Issue let's encrypt error

Discussion in 'Plesk Extensions' started by sebgonzes, Feb 14, 2017.

  1. sebgonzes

    sebgonzes Regular Pleskian

    18
     
    Messages:
    101
    Likes Received:
    6
    Trophy Points:
    262
    Witth an plesk onyx updated on cloudlinux 7.1, I have the error :


    Error: Error de instalación del certificado SSL Let's Encrypt: Failed letsencrypt execution: Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for xxxxxxxxxx.com
    http-01 challenge for www.xxxxxxxxxx.com
    Starting new HTTPS connection (1): 127.0.0.1
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0268_key-certbot.pem
    Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0268_csr-certbot.pem
    Non-standard path(s), might not work with crontab installed by your operating system package manager
    An unexpected error occurred:
    OSError: [Errno 2] No such file or directory
    Please see the logfiles in /usr/local/psa/var/modules/letsencrypt/logs for more details.

    Domain works correctly in http://... I don't understand the problem... Is there any issue?

     
  2. Peter Debik

    Peter Debik Silver Pleskian Plesk Guru

    31
    80%
    Messages:
    933
    Likes Received:
    115
    Trophy Points:
    672
    Location:
    Berlin, Germany
    From your point of view: What could "Non-standard path(s)" mean in the error message? Do you see details in /usr/local/psa/var/modules/letsencrypt/logs? The Let's Encrypt extension is expecting a path on the system that does not exist or is not writeable. Did you make any changes to default paths or permissions in your Plesk installation or operating system?
     
  3. sebgonzes

    sebgonzes Regular Pleskian

    18
     
    Messages:
    101
    Likes Received:
    6
    Trophy Points:
    262
    Peter, I understand the message, I am not absolutely silly, but I don't understand why there is this problem...
    I have plesk 12.5 before in the same server, and the extension always works fine... path have, of course, not changed updating to plesk onyx, I don't know if plesk onyx have change any permission that generate the bug...

    There was the same error in the past with plesk 12.5 (https://support.plesk.com/hc/en-us/...particular-domain-if-the-domain-was-recreated) and the unique solution was the next micro-update, I need to know why the problem have appear again in plesk onyx now and how to solve it (and please, stop your "From your point of view: What coul" comentary in forum.. it's really not necesary, aggresive and not help to solve any real problem...)

    Hope that plesk team can review the problem.
     
  4. Peter Debik

    Peter Debik Silver Pleskian Plesk Guru

    31
    80%
    Messages:
    933
    Likes Received:
    115
    Trophy Points:
    672
    Location:
    Berlin, Germany
    I am sorry if there was a misunderstanding. I did not mean to insult you in any way. I was seriously asking whether you know of any specific changes in permissions, because the issue is not present in default setups. "Your perspective" referring to additional knowledge you have on your system that was not presented in the case description.

    I hope that Plesk team can solve the case for you.
     
  5. IgorG

    IgorG Forums Analyst Plesk Team

    37
     
    Messages:
    22,378
    Likes Received:
    625
    Trophy Points:
    882
    Location:
    Novosibirsk, Russia
    Best Answer
    Most probably that the root cause of the issue that user `psaadm` can't create symlinks. Make sure with

    # sysctl -p

    or in /etc/sysctl.conf or /usr/lib/sysctl.d/00-system.conf

    that following parameters are not

    fs.protected_symlinks_create = 1 <<<< Should be 0
    fs.protected_hardlinks_create = 1 <<< Should be 0
     
    sebgonzes likes this.
  6. sebgonzes

    sebgonzes Regular Pleskian

    18
     
    Messages:
    101
    Likes Received:
    6
    Trophy Points:
    262
    Hello Igor,

    None of both parameter are in our system :


    [root@~]# grep protected /etc/sysctl.conf
    [root@~]# grep protected /usr/lib/sysctl.d/00-system.conf


    [root@ ~]# sysctl -p
    fs.proc_can_see_other_uid = 0
    fs.proc_super_gid = 1000
    vm.swappiness = 10

    I had to add them? There is some change from plesk 12.5 to plesk 17 about this permissions?

    Thanks for your help (we have updated more than 50 servers and can be an great problem for all of them...)
     
    Last edited: Feb 17, 2017 at 4:06 AM
  7. sebgonzes

    sebgonzes Regular Pleskian

    18
     
    Messages:
    101
    Likes Received:
    6
    Trophy Points:
    262
    Hello Igor

    I have added this 2 lines and this have solved the problem.
    This will be solved directly in next release/MU? I understand that other user can have the same problem...
     

Share This Page

Loading...