Question Plesk Extension - Let's Encrypt

[pandpan]

Hello, Just another question about an error im getting. This time in regards to Plesk - Lets Encypt

I get the following error:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grayles.net
filemng: Error occurred during /bin/mkdir command.
Cleaning up challenges
Command '['/usr/local/psa/admin/bin/filemng', u'hotpotsoup', 'mkdir', '-p', u'/var/www/vhosts/grayles.net/httpdocs/.well-known/acme-challenge']' returned non-zero exit status 1

I think its a permission error, but I am unsure what permissions i need to put in place and where.

Thanks.

 

[King555]

Did you have a look at "/opt/psa/var/modules/letsencrypt/logs/letsencrypt.log"?

 

[Bitpalast]

Have you tried
# /usr/local/psa/bin/repair --restore-vhosts-permissions
?

 

[pandpan]

Sorry about the slow reply, i got severely ill and couldn't find this post xD

@Peter Debik

I have tried that command - successfully applied

@King555

After applying peters perm fix the following is my log,

I Have deleted my log file. Whats the best way to relay it?

 

[pandpan]

Hello,

I have been working with Lets-encrypt. It was recommended that I also talk to PLESK further.

This is the current error:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grayles.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grayles.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grayles.net/.well-known/acme-challenge/lM6XJ7AZRMQaLscZzp61Y5VLznupXcLwAalW4Sb1fy4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: grayles.net
Type: unauthorized
Detail: Invalid response from
http://grayles.net/.well-known/acme-challenge/lM6XJ7AZRMQaLscZzp61Y5VLznupXcLwAalW4Sb1fy4:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

Now I don't think this is a permission error.. I have made an ok file without an extension just
fine

http://grayles.net/.well-known/acme-challenge/ok
http://grayles.net/.well-known/acme-challenge/ok.txt
and it is accessible.

Is there anything left I can do?

 

[IgorG]

Is there anything left I can do?

Check this KB artcle https://support.plesk.com/hc/en-us/articles/213373069

 

[pandpan]

Thanks!

/var/www/example.com/

I'm at this directory but i dont have a htaccess file.

Does that mean i need to activate it via Apache? or am i doing something wrong?

 

[Bitpalast]

Shouldn't the document root path be
/var/www/vhosts/example.com/httpdocs
?

 

[pandpan]

Shouldn't the document root path be
/var/www/vhosts/example.com/httpdocs
?

Ah sorry I forgot to mention there have been changes since the last paste of the error >W< This is what the error is now:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grayles.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grayles.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grayles.net/.well-known/acme-challenge/Edc6DuEyVC4Y5oqVnDhHB4ezd4aMOIEKJb6DvkpfJjo: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: grayles.net
Type: unauthorized
Detail: Invalid response from
http://grayles.net/.well-known/acme-challenge/Edc6DuEyVC4Y5oqVnDhHB4ezd4aMOIEKJb6DvkpfJjo:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

 

[Bitpalast]

What is the DNS A record for grayles.net? Where does grayles.net point to? I see it pointing to an Ubuntu/Apache default page on IP 167.114.100.27. Have you actually configured a subscription or webspace for the domain or is the domain unconfigured in your Plesk? It think it is unconfigured or that it is the host's main domain. In that case it may not be possible to use Let's Encrypt through the Plesk GUI to secure that domain. Solution:
- Add a subscription for the domain.
- Run Let's Encrypt from within that subscription.

 

[pandpan]

What is the DNS A record for grayles.net? Where does grayles.net point to? I see it pointing to an Ubuntu/Apache default page on IP 167.114.100.27. Have you actually configured a subscription or webspace for the domain or is the domain unconfigured in your Plesk? It think it is unconfigured or that it is the host's main domain. In that case it may not be possible to use Let's Encrypt through the Plesk GUI to secure that domain. Solution:
- Add a subscription for the domain.
- Run Let's Encrypt from within that subscription.

-The DNS A record is: grayles.net 167.114.100.27
-The IP address point to a dedicated server i own.
-The Plesk subscription is provded to me via OVH Canada.
-Yes the main domain is grayles.net - I have yet to change the default page.

I hope that's the information you need?

 

[Bitpalast]

- Add a subscription for the domain.
- Run Let's Encrypt from within that subscription.

Have you done it (yes / no) ?

 

[pandpan]

Have you done it (yes / no) ?

Ah sorry. Based on your reply, I would like to request a bit more information in regards to "Subscription to your domain" - I'm currently not too sure what that means.

 

[Bitpalast]

Plesk makes a difference between web space / domain / subscription. Normally, website domains should either be "web space" or "subscription". When you add a subscription, a virtual host entry is created in your web server configuration and that subscription is shielded against other subscriptions. The subscription user can log in using subscription login data and is jailed to the web space inside the subscription. Everything is done inside that subscription. The file permissions are set accordingly. The Let's Encrypt extension can surely write the files needed inside a subscription.

A web space is also a kind of subscription, but it is owned by the administrator user of the host. I am not a fan of it, though. Better use subscriptions, as that is a more "defined" environment.

As you had previously stated your path is /var/www - this is the default home page path for the default domain of a system, meaning that you are trying to apply a Let's Encrypt certificate to a domain neither configured as a subscription, nor web space. This is not where you want your website to be. You want you website to be in a subscription. This is what the Let's Encrypt extension is expecting as "/var/www/vhosts/grayles.net/httpdocs/". You can simply test it by creating one, then creating the certificate for it. If things won't work out you can always delete the subscription and return to the state you are currently in.

 

[pandpan]

Ok thanks for the explanation!

So what is my next course of action? Could you link me to places where I can start learning on how to turn my space into a subscription defined environment?

 

[Bitpalast]

What Plesk version are you using? Should you not have a subscription link in the menu on the left hand side of the panel?

 

[pandpan]

What Plesk version are you using? Should you not have a subscription link in the menu on the left hand side of the panel?

12.5

Should I be in a different view like provider one? As i Don't see one on first glance.

I found the subscription section. It says this:

grayles.net (Unlimited) (?)

 

[Bitpalast]

I suggest you go to this page for further information on how setting up a Plesk server and creating a subscription on it:
https://docs.plesk.com/en-US/12.5/

 

[pandpan]

I suggest you go to this page for further information on how setting up a Plesk server and creating a subscription on it:
https://docs.plesk.com/en-US/12.5/

grayles.net is under the subscription page, is that what we were looking for?

And, thanks for the link. I will try to do what I can.