Weblog

11 September 2019, 14:03

Due to some changes in the Let's Encrypt API, I've released version 2.1 of the Let's Encrypt script for Hiawatha.

Stumpy
13 September 2019, 19:21
Thanks for the new script. Weirdly, v2.1 of the script doesn't seem to correctly parse my config. If I run the script as-is, it only ever errors out with:

"Read the lefh manual page and follow its instructions before using this tool."

If I comment out the line with the configuration check, it doesn't error but it also doesn't do anything according to the debug log. `letsencrypt expire` does list my domains correctly.

Is this script compatible with PHP 7.3.8? Is it capable of re-using the existing account.key?

Thank you!
Vladas Palubinskas
15 September 2019, 08:46
According to INSTALL, the new version does not use an old access.key of previous versions: "When running the tool for the first time, it will create a Let's Encrypt account key."
Hugo Leisink
16 September 2019, 12:48
@Stumpy: the location for the account.key file is ~/.letsencrypt/. Is that where your account key is stored?
Günther
18 September 2019, 15:21
This Update generates an error on renewing certificates:

"- Error getting challange for mydomain.example.org"

debuglog says:
"type": "urn:ietf:params:acme:error:malformed",
"detail": "No such authorization",
"status": 404
Günther
19 September 2019, 10:09
Finding the error, the path has changed to /usr/lib/... what a mess!
corrected the above, now it cant find hiawatha.conf in /het/hiawatha (it sill exists there):
- Can't find config file HIAWATHA_CONFIG_DIR/hiawatha.conf
Hugo Leisink
25 September 2019, 11:41
I have no idea what you're doing. My guess is that you manually copied files from different versions. Try reinstalling Hiawatha and use the script that comes with it.
Joe Schmoe
2 March 2020, 17:41
I'm having a problem with renewing certificates. Below is the tail end of the log file. It looks it sends the authorization strings with "authz-v3" as part of the URL.

But then when it subsequently requests that URL it only uses "authz" as part of the request and not "authz-v3" which is why I think it returns a 404 error.

If I use either of the URLs in the authorizations config it works just fine. I tried to figure out where in the code it is replacing the "authz-v3" but cannot find it.

Any ideas?

Thanks!

======

"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx1234",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx1235"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/xxxxx/xxxxxxxxxx"
}"
}
GET /acme/authz/xxxxxx1234
Server response: array(3) {
["status"] => int(404)
["headers"] => array(6) {
["server"] => string(5) "nginx"
["date"] => string(29) "Mon, 04 Mar 2020 16:25:58 GMT"
["content-type"] => string(25) "text/plain; charset=utf-8"
["content-length"] => string(2) "19"
["connection"] => string(5) "close"
["x-content-type-options"] => string(7) "nosniff"
}
["body"] => string(19) "404 page not found
"
}
[/code]
Joe Schmoe
2 March 2020, 18:38
NEVERMIND!

I just figured out that it was still using old libraries in the /usr/lib/hiawatha/letsencrypt directory. Once I replaced that with the new library files the problem was solved.

Vladas
14 February 2021, 11:28
Renewing of certificates does not complete after PHP 7.0 upgrade to PHP8.0:

Renewing certificate for a-z.on.lt.
Generating RSA key.
Generating Certificate Signing Request (CSR).
Ordering certificate.
Getting authorization challenge for a-z.on.lt.
- Creating reponse for authorization challenge.
- Requesting authorization for host.
- Polling authorization status.
Finalizing order.
Removing challenge responses.
Downloading certificates.
PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59
Stack trace:
#0 /usr/lib/hiawatha/letsencrypt/acmev2.php(357): logfile->clean()
#1 /usr/lib/hiawatha/letsencrypt/letsencrypt.php(300): ACMEv2->get_certificate()
#2 /usr/sbin/lefh(152): LetsEncrypt->request_certificate()
#3 {main}
thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59
PHP Fatal error: Uncaught Error: Undefined constant "DEBUG" in /usr/lib/hiawatha/letsencrypt/logfile.php:59
Stack trace:
#0 /usr/lib/hiawatha/letsencrypt/logfile.php(53): logfile->clean()
#1 /usr/lib/hiawatha/letsencrypt/logfile.php(30): logfile->flush()
#2 [internal function]: logfile->__destruct()
#3 {main}
thrown in /usr/lib/hiawatha/letsencrypt/logfile.php on line 59
Hugo Leisink
14 February 2021, 14:37
Remove line 59 and 61 from logfile.php.
Vladas
15 February 2021, 07:58
Yes, lefh renewed now, thank you very much!