Help renewing LetsEncrypt certificate.

[rodofrn]

Hello guys, I followed some instructions danb35 provided in a post [here] i made about a year ago, and the certificate worked fine, but it did NOT get renewed like it was supposed to, and now the site tells me that the certificate is invalid. Can someone please help me renew it? and have it renew forever? Thanks in advance.
Couple of things i have tried:

I have run the letsencrypt.sh -c command and it returns this:

root@ownCloud:/ # letsencrypt.sh -c
# INFO: Using main config file /usr/local/etc/letsencrypt.sh/config.sh
Processing freenasowncloud.info
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Aug 9 03:30:00 2016 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating signing request...
+ Requesting challenge for freenasowncloud.info...
root@ownCloud:/ #

Any ideas?

 

[JohnDigital]

You may have to --force-renewal although im not 100% sure I dont use that method.

Im using the certbot method. Works very slick. Only have to run
certbot renew
and it checks and renews as needed, set up a cron for it to run monthly. The docs for it are HERE.

 

[rodofrn]

@John Digital:

I tried doing that force command, it did not work either. How can i setup that certbot, I am running owncloud on a jail in freenas. Please and thanks.

 

[JohnDigital]

I install from ports using portmaster. You mileage will vary. Go to the Freshports page here. It covers everything you need to know and points to all relevant infos/pages on installing and using it.

 

[rodofrn]

I tried certbot, and cannot get past this after i run "certbot certonly"

Failed authorization procedure. MYWEBSITE(http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to MYWEBSITE

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: MYWEBSITE
Type: connection
Detail: Could not connect to MYWEBSITE

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@ownCloud: #

 

[JohnDigital]

What is happening here is that its writing a directory to your webroot directory, then tries to access www.mywebsite.com/createdfiles. It cannot access the directory it is creating, so it cannot verify. Seems I had the error as well at first, until i figured out what was happening and I was able to fix it. Use some google-fu and I am confident you can figure it out.

If you cant figure it out I can try to help further. Its something very simple, I do remember that. When you run certbot certonly it pops up config dialogs, you might be telling it the wrong webroot directory. Especially in the case of owncloud. It might be looking in /usr/local/www/apache24/data/ when in reality owncloud I think is aliased and in the /usr/local/www/owncloud directory. At least in my case. Im running Apache, again your mileage might vary.

 

[rodofrn]

Yeah, I "think" my webroot (that is like where you installed the owncloud and all the files are right?) is /usr/local/www/owncloud, but when i tell it that is it, the error i posted happens, idk man, can you help me further? thanks in advance, REALLY..!

 

[JohnDigital]

If you are using apache, I would tell it to use this directory /usr/local/www/apache24/data

 

[rodofrn]

Oh no no, I am using nginx, i followed this tuts

https://forums.freenas.org/index.php?threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/
https://forums.freenas.org/index.ph...nx-php-fpm-and-mysql.17786/page-3#post-106402
https://forums.freenas.org/index.php?threads/need-help-setting-up-owncloud-with-ssl.42862/page-3

 

[JohnDigital]

I have never used nginx. Ive been running apache my entire adult life. I dont even know where to tell you to use for a directory. I can tell you I suspect its probably as I said, you are not telling it the correct webroot directory. It is not able to read from the directory it is creating. I think the default webroot directory for nginx on bsd is /usr/local/www/nginx.
When you go to your owncloud server are you going to www.website.com/owncloud or just www.website.com? I suggest using the absolute web root directory in the certbot creation process.

 

[rodofrn]

@josh Digital

When I go to the website i use www.website.com/owncloud

these are the contents of /usr/local/www/nginx:

-rw-r--r-- 1 root wheel 537 May 10 2016 50x.html
-rw-r--r-- 1 root wheel 1 May 10 2016 EXAMPLE_DIRECTORY-DONT_ADD_OR_TOUCH_ANYTHING
-rw-r--r-- 1 root wheel 612 May 10 2016 index.html

Any ideas?

I just tried telling it that the webroot was /usr/local/www/nginx
and it gave me the same error.

 

[JohnDigital]

A www directory should not be owned by root. Again im an Apache person so this might be different for you. If it were me id do
chown -R www:www /usr/local/www/nginx
Then try to run certbot again using that directory as webroot.

 

[Jailer]

Any ideas?

From the jail root:
chown www:www /usr/local/www/nginx

 

[rodofrn]

@Jailer @John Digital
Changed ownership of the nginx directory to www:www, same error. What is going on? Any ideas?

 

[JohnDigital]

You might have some Virtualhost settings interfering or something. Im not sure what to tell you. I know when I went to get it working it was a matter of choosing the correct webroot directory. What do you get when you go to www.website.com? Is there a website?

 

[rodofrn]

@John Digital

when i go to www.website.com, I get 403 Forbidden + nginx/1.10.0.

Any other ideas?

 

[JohnDigital]

Thats your issue.. The certbot command needs to be able to read and write to the webroot directory, and it cant. Post your nginx config if you could, or more specifically look for the section marked "root /some/directory/here". After you chowned the /usr/local/www/nginx directory to www, did you do service nginx restart?

 

[JohnDigital]

Looking over my web directories, certbot places a file called .well-known in the root directory and then reads it over the web. If it cant read that directory, then you get the error. It may behoove you to see where this directory is being created find / -name ".well-known" and look to see what the permissions of these directories are.

 

[rodofrn]

I did restart nginx and same thing.

Here it is,

server {
listen 443 ssl;
root /usr/local/www;
location = /robots.txt { allow all; access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ^~ /owncloud {
client_max_body_size 131072M;
error_page 403 /owncloud/core/templates/403.php;
error_page 404 /owncloud/core/templates/404.php;
location /owncloud {
rewrite ^ /owncloud/index.php$uri;
}
location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {

 

[rodofrn]

This is the result from [find / -name ".well-known"]

root@ownCloud: # find / -name ".well-known" (I went to each one to show the info below)

/usr/local/www/owncloud/.well-known --INFO--> drwxr-xr-x 2 root www 2 Jan 6 17:44 .well-known/
/usr/local/www/.well-known --INFO--> drwxr-xr-x 3 root wheel 3 May 10 2016 .well-known/
/usr/local/www/nginx-dist/.well-known --INFO--> drwxr-xr-x 2 root wheel 2 Jan 7 07:47 .well-known/
/usr/local/etc/nginx/.well-known --INFO--> drwxr-xr-x 2 root wheel 2 Jan 7 11:04 .well-known/
/var/db/mysql/owncloud/.well-known --INFO--> drwxr-xr-x 2 root mysql 2 Jan 6 17:32 .well-known/

root@ownCloud:/usr/local/etc/nginx #