letsencrypt renewal geht nicht

medri · 26. Dezember 2017

Hallo zusammen,

mir ist mittlerweile (unbemerkt) mein letsencrypt-Zertifikat abgelaufen, das ich über das Plugin erstellt habe.
Wenn ich über "Geplante Aufgaben" (cron-jobs) ein manuelles Update machen will, dann gibt er mir folgenden Fehler aus

Code

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; export SHELL=/bin/sh; sudo --shell --non-interactive --user=root -- omv-letsencrypt 2>&1' with exit code '127': /bin/sh: 1: omv-letsencrypt: not found

Wenn ich auf "Details" klicke kommen folgende Zusatz-Infos

Code

Fehler #0:
exception 'OMV\ExecException' with message 'Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; export SHELL=/bin/sh; sudo --shell --non-interactive --user=root -- omv-letsencrypt 2>&1' with exit code '127': /bin/sh: 1: omv-letsencrypt: not found' in /usr/share/openmediavault/engined/rpc/cron.inc:175
Stack trace:
#0 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMVRpcServiceCron->{closure}('/tmp/bgstatusGk...', '/tmp/bgoutputet...')
#1 /usr/share/openmediavault/engined/rpc/cron.inc(179): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
#2 [internal function]: OMVRpcServiceCron->execute(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('execute', Array, Array)
#5 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Cron', 'execute', Array, Array, 1)
#6 {main}

Ich kann leider sehr wenig damit anfangen, außer, dass ich lese, dass der Befehl 'omv-letsencryp' nicht gekannt wird.
Per shell bin ich auch nicht wirklich weiter gekommen.

certbot certificates liefert mir folgenden output

Code

certbot certificates                                                                                                                     
Saving debug log to /var/log/letsencrypt/letsencrypt.log                                                                                             
-------------------------------------------------------------------------------                                                                      
Found the following certs:                                                                                                                           
  Certificate Name: omv                                                                                                                              
    Domains: xxx.xxx.xx
    Expiry Date: 2018-03-09 17:34:56+00:00 (VALID: 73 days)                                                                                          
    Certificate Path: /etc/letsencrypt/live/omv/fullchain.pem                                                                                        
    Private Key Path: /etc/letsencrypt/live/omv/privkey.pem                                                                                          
-------------------------------------------------------------------------------

Im OMV-Dashboard wird mir jedoch folgendes angezeigt.
Gültig bis 24.12.2017
CN=meine Webadresse

Wo ist der Fehler und wie behebe ich ihn?
Danke und Gruß
Manu

pierewoehl · 26. Dezember 2017

Anscheinend wird das Programm omv-letsencrypt welches im hintergrund dein Zertifikat erneuern soll nicht gefunden.

Installier das Plugin neu, falls das nicht hilft, mache in Symlink von certbot

ln -s $(which certbot) /usr/local/bin/omv-letsencrypt

Die Funktion die hier aufgerufen wird scheint mit omv-letsencrypt eigentlich nur certbot aufzurufen (https://github.com/OpenMediaVa…gined/rpc/letsencrypt.inc)

Gruss

ryecoaaron · 26. Dezember 2017

Zitat von pierewoehl

Apparently the program omv-letsencrypt which in the background renew your certificate is not found.

Reinstall the plugin, if that does not help, make a symlink of certbot

ln -s $ (which certbot) / usr / local / bin / omv-letsencrypt

Omv-letsencrypt actually only certbot

Alles anzeigen

Please don't make a symlink. omv-letsencrypt was removed because it was duplicate code. You can see the proper code here - https://github.com/OpenMediaVa…lt/mkconf/letsencrypt#L38

That said, assuming you are using OMV 3.x+, a cron job (not shown in scheduled jobs) will be created by the plugin. The new plugin also was changed to accommodate multiple domains. Just regnerate a new cert.

medri · 27. Dezember 2017

Zitat von ryecoaaron

Please don't make a symlink. omv-letsencrypt was removed because it was duplicate code. You can see the proper code here - https://github.com/OpenMediaVa…lt/mkconf/letsencrypt#L38
That said, assuming you are using OMV 3.x+, a cron job (not shown in scheduled jobs) will be created by the plugin. The new plugin also was changed to accommodate multiple domains. Just regnerate a new cert.

Thanks, got it solved.

I had to uninstall letsencrypt, delete the certificate (make sure it is not used anywhere in OMV or it won't delete), reboot and reinstall letsencrypt. Generating a new certificate solved the problem.

Thanks all for your help!

medri · 31. März 2018

Okay, now it got worse.

all my ssl is f#cked up. When I try and log in to my system trough the internet I get the error message that my certificate has expired.
On my server the command certbot certificates gives me a valid certificate.

Code

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: OMV
    Domains: xxx.yyy.zz abc.def.gh
    Expiry Date: 2018-05-26 22:18:48+00:00 (VALID: 56 days)
    Certificate Path: /etc/letsencrypt/live/OMV/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/OMV/privkey.pem

When I try an dchange something on the Admin-Panel of OMV everything SSL related (like a renew, etc) gives me an error as follows:

Code

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-7df41814-8987-4eed-8701-d3051d779431.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) nginx: configuration file /etc/nginx/nginx.conf test failed

And if i click on details

Code

Error #0:
exception 'OMV\ExecException' with message 'Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; nginx -t 2>&1' with exit code '1': nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/private/openmediavault-7df41814-8987-4eed-8701-d3051d779431.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed' in /usr/share/php/openmediavault/system/process.inc:175
Stack trace:
#0 /usr/share/openmediavault/engined/module/webserver.inc(40): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(168): OMVModuleNginxAbstract->applyConfig()
#2 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(150): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
#5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(528): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatusfq...', '/tmp/bgoutputVu...')
#6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(151): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
#7 /usr/share/openmediavault/engined/rpc/config.inc(213): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
#8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
#9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array)
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
#11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
#12 {main}

Alles anzeigen

Im stuck and out of ideas.

Any suggestions what I could do?

ryecoaaron · 31. März 2018

This is a well known problem in OMV 3.x. When updating an existing cert, it only updates the public key. Deleting the cert in the cert tab of omv's web interface and purging the plugin is what you need to do.

Jetzt mitmachen!