(I cant even post it: Im trying to post the issue here, but its telling me that i cant include links in forum posts. Despit there arent any links in the post)
Helloā
Iām not sure what you mean by āI canāt even post itāāwhat are you trying to specifically post? A copy/paste of something? A screenshot?
Can you provide more information as to what you mean by ādonāt workā? Letās Encrypt certificates are not included in backups, so if you mean it is missing, that is expected, and it will need to be re-generated.
Otherwise, more specific information would be helpful. I understand if you tried to provide those details initially and it failed, though. I know there was just an update to the forums the other day, though, unfortunately, Iām not certain what that specific update entailed.
Well the forum does not let me post the part of the log that contains the error. Says that āYou cant post linksā, despite there arent any links in the text. So i cant provide info from logs or the interworx shell command that i used.
Basically I restored a backup (import) from a file onto an account that already exists. Called import i believe. The script gave some warnings about letsencrypt certs but completed. However the certs donāt work now, neither I can generate them through Siteworx.
Unfortunately the dev who did the update to the forum is on vacation for the next few weeks, without internet service, so Iām unable to contact him to see what might be going on with copy/pasting. Sorry about that. That is a weird thing Iāve never seen come up, before.
I donāt know what you mean by ādonāt work nowā. Do you mean that the sites are being shown as insecure in the browser?
It would probably be easiest if you just submitted a ticket to support.interworx.com and I can take a look for you. Youāll be able to provide the log information there, as well. When you do, you will need to also provide the IP, port if anything other than 22, and enable Remote Assistance. That will allow me to access your server, securely, and I can see what might be going on.
The forum seems to interpret non-link text as links. Thatās why its not allowing me post i believe.
The site was not being shown in the browser since it was insecure (invalid cert).
After a day it seems to have refreshed its certificate and now it appears. (this was a dev site). However now Iām hesitant to do any imports since it looks like i wont be able to import the cert or renew it for a long time.
Was your domain listed in the logging at all? My guess is that the forum saw the domain and interpreted it as a ālinkā. I changed some permission settings so hopefully that may have helped. Try posting a bit of the logging again, if you have it still saved.
As it is, this all sounds like expected behavior with Letās Encrypt.
Iām making an assumption that you have AutoSSL enabled for the Letās Encrypt plugin (under NodeWorx > Plugins).
Because of the DNS requirements for Letās Encrypt, we donāt include Letās Encrypt certs in backups. So the next step would be to generate one via SiteWorx. I donāt know what specific errors you saw when you attempted to do so, so I am unable to tell you why, specifically, that did not work at the time. (which is why it is often helpful to just submit a support ticket in cases like this. That way we can take a look and it takes out some of the guesswork).
However, if you have AutoSSL enabled, what that does is, when the next daily cron runs, it checks all domains without an SSL cert to see if DNS resolves to the server. If it does, it creates a cert for that domain. So that would explain why, the next day, there was a valid cert againāAutoSSL did its thing and generated the cert for the domain for you.
AutoSSL can manually be run, as well, if you donāt want to wait for the next daily, with the following:
~iworx/cron/iworx.pex --run-one=Autossl
Here is the original post i prepared:
I restored a previously made full backup of a site using the command line with the command:
~iworx/bin/import.pex --archive=/chroot/home/backup.tgz --control-panel=siteworx --ip-address=8.8.8.8 --force
The restore worked, but it gave some warnings about letsencrypt symlinks:
WARNING
WARNING Found unexpected symlinks in var dir.
WARNING Excluding: cbtest/var/test.codebard.com/ssl/test.codebard.com.priv.key ā /etc/letsencrypt/live/test.codebard.com/privkey.pem
WARNING Excluding: cbtest/var/test.codebard.com/ssl/test.codebard.com.crt ā /etc/letsencrypt/live/test.codebard.com/cert.pem
WARNING Excluding: cbtest/var/test.codebard.com/ssl/test.codebard.com.chain.crt ā /etc/letsencrypt/live/test.codebard.com/chain.pem
WARNING Hit Ctrl-C now to cancel, or wait to continue.
WARNING
ā¦
Now the SLL on the site does not work. And when i go to SiteWorx and manually try to refresh the SSL cert through Letsencrypt, it fails. And in SiteWorx letsencrypt logs, this error is listed:
raise errors.AuthorizationError(āSome challenges have failed.ā)
AuthorizationError: Some challenges have failed.
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
www.test.codebard.com - check that a DNS record exists for this
domain
How to get around this?
And, is there a way to restore Letsencrypt cert of a backup while restoring the backup from command line?
Helloā
It looks like the two symptoms youāre experiencing are unrelated. Regarding your first issue, as Jenna mentioned, LE certs donāt get automatically restored, so that behavior is expected.
Secondly, the error āSome challenges have failed.ā means that Letās Encrypt was unable to find the DNS information for one of your domains. Based on the output of the error, I checked the A record for www.test.codebard.com
and it doesnāt appear to have an A record for it:
[brandon@fedora ~]$ dig a www.test.codebard.com +short
[brandon@fedora ~]$
No output generally means there is no A record for that domain. This leaves two options: either add an A record for www.test.codebard.com
or be sure you are not selecting www.test.codebard.com
in the āSubject Alternative Nameā section of the Letās Encrypt generation form (it is selected by default).
Then you should be able to generate the cert without issue.
Please let me know if you have any additional questions.
Thank you,
Brandon
Ok, I think adding the a record for www.test did it. I used the autogenerate commandā¦
~iworx/cron/iworx.pex --run-one=Autossl
ā¦after that.
Is there a version of that command to process only one domain?
No, there is no way to target that command to generate an LE cert for just one domain. The script it calls runs through all domains on the server checking if they have an SSL, and an SSL is not present for the domain, it checks if DNS resolves to the server. Then it creates the SSL cert if the DNS criteria is met. Itās not really meant to be used to pinpoint just specific domains.
Generating an SSL for just a specific domain requires doing so from SiteWorx (and all the others will still have SSL certs generated for them when the next daily cron runs that script anyhow).