Issue LetsEncrypt

[Janko1000]

Since last Night on every Domain i want to sign with Letsencrypt:

Fehler: Fehler bei der Installation des SSL-Zertifikats von Let's Encrypt: Failed letsencrypt execution: An unexpected error occurred:
ExpatError: mismatched tag: line 6, column 2
Please see the logfiles in /opt/psa/var/modules/letsencrypt/logs for more details.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/opt/psa/var/modules/letsencrypt/etc/live/domain.com/fullchain.pem.
Your cert will expire on 2016-12-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"

Ubuntu 14.4
LetsEncrypt 1.7 - 1.8 too
Plesk 12.5.30 Update #47

 

[IgorG]

Please see the logfiles in /opt/psa/var/modules/letsencrypt/logs for more details.

Have you found something useful there?

 

[Janko1000]

Hi Igor,

nothing in den Logs that show the Problem.
But in the /var/log/sw-cp-server/error_log:

2016/09/23 12:31:32 [error] 11500#0: *264 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 84.151.230.113, server: , request: "POST /smb/ssl-certificate/add/id/1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "serverhostname.com:8443", referrer: "https://serverhostname.com:8443/smb/ssl-certificate/add/id/1"
2016/09/23 12:32:38 [error] 11500#0: *272 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 93.217.40.125, server: , request: "GET /admin/ssl-certificate/edit/certificateId/1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "serverhostname.com:8443", referrer: "https://serverhostname.com:8443/admin/ssl-certificate/list"
2016/09/23 12:33:01 [error] 11500#0: *298 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 84.151.230.113, server: , request: "GET /admin/ssl-certificate/edit/certificateId/1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "serverhostname.com:8443", referrer: "https://serverhostname.com:8443/admin/ssl-certificate/list"

on any Server.
Anytime if i click anything with SSL immediately NGINX 502 Error.

grep buffer  /etc/sw-cp-server/config
    fastcgi_buffers 32 32k;
    fastcgi_buffer_size 64k;

 

[Jürgen Waibel]

I can confirm this problem on a fresh PLESK install
OS ‪Debian 8.6‬
Plesk version 12.5.30 Update #47, last updated at Sept 23, 2016 04:27 PM
with Let's Encrypt 1.8 1 Extension

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: An unexpected error occurred:
ExpatError: mismatched tag: line 6, column 2
Please see the logfiles in /opt/psa/var/modules/letsencrypt/logs for more details.


The certificate gets created as i can find it in the directory. But in the logs i discovered errors right after the creation:

2016-09-23 15:20:34,500:INFO:requests.packages.urllib3.connectionpool:Starting n
ew HTTPS connection (1): 127.0.0.1
2016-09-23 15:20:34,704EBUG:requests.packages.urllib3.connectionpool:"POST /en
terprise/control/agent.php HTTP/1.1" 502 166
2016-09-23 15:20:34,707EBUG:letsencrypt_plesk.api_clientlesk API-RPC respons
e: <html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>

2016-09-23 15:20:34,709EBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/certbot/client.py", line 370, in deploy_certificate
self.installer.save() # needed by the Apache plugin
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/letsencrypt_plesk/configurator.py", line 177, in save
secure_plesk=self.conf('secure-panel'))
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/letsencrypt_plesk/deployer.py", line 134, in save
self.install_cert()
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/letsencrypt_plesk/deployer.py", line 71, in install_cert
response = self.plesk_api_client.request(request)
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/letsencrypt_plesk/api_client.py", line 96, in request
return XmlToDict(response.text.encode('utf-8'))
File "/usr/local/psa/var/modules/letsencrypt/venv.1MOT1/lib/python2.7/site-pac
kages/letsencrypt_plesk/api_client.py", line 188, in __init__
dom = parseString(data)
File "/opt/plesk/python/2.7/lib/python2.7/xml/dom/minidom.py", line 1928, in p
arseString
return expatbuilder.parseString(string)
File "/opt/plesk/python/2.7/lib/python2.7/xml/dom/expatbuilder.py", line 940,
in parseString
return builder.parseString(string)
File "/opt/plesk/python/2.7/lib/python2.7/xml/dom/expatbuilder.py", line 223,
in parseString
parser.Parse(string, True)
ExpatError: mismatched tag: line 6, column 2

 

[UFHH01]

Hi Janko1000,

for investigation reasons, could you pls. share MORE informations?

How did you secure the Plesk Control Panel? With which certificate?
Is the certificate with the ID = 1 the DEFAULT Plesk certificate?

Is the certificate with the ID = 1 valid?

Did you try to use the REPAIR - utility ( "plesk repair all -y -v" and if YES, could you pls. provide the repair.log?

Did you try to use the NON-HTTPS port as well for your Plesk Control Panel, to reproduce the error, or/and solve the issue without a HTTPS - connection? ( => http://servername.domain.com:8880 )

Have you got other Let's encrypt certificates on your server, which are working as expected?

Anytime if i click anything with SSL

Could you pls. be more precise, which links result in an 502 - error?

Did you try to remove and reinstall the Plesk extension "Let's encrypt" ( either over the Plesk Control Panel "Home > Extensions" , or over the command line "plesk bin extension -u letsencrypt" and "plesk bin extension --install-url https://github.com/plesk/letsencrypt-plesk/archive/master.zip" ?

 

[Jürgen Waibel]

UPDATE: It been possible to manual install the letsencrypt cert by adding the cert details manual in the webfrontend, but any automatic cert install fails with the above error!

 

[Janko1000]

Hi UF,
i tried it with remove and reinstall the Plesk Extension.

I reinstall the whole Server and its a absolute fresh Install.


plesk repair all -y -v shows nothing:
Error messages: 0; Warnings: 0; Errors resolved: 0

I tried it with https oder 8443 and http over 8880...
Same Problems.

ALL Links with SSL ended in 502.
On a fresh installed Server:
"Tools & Settings" --> "SSL Certificates" --> "default certificate" --> Nginx 502

But this happend to all Certs. I cant Upload any Certs... it ended in 502

Offtopic:
Es ist also egal was ich mit anklicke, sobald es mit SSL zu tun hat ist Ende im Gelände.
Dieses Problem besteht nun bei 18 Servern. Auf den Servern laufen leider auch HSTS Domains die nun halt eine Fehlermeldung schmeißen.

 

[UFHH01]

Hi Janko1000 and Jürgen Waibel,

On a fresh installed Server:
"Tools & Settings" --> "SSL Certificates" --> "default certificate" --> Nginx 502

But this happend to all Certs. I cant Upload any Certs... it ended in 502

Pls. increase the log - level for your Plesk COntrol Panel:

How to enable/disable debug logging in Plesk 11.5 and up? ( KB - article 120 101 )​

Afterwards, pls. try to reproduce possible previous errors and post again the corresponding entries from your logs: => https://kb.plesk.com/111283#plesk and from "/opt/psa/var/modules/letsencrypt/logs"



I get the feeling, that your PHP settings ( memory_limit ) for the Plesk Control Panel are too low, which might cause an "PHP Fatal error: Allowed memory size of XXXXXXXXXX bytes exhausted" - error, which results in a non-functional sw-cp-server. Could you pls. as well post the output of the command:

/usr/local/psa/admin/bin/php -info | grep memory_limit​

... and increase the "memory_limit" to "512M" ( or even "1024M" if 512 MB might still cause the described error(s) in your logs ) at "/usr/local/psa/admin/conf/php.ini" and restart the "sw-cp-server" afterwards?




P.S.: @Janko1000 : I would consider to CHANGE the thread title to something MORE informative, as for example "Let's Encrypt - Failed letsencrypt execution - ExpatError"

 

[Janko1000]

Hi,

i changed memlimit to 2048M but nothing.

Expand/Collapse Block: Panel Log

[2016-09-24 03:58:39] DEBUG [dbquery] [0] SQL: SET sql_mode = ''
[2016-09-24 03:58:39] DEBUG [dbquery] [0] END: 0.00026798248291016 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [1] SQL: SET NAMES utf8
[2016-09-24 03:58:39] DEBUG [dbquery] [1] END: 0.00018596649169922 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [2] SQL: connect
[2016-09-24 03:58:39] DEBUG [dbquery] [2] END: 0.00023698806762695 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [3] SQL: SET sql_mode = ''
[2016-09-24 03:58:39] DEBUG [dbquery] [3] END: 8.8930130004883E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [4] SQL: DESCRIBE `sessions`
[2016-09-24 03:58:39] DEBUG [dbquery] [4] END: 0.00029706954956055 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [5] SQL: DELETE FROM `SessionContexts` WHERE (`sessionId` IN (SELECT `sessions`.`sess_id` FROM `sessions` AS `sessions` WHERE (`modified` + `lifetime` < 1474682319)))
[2016-09-24 03:58:39] DEBUG [dbquery] [5] END: 0.00018191337585449 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [6] SQL: DELETE FROM `sessions` WHERE (`modified` + `lifetime` < 1474682319)
[2016-09-24 03:58:39] DEBUG [dbquery] [6] END: 7.7962875366211E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [7] SQL: SELECT `sessions`.* FROM `sessions` AS `sessions` WHERE (`sess_id` = 'bdaf6b209982113430309a672e4df829')
[2016-09-24 03:58:39] DEBUG [dbquery] [7] END: 3.6954879760742E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [8] SQL: SELECT `sessions`.* FROM `sessions` AS `sessions` WHERE (`sess_id` = 'bdaf6b209982113430309a672e4df829')
[2016-09-24 03:58:39] DEBUG [dbquery] [8] END: 9.5844268798828E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [9] SQL: DESCRIBE `SessionContexts`
[2016-09-24 03:58:39] DEBUG [dbquery] [9] END: 0.00020694732666016 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [10] SQL: SELECT `SessionContexts`.* FROM `SessionContexts` AS `SessionContexts` WHERE (`contextId` = 'bdaf6b209982113430309a672e4df829')
[2016-09-24 03:58:39] DEBUG [dbquery] [10] END: 9.2983245849609E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [11] SQL: SELECT `SessionContexts`.* FROM `SessionContexts` AS `SessionContexts` WHERE (`contextId` = 'bdaf6b209982113430309a672e4df829')
[2016-09-24 03:58:39] DEBUG [dbquery] [11] END: 2.1219253540039E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [12] SQL: select param, val from misc
[2016-09-24 03:58:39] DEBUG [dbquery] [12] END: 0.00010299682617188 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [13] SQL: SELECT `sessions`.* FROM `sessions` AS `sessions` WHERE (`sess_id` = 'bdaf6b209982113430309a672e4df829')
[2016-09-24 03:58:39] DEBUG [dbquery] [13] END: 9.2983245849609E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [14] SQL: DESCRIBE `clients`
[2016-09-24 03:58:39] DEBUG [dbquery] [14] END: 0.00026988983154297 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [15] SQL: SELECT `clients`.* FROM `clients` AS `clients` WHERE (`type` = 'admin')
[2016-09-24 03:58:39] DEBUG [dbquery] [15] END: 6.6995620727539E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [16] SQL: select `id`, `parent_id`, `vendor_id`, `type`, `cr_date`, `cname`, `pname`, `login`, `status`, `phone`, `fax`, `email`, `address`, `city`, `state`, `pcode`, `country`, `locale`, `description`, `limits_id`, `perm_id`, `pool_id`, `logo_id`, `external_id`, `overuse`, `account_id`, `guid` from `clients` where `id`=1
[2016-09-24 03:58:39] DEBUG [dbquery] [16] END: 5.1021575927734E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [17] SQL: SELECT COUNT(*) FROM domains WHERE parentDomainId = 0
[2016-09-24 03:58:39] DEBUG [dbquery] [17] END: 0.00016689300537109 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [18] SQL: DESCRIBE `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [18] END: 0.00037693977355957 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [19] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [19] END: 0.00015807151794434 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [20] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules` WHERE (`name` = 'heavy-metal-skin')
[2016-09-24 03:58:39] DEBUG [dbquery] [20] END: 0.00010418891906738 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [21] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [21] END: 0.00015497207641602 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [22] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [22] END: 0.00015592575073242 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [23] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [23] END: 0.00015902519226074 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [24] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules` WHERE (`name` = 'heavy-metal-skin')
[2016-09-24 03:58:39] DEBUG [dbquery] [24] END: 0.00014996528625488 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [25] SQL: DESCRIBE `ModuleSettings`
[2016-09-24 03:58:39] DEBUG [dbquery] [25] END: 0.00020980834960938 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [26] SQL: SELECT `ModuleSettings`.* FROM `ModuleSettings` AS `ModuleSettings` WHERE (`module_id` = '2')
[2016-09-24 03:58:39] DEBUG [dbquery] [26] END: 5.793571472168E-5 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [27] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules`
[2016-09-24 03:58:39] DEBUG [dbquery] [27] END: 0.00015687942504883 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [28] SQL: SELECT `Modules`.* FROM `Modules` AS `Modules` WHERE (`name` = 'heavy-metal-skin')
[2016-09-24 03:58:39] DEBUG [dbquery] [28] END: 0.00014996528625488 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [29] SQL: DESCRIBE `ServiceNodes`
[2016-09-24 03:58:39] DEBUG [dbquery] [29] END: 0.00030708312988281 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [30] SQL: SELECT `ServiceNodes`.* FROM `ServiceNodes` AS `ServiceNodes` WHERE (`ipAddress` = 'local')
[2016-09-24 03:58:39] DEBUG [dbquery] [30] END: 0.00015616416931152 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [31] SQL: DESCRIBE `ServiceNodeConfiguration`
[2016-09-24 03:58:39] DEBUG [dbquery] [31] END: 0.00029587745666504 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [32] SQL: SELECT `ServiceNodeConfiguration`.* FROM `ServiceNodeConfiguration` AS `ServiceNodeConfiguration` WHERE (`serviceNodeId` = '1' AND `section` = 'POA')
[2016-09-24 03:58:39] DEBUG [dbquery] [32] END: 0.00015020370483398 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [33] SQL: SELECT `ServiceNodes`.* FROM `ServiceNodes` AS `ServiceNodes` WHERE (((`ServiceNodes`.`id` = 0)))
[2016-09-24 03:58:39] DEBUG [dbquery] [33] END: 0.0001521110534668 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [34] SQL: DESCRIBE `certificates`
[2016-09-24 03:58:39] DEBUG [dbquery] [34] END: 0.00030398368835449 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [35] SQL: SELECT `h`.`certificate_id` AS `id`, count(h.certificate_id) AS `usageCount` FROM `hosting` AS `h`
 LEFT JOIN `Repository` AS `r` ON r.component_id = h.certificate_id WHERE (h.certificate_id <> 0 AND rep_id = 1) GROUP BY `certificate_id`
[2016-09-24 03:58:39] DEBUG [dbquery] [35] END: 0.00014781951904297 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [36] SQL: SELECT `cert`.`id`, count(cert.id) FROM (SELECT `c`.`id` FROM `certificates` AS `c`
 INNER JOIN `IP_Addresses` AS `ip` ON ip.ssl_certificate_id = c.id
 INNER JOIN `IpAddressesCollections` AS `ipc` ON ipc.ipAddressId = ip.id
 INNER JOIN `DomainServices` AS `ds` ON ds.ipCollectionId = ipc.ipCollectionId
 INNER JOIN `hosting` AS `h` ON h.dom_id = ds.dom_id
 INNER JOIN `Repository` AS `r` ON r.component_id = c.id WHERE (h.certificate_id = 0 AND r.rep_id = 1) GROUP BY `c`.`id`,
    `h`.`dom_id`) AS `cert` GROUP BY `cert`.`id`
[2016-09-24 03:58:39] DEBUG [dbquery] [36] END: 0.00014901161193848 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [37] SQL: SELECT `c`.`id` AS `id`, count(ip.id) AS `usageCount` FROM `certificates` AS `c`
 INNER JOIN `Repository` AS `r` ON r.component_id = c.id
 LEFT JOIN `IP_Addresses` AS `ip` ON c.id = ip.ssl_certificate_id WHERE (r.rep_id = 1) GROUP BY `c`.`id`
[2016-09-24 03:58:39] DEBUG [dbquery] [37] END: 0.00013017654418945 sec
[2016-09-24 03:58:39] DEBUG [dbquery] [38] SQL: select `id`, `name`, `csr`, `pvt_key`, `cert`, `ca_cert`, `cert_file`, `ca_file` from `certificates` where `id`=1
[2016-09-24 03:58:39] DEBUG [dbquery] [38] END: 0.00016617774963379 sec

This Log is from "click" "default-Cert" in Tools and Settings --> SSL

Expand/Collapse Block: LetsEncrypt Log

http://pastebin.com/MpXRjf0Y

Expand/Collapse Block: Panel Errorlog

http://pastebin.com/mW2ViThY

Expand/Collapse Block: Panel Accesslog

http://pastebin.com/kULsjWfR

 

[UFHH01]

Hi Janko1000,

pls. don't miss to post as well the "sw-cp-server" - logs. => "/var/log/sw-cp-server/error_log" and "/var/log/sw-cp-server/sw-engine.log"

 

[Janko1000]

My Fault... i edit my Post

 

[UFHH01]

Hi Janko1000,

could you pls. comment out ";log_level = debug" to "log_level = debug" at "/etc/sw-engine/sw-engine-fpm.conf", to be sure, that the "sw-engine" ( php-fpm for the Plesk Control Panel ) logs as well in debug mode? Afterwards, pls. restart "sw-engine" and "sw-cp-server" and again try to reproduce your previous issues. Another posting of the new depending logs would be nice, for additional investigations.

 

[Bitpalast]

Guessing at the "upstream" error from your post #3: This normally occurs when fail2ban blocks the local IP address. It disallows Apache to respond to requests that were forwarded by Nginx. The SSL cert issue will probably not occur when you disable Nginx on your machine (try it, /usr/local/psa/admin/sbin/nginxmng -d; it an easily by undone by /usr/local/psa/admin/sbin/nginxmng -e after that test). Also check your fail2ban block list whether it includes localhost (127.0.0.1) or the public IP of your machine.

 

[Janko1000]

@Peter
Fail2ban is not installed on this Server.... and /usr/local/psa/admin/sbin/nginxmng -d changed nothing

 

[hansitheking]

My Servers: Ubuntu 14.04.5, Plesk 12.5.30 #47, Strato Dedicated Servers

@Janko1000 and @Jürgen Waibel I had exactly the same issues like you on to of my servers.

I checked for updates and installed them. Also I reinstalled the plesk updates and afterwards I did a server reboot now everything is working again. This worked on both Servers

1: apt-get update
2: apt-get upgrade
3: plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
4: reboot

 

[Raymond_Davelaar]

My Servers: Ubuntu 14.04.5, Plesk 12.5.30 #47, Strato Dedicated Servers

@Janko1000 and @Jürgen Waibel I had exactly the same issues like you on to of my servers.

I checked for updates and installed them. Also I reinstalled the plesk updates and afterwards I did a server reboot now everything is working again. This worked on both Servers

1: apt-get update
2: apt-get upgrade
3: plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
4: reboot

This worked for me too, didn't have to reboot.

 

[Jürgen Waibel]

for testing i reinstalled 2 servers and ran into the problem again with the default installation.
After i reinstalled the patches as mentioned above its working now.

I did not have the issue before so maybe the installation routine for Debian 8 needs to be reviewed.
The systems before been using Debian 8.5 and the latest installations been using Debian 8.6. Maybe this is causing the issue.

regards