(NO LONGER MAINTAINED) | Bash script to generate and install Let's Encrypt certificate for your websites on your ServerPilot account (Free or Paid Plan)
License: MIT License
My first try with the script works, now i always get this error when i run the script the 2nd time for a new domain..
Ubuntu 14.04 LTS
Using the webroot path /srv/users/serverpilot/apps/APPP/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. DOMAIN (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to DOMAIN
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: DOMAIN
Type: connection
Detail: Could not connect to DOMAIN
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Also i got this error;
FailedChallenges: Failed authorization procedure. DOMAIN (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to DOMAIN
Will it possible to create same script for RunCloud?
its not compatible with Ubuntu server 16.04 LTS.
if we do install a SSL it crashes all the websites even the ones not using the SSL.
Getting the following error when I try to run the script
root@ip-xxx-xx-xx-xxx:/usr/local/bin# ./sple.sh
./sple.sh: line 7: syntax error near unexpected token `newline'
./sple.sh: line 7: `<!DOCTYPE html>'
sple.sh: 95: sple.sh: Syntax error: "(" unexpected
I have a couple domains with SSL certs already. I'm trying to add another app SSL and am seeing the error above. I'm using the latest sple.sh
Any help would be appreciated!
I've tested this a few times and each time I had to manually restart nginx. I know a restart is in this script, but I've still found I need to do it again myself once the script completes. Maybe it's just me.. but I did test on 2 different u16.04 servers.
Nice script however..thanks for sharing
I deleted the app and the file since im not using the domain anymore. And now i cant start nginx-sp.
The error i get is
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/mydomain.se/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/mydomain.se/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Anyone have a idea how i fix this?
The current cron is:
"* 1 * */2 * $lefolder/letsencrypt-auto certonly --renew-by-default --webroot -w /srv/users/serverpilot/apps/$appname/public ${APPDOMAINLIST[@]}"
This will run every minute of the 1am hour every day of every other month.. like this:
2016-06-01 01:00:00 UTC
2016-06-01 01:01:00 UTC
2016-06-01 01:02:00 UTC
2016-06-01 01:03:00 UTC
2016-06-01 01:04:00 UTC
...
I think it should be:
"0 1 1 */2 * $lefolder/letsencrypt-auto certonly --renew-by-default --webroot -w /srv/users/serverpilot/apps/$appname/public ${APPDOMAINLIST[@]}"
which will run like this:
2016-06-01 01:00:00
2016-08-01 01:00:00
2016-10-01 01:00:00
2016-12-01 01:00:00
2017-02-01 01:00:00
...
This is an excellent script! Thank you
Have you tried this script with 2 apps on the same server? The certificate seems to generate correctly but both apps stop working when the ssl.conf file is created. After I delete it, they both start working again. Didn't try creating 2 certificates for each app yet.
Actually, I have been using Cloudflare, But I have decided to ditch it. Cloudflare gave me free SSL from lestencrypt, so is it safe to install it on ServerPilot?
Hi guys, I am very newbie about server configuration. I am currently running Ubuntu 14.04 on DigitalOcean and using Serverpilot.
I followed the instruction to install Let's Encrypt on one of my domain. When running the sple.sh script, I got an error like this:
Failed authorization procedure. mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.com/.well-known/acme-challenge/aw8TK32BOdF4l56PiTKnw_QLlcTwggpIYyu_BGL3UQ8: Connection refused
Can you explain why this error occured? How to fix this?
Big thanks!
Hey,
I tried with this script few times today, and I have no clue what's going on. After configuration, all URLs just stop working. Both droplet id as domain http:// https:// with or without www. All I get is "This site can’t be reached."
Hello and thanks for this script, it works great but I did something wrong: I have 3 domains hosted on the same vps, last month I added a certificate for every domain and everything went fine. I setup two of my domains using ssl. Today I wanted to add a certificate for the third domain but I forgot I already created one certificate last month so I started the script. I end up with all 3 domains not reachble.
I deleted the third domain .ssl.conf and webistes are reachable again.
I would like to know how could I solve this? I would like to use an ssl certificate for all my 3 domains.
thank you in advance
Let's say I register example.com and I want to add example.org to the same app. What are the step required to doing that?
Is this tool supported for the new Ubuntu server 16.04 LTS ?
If not any plans as when it could be ?
Keep up the good work .
We're almost done here. Restarting nginx...
Restarting nginx-sp: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/abc.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/abc.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx-sp.
I follow the instructions and installed letsencrypt. Installation successfully completed. But i can't see "secure" on the Google Chrome. So i delete .ssl.conf and reinstall. When i do that site is down. There is a error output on the terminal when i use "sudo service nginx-sp restart" command.
root@******:/usr/local/bin# sudo service nginx-sp restart
Restarting nginx-sp: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/******.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/*****.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx-sp.
This doesn't work for me on Ubuntu 14.04.
I always get ERROR_CONNECTION_Reset on Chrome.
After installing SSL using sple.sh
my website can’t have accessed and showing this error message
Network Error (tcp_error)
A communication error occurred: "Connection reset by peer"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.
I have restarting ngix-sp and power cycling vps via digitalocean dashboard but nothing work
im using 512 MB Memory / 20 GB Disk / NYC1 - Ubuntu 16.04.2 x64
Hi Rudy,
Just got this message when trying to re-install the cert for a site...
Is this something that has already been addressed?
More info... This is an old installation of the script. One of my sites became "unsecure", so I wiped the cron & .ssl.conf file, and re-initialized the cert. I did grab the latest version of the script, but I know it didn't uninstall the original instance of letsencrypt.
Let me know if you have any questions, I'd be happy to provide more information.
Running this installer now killing the FPM PHP and server stop working.
Was working fine before this.
Tested on new server, same.
Ubuntu 16.04 x64
When I run ./sple.sh
I get the following error in console.
./sple.sh: line 5: syntax error near unexpected token newline' ./sple.sh: line 5:'
Hi,
Whenever I navigate to /usr/local/bin
The transfer of sple.sh fails with following error (as user Serverpilot and Ubuntu"root")
Error: /usr/local/bin/sple.sh: open for write: permission denied Error: File transfer failed
If I try to set permissions to 775 or 777, I see this error :
Error: set attrs for /usr/local/bin: permission denied
Published a tutorial on using this script along with a screencast.
https://sridhar.blog/install-ssl-certificate-serverpilot-managed-hosting-account/
Hi, i'm getting this error when executing the script and later adding the app name + domains.
/usr/local/bin/sple.sh: Syntax error: "(" unexpected root@asdfsth:~/serverpilot-letsencrypt#
If using serverpilot-letsencrypt on free account, does HTTP/2 need to be enabled manually? HTTP/2 is listed as a benefit of paid service.
Does It Support Wordpress Multisite?
there is a missing option to run in testing mode from let's encrypt.
hope you can add it as we should test the keys from there test server 1st as there is no cap limit on how many test keys you can query from the test server but there is a cap on the real staging server.
ones all seems to be working there should be a option or a config file to change the testing mode from 0 to 1 to use the real staging servers.
i know this as i did hit the cap limit on 3 of my keys and when that happens you need to wait for 7 full days before you can try it agen.
there should be a file or option that : lets us change the testing mode to 0 to not use the staging server at Lets Encrypt.
see docs : https://letsencrypt.org/getting-started/
Limits on usage Let’s Encrypt will issue a limited number of certificates each week. See this thread for the latest numbers. If you are trying out the client for the first time, you may want to use the --test-cert flag, and a domain name that does not receive live traffic. This will get certificates from our staging server. They won’t be valid in browsers, but otherwise the process will be the same, so you can test a variety of configuration options without hitting the rate limit.
see this project: https://github.com/dfinnema/le-serverpilot for there test file
Hi,
When using this (awesome) script it seems that it not enables Brotli compression. When using Serverpilot paid function they enable Brotli with HTTP/2.
Any clues on how to enable Brotli with this script?
Hello,
There should be a way to uninstall or remove this completely. If you ever stop using SSL or are looking to change to another certificate.
I would appreciate a guide on how to remove this from one of my sites. It's really a nice script but I'm thinking about switching on my CloudFlare cert.
I get this error when trying to restart nginx. Also for what it's worth, when I run sple.sh again, it says:
Let's Encrypt is not installed/found in your root folder. Would you like to install it?
running Ubuntu 14.04.5 x64
I don't see any letsencrypt logs in var/logs
I dont see a folder /etc/letsencrypt
Also site went offline.
Error
Restarting nginx-sp: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/sitename.org/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/sitename.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx-sp.
I downloaded sple.sh using wget command, followed your instructions and executed sple.sh. However, following errors occur no matter how many times I try.
/usr/local/bin/sple.sh: line 5: syntax error near unexpected token newline' /usr/local/bin/sple.sh: line 5:'
I've done all the commands as root.
Hey,
I have used serverpilot to create an external server (a vagrant box) which works well, however letsencrypt fails to install the ssl certs properly. I imagine this is something to do with this not being a real server, however I wanted to create the issue just in-case there was a way to get this working.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's Encrypt SSL Certificate Generator
For ServerPilot-managed server instances
Written by Rudy Affandi (2016)
https://github.com/lesaff/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Please enter your app name:
wesayy-vagrant
Please enter the System User name for the app:
serverpilot
Please enter all the domain names and sub-domain names
you would like to use, separated by space
wesayy.dev www.wesayy.dev
Generating SSL certificate for wesayy-vagrant
Failed authorization procedure. wesayy.dev (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for wesayy.dev
, www.wesayy.dev (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for www.wesayy.dev
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: wesayy.dev
Type: unknownHost
Detail: No valid IP addresses found for wesayy.dev
Domain: www.wesayy.dev
Type: unknownHost
Detail: No valid IP addresses found for www.wesayy.dev
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Creating configuration file for wesayy-vagrant in the /etc/nginx-sp/vhosts.d
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name
wesayy.dev www.wesayy.dev ;
ssl on;
# letsencrypt certificates
ssl_certificate /etc/letsencrypt/live/wesayy.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wesayy.dev/privkey.pem;
#SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12
8-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD
HE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!
eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response
ssl_trusted_certificate /etc/letsencrypt/live/wesayy.dev/chain.pem;
#root directory and logfiles
root /srv/users/serverpilot/apps/wesayy-vagrant/public;
access_log /srv/users/serverpilot/log/wesayy-vagrant/wesayy-vagrant_nginx.access.log main;
error_log /srv/users/serverpilot/log/wesayy-vagrant/wesayy-vagrant_nginx.error.log;
#proxyset
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
#includes
include /etc/nginx-sp/vhosts.d/wesayy-vagrant.d/*.conf;
include /etc/nginx-sp/letsencrypt.d/*.conf;
}
We're almost done here. Opening HTTPS Port and Restarting nginx...
Skipping adding existing rule
Skipping adding existing rule (v6)
Job for nginx-sp.service failed because the control process exited with error code. See "systemctl status nginx-sp.service" and "journalctl -xe" for details.
Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app
To enable auto-renewal, add the following to your crontab:
0 */12 * * * letsencrypt renew
I figured the problem, its not installing the Let's Encrypt on Ubuntu, and still continuing to write the SSL Config, which is throwing errors.
May be the let's encrypt package provided in the script is not right.
A possible solution would be to execute these commands as root and installing letsencrypt manually, before executing the script
Step -1
dpkg --configure -a
Step -2
apt-get install letsencrypt
After these 2 commands, you may continue executing the script.
I have this error :
Failed authorization procedure. sub.example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to sub.example.com
while I can curl, wget, resolve sub.example.com.
Thanks.
Haven't properly looked in to why yet as I've not seen this directive before.
Commenting that line out of the vhosts file allows the app to work.
getting this error 4 times after doing it for one of my existing wp site installaion. all site died.
wtf man?
why it does that?
Maybe it would be a good idea to make this option so after installing certificate we have option to redirect all traffic to HTTPS. Like the Certbot does it. If I figure out how it should be done I'll make a pull request.
Hi,
I have always this error when I run your script : sple.sh: 86: sple.sh: Syntax error: "(" unexpected
You know why ?
Thanks
would really love to know how to do this!
Whenever I put a .space domain it will have this error
sple.sh: 95: sple.sh: Syntax error: "(" unexpected
Hey, just a quick one.
I have just renewed my certs with the script. Works perfectly however I had to manualy restart nginx after the renewals for them to be picked up by the browser.. So it might be worth creating a separate script which can be executed by CRON instead of the suggested CRON line..
Hi, I did everything as you said -got no errors- and my site has lost its connection and cannot access to wordpress (i didn't change http to https in options -i don't think this is the issue)
I'm using vultr Ubuntu 16.04 x64
Thanks in advance
seams like theirs missing the Revoking a Certificate option
same for removing a account from let's encrypt with email.
and would be nice to have a way to remove the cron as when we get a Revoking a Certificate option or if we need to remove the SSL from a website.
i know this is a work in progress :) keep up the good work.
I have installed serverpilot on a digitalocean droplet everything works great. I have 2 wordpress sites runnin, I used your program to install the first ssl and the site works just fine. No issues... But when i install a second ssl for a second app. when its done I get connection refused. When I go and delete the .conf file for the new ssl that was created and restart the nginx everything works again. Any suggestions on what i need to do to get it to work?
Thanks
Update - I found the answer. My Dns hadn't fully resovled yet when I set the the ssl and that was kicking it to reject all connections.
Upgrading certbot-auto 0.8.1 to 0.9.3...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
An unexpected error occurred:
Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details.
At the end of the installation process, the script prompts you to set an auto-renewal cron...
To enable auto-renewal, add the following to your crontab:
0 */12 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
But on the README page of this repo, it says something slightly different...
0 */12 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade --post-hook "service nginx-sp reload"
Which one is preferred?
When renewing an existing certificate I'm seeing the following message in my logs:
new certificate deployed without reload
When I double check the certificate at a service like sslchecker.com it confirms that the new certificate hasn't taken hold yet.
The initial install worked great, the crontab is up and running, and there aren't any other errors or messages in the log. Is there something else I might be missing / needing to do?
I have this error right at the very end of the log:
Restarting nginx-sp: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/{server-address},/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/{server-address},/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx-sp.
And now my sight shows up as "ERR_CONNECTION_REFUSED", server is unreachable.
Ideas for a fix?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.