forum post : https://community.letsencrypt.org/t/invalid-status-value-error-msg-post-as-get-action/140556
elomraydino
17 April 2022, 19:19
Sorry I also needed to change line 149 of acmev2.php like follow to make the POST function works for the GEt cases :
"Read the lefh manual page and follow its instructions before using this tool."
If I comment out the line with the configuration check, it doesn't error but it also doesn't do anything according to the debug log. `letsencrypt expire` does list my domains correctly.
Is this script compatible with PHP 7.3.8? Is it capable of re-using the existing account.key?
Thank you!
"- Error getting challange for mydomain.example.org"
debuglog says:
"type": "urn:ietf:params:acme:error:malformed",
"detail": "No such authorization",
"status": 404
corrected the above, now it cant find hiawatha.conf in /het/hiawatha (it sill exists there):
- Can't find config file HIAWATHA_CONFIG_DIR/hiawatha.conf
But then when it subsequently requests that URL it only uses "authz" as part of the request and not "authz-v3" which is why I think it returns a 404 error.
If I use either of the URLs in the authorizations config it works just fine. I tried to figure out where in the code it is replacing the "authz-v3" but cannot find it.
Any ideas?
Thanks!
======
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx1234",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx1235"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/xxxxx/xxxxxxxxxx"
}"
}
GET /acme/authz/xxxxxx1234
Server response: array(3) {
["status"] => int(404)
["headers"] => array(6) {
["server"] => string(5) "nginx"
["date"] => string(29) "Mon, 04 Mar 2020 16:25:58 GMT"
["content-type"] => string(25) "text/plain; charset=utf-8"
["content-length"] => string(2) "19"
["connection"] => string(5) "close"
["x-content-type-options"] => string(7) "nosniff"
}
["body"] => string(19) "404 page not found
"
}
[/code]
I just figured out that it was still using old libraries in the /usr/lib/hiawatha/letsencrypt directory. Once I replaced that with the new library files the problem was solved.
Renewing certificate for a-z.on.lt.
Generating RSA key.
Generating Certificate Signing Request (CSR).
Ordering certificate.
Getting authorization challenge for a-z.on.lt.
- Creating reponse for authorization challenge.
- Requesting authorization for host.
- Polling authorization status.
Finalizing order.
Removing challenge responses.
Downloading certificates.
PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59
Stack trace:
#0 /usr/lib/hiawatha/letsencrypt/acmev2.php(357): logfile->clean()
#1 /usr/lib/hiawatha/letsencrypt/letsencrypt.php(300): ACMEv2->get_certificate()
#2 /usr/sbin/lefh(152): LetsEncrypt->request_certificate()
#3 {main}
thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59
PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59
Stack trace:
#0 /usr/lib/hiawatha/letsencrypt/logfile.php(53): logfile->clean()
#1 /usr/lib/hiawatha/letsencrypt/logfile.php(30): logfile->flush()
#2 [internal function]: logfile->__destruct()
#3 {main}
thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59
GET /acme/authz-v3/2195848543
Server response: array(3) {
["status"] => int(405)
["headers"] => array(7) {
["server"] => string(5) "nginx"
["date"] => string(29) "Fri, 15 Apr 2022 18:27:58 GMT"
["content-type"] => string(24) "application/problem+json"
["content-length"] => string(3) "103"
["connection"] => string(5) "close"
["cache-control"] => string(27) "public, max-age=0, no-cache"
["link"] => string(68) "<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index""
}
["body"] => string(103) "{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}"
}
$payload = is_array($payload) ? $this->b64u_encode(str_replace('\\/', '/', json_encode($payload))) : '';