Почта на своём домене

[blattodea]

А в чём может быть проблема? Посмотреть логи?

Проблема чего? Обновления сертификата?

Ну да, всё та же проблема с портами, как я понимаю. Как решить не соображу вот(

[Graf]

Попробуй заново получить сертификат.

[blattodea]

Попробуй заново получить сертификат.

Код Выделить Развернуть

certbot renew --pre-hook "/etc/rc.d/rc.httpd stop" --post-hook "/etc/r                                                    c.d/rc.httpd start" --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bromeliaceae.su.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for bromeliaceae.su and www.bromeliaceae.su

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://bromeliaceae.su/.well-known/acme-challenge/yiBKE32eWkiHridWgQNxTWukozRPjKfny7g1xzn9d-I: Timeout during connect (likely firewall problem)

  Domain: www.bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://www.bromeliaceae.su/.well-known/acme-challenge/1iglmpBZTQGvO0D2_YRjiDfYBfufSccTCU7-SsdOGNo: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate bromeliaceae.su with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/gbs.bromeliaceae.su.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for gbs.bromeliaceae.su and www.gbs.bromeliaceae.su

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: gbs.bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://gbs.bromeliaceae.su/.well-known/acme-challenge/XjkvDcsC6grMzKgFbJxT6mEOcvKLdtaZT4X8e71BSqA: Timeout during connect (likely firewall problem)

  Domain: www.gbs.bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://www.gbs.bromeliaceae.su/.well-known/acme-challenge/YY4aNMoTvnrsmSLteTRWPAFbCfIrQUdc6MRw-kLvqb4: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate gbs.bromeliaceae.su with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/bromeliaceae.su/fullchain.pem (failure)
  /etc/letsencrypt/live/gbs.bromeliaceae.su/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[Graf]

Не понятно почему он лезет на хост. Не должен, когда указанно standalone. 
Давай бубен достанем..
Переименуй каталог /etc/letsencrypt .
Потом sbopkg -r
Потом заново всё поставь, по списку (pip...., sbopkg....).
Потом получи снова (certbot certonly....)

[blattodea]

Потом заново всё поставь, по списку (pip...., sbopkg....).

Вот так?

Код Выделить Развернуть

sbopkg -Bi "configobj josepy zope.component zope.event zope.interface requests-toolbelt \
pyrfc3339 pytz python-parsedatetime pyOpenSSL python3-setuptools-rust python3-semantic-version \
cryptography python3-configargparse python3-augeas letsencrypt"

[Graf]

Да, делай всё, как-будто с нуля всё ставишь.

[blattodea]

Код Выделить Развернуть

certbot renew --pre-hook "/etc/rc.d/rc.httpd stop" --post-hook "/etc/rc.d/rc.httpd start" --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
No hooks were run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Код Выделить Развернуть

/var/log/letsencrypt/letsencrypt.log

Код Выделить Развернуть

2023-09-22 00:25:01,799:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-09-22 00:25:01,800:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-09-22 00:25:01,800:DEBUG:certbot._internal.main:Arguments: ['--pre-hook', '/etc/rc.d/rc.httpd stop', '--post-hook', '/etc/rc.d/>
2023-09-22 00:25:01,801:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#ma>
2023-09-22 00:25:01,820:DEBUG:certbot._internal.log:Root logging level set at 30
2023-09-22 00:25:01,821:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-09-22 00:25:01,822:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2023-09-22 00:25:01,822:DEBUG:certbot._internal.display.obj:Notifying user: No hooks were run.
2023-09-22 00:25:01,822:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
2023-09-22 00:25:01,822:DEBUG:certbot._internal.renewal:no renewal failures

Код Выделить Развернуть

/etc/rc.d/rc.httpd start
AH00526: Syntax error on line 140 of /etc/httpd/extra/httpd-vhosts.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/bromeliaceae.su/cert.pem' does not exist or is empty

[blattodea]

А! Вот так надо было:

Код Выделить Развернуть

certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email max@bromeliaceae.su -d bromeliaceae.su -d www.bromeliaceae.su
Но выдаёт:

Код Выделить Развернуть

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for bromeliaceae.su and www.bromeliaceae.su

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://bromeliaceae.su/.well-known/acme-challenge/eY_ueZDYxe2Dl5OKqGq2YL-sOTKbyGSGoSAHy_m4ytM: Connection refused

  Domain: www.bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://www.bromeliaceae.su/.well-known/acme-challenge/iJPTKLw-bQrI0_pefBs3AlgUY166VfUN2-jCIdPeXlU: Connection refused

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[Graf]

Ерунда какая-то...
У тебя и letsencrypt и апач с сайтом на одной машине и на неё редирект с роутера портов 80 и 443?
Если "да", уже и не знаю в чём может быть дело.
Давай попробуем отключить IPv6..

Код Выделить Развернуть

# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
# echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
# sysctl -p


[blattodea]

У тебя и letsencrypt и апач с сайтом на одной машине и на неё редирект с роутера портов 80 и 443?

Ну да, на одном компе...

[blattodea]

Давай попробуем отключить IPv6..

Код Выделить Развернуть

Код Выделить Развернуть

# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
# echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
# sysctl -p

Готово. Теперь попробовать получить сертификаты?

[blattodea]

Опять 

Код Выделить Развернуть

certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email max@bromeliaceae.su -d bromeliaceae.su -d www.bromeliaceae.su
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for bromeliaceae.su and www.bromeliaceae.su

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://bromeliaceae.su/.well-known/acme-challenge/aP7ZYufZrxBws5t5UPn5zgdYFDL9cb4T5hC1TT2mYGQ: Timeout during connect (likely firewall problem)

  Domain: www.bromeliaceae.su
  Type:   connection
  Detail: 46.32.79.171: Fetching http://www.bromeliaceae.su/.well-known/acme-challenge/BzwxxcbSLBY0uTwDj9pPsMeJjqagGR3v6tPbNsE9-18: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Интересно, но мы ведь до этого делали и всё было хорошо, сайты проработали определённое время.

[Graf]

Интересно, но мы ведь до этого делали и всё было хорошо, сайты проработали определённое время.

Вот я и не пойму, что у тебя (или у них) изменилось, что оно работает как с ключом --webroot.
Давай попробуем вручную. Запусти certbot certonly выбери, сначала, п.2 и дальше ответь на вопросы согласно твоего домена. Если вылезет та же ошибка, то снова запусти и выбери п.1
Да, перед этим сохрани конфиги апача, на всякий..

[blattodea]

Если «2», то ошибка. Если один, то:

Код Выделить Развернуть

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.

AH00526: Syntax error on line 140 of /etc/httpd/extra/httpd-vhosts.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/bromeliaceae.su/cert.pem' does not exist or is empty


How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache) [Misconfigured]
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The selected plugin encountered an error while parsing your server configuration
and cannot be used. The error was:

Error while running apache2ctl configtest.

AH00526: Syntax error on line 140 of /etc/httpd/extra/httpd-vhosts.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/bromeliaceae.su/cert.pem' does
not exist or is empty
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache) [Misconfigured]
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

[blattodea]

Да, перед этим сохрани конфиги апача, на всякий..

Все вот эти?

Код Выделить Развернуть

httpd-autoindex.conf  httpd-info.conf       httpd-mpm.conf                 httpd-userdir.conf     proxy-html.conf
httpd-dav.conf        httpd-languages.conf  httpd-multilang-errordoc.conf  httpd-vhosts.conf
httpd-default.conf    httpd-manual.conf     httpd-ssl.conf                 httpd-vhosts.conf.new
И эти?

Код Выделить Развернуть

httpd.conf  httpd.conf.new  mod_php.conf