Processing /etc/letsencrypt/renewal/login.servizi.linux.it.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',) Attempting to renew cert (login.servizi.linux.it) from /etc/letsencrypt/renewal/login.servizi.linux.it.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
Description
Description
Event Timeline
Comment Actions
Tried with:
$ letsencrypt certonly -d jitsi.linux.it --webroot --webroot-path=/usr/share/jitsi-meet Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for jitsi.linux.it Using the webroot path /usr/share/jitsi-meet for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. jitsi.linux.it (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://jitsi.linux.it/.well-known/acme-challenge/gPU54x5O0vYh3yMYnPtr9C4Oam_c_befr1pgq72lYeI [2a01:4f8:1c0c:738f::1]: "<style type=\"text/css\">h1, h2, h3, p { max-width: 600px; }</style><h1>Sandstorm doesn't recognize this host name</h1><h2>If you "
Note the:
Sandstorm doesn't recognize this host name
But the webroot path works:
$ echo asd > /usr/share/jitsi-meet/.well-known/acme-challenge/gPU54x5O0vYh3yMYnPtr9C4Oam_c_befr1pgq72lYeI $ wget -O - --quiet --no-check-certificate https://jitsi.linux.it/.well-known/acme-challenge/gPU54x5O0vYh3yMYnPtr9C4Oam_c_befr1pgq72lYeI asd
Comment Actions
Gotcha:. It seems our jitsi.linux.it nginx virtualhost is not served via IPv6 connections and it seems Let's Encrypt visits us from IPv6.
Comment Actions
Updated from:
/etc/nginx/sites-enabled/jitsi.linux.it.conf
listen 80; ... listen 443 ssl;
To:
/etc/nginx/sites-enabled/jitsi.linux.it.conf
listen [::]:80; ... listen [::]:443 ssl;
But then the IPv4 was not working. Updated to:
/etc/nginx/sites-enabled/jitsi.linux.it.conf
listen 80; listen [::]:80; ... listen 443 ssl; listen [::]:443 ssl;
Now it works both in IPv4 and IPv6.
Then, renewed successfully with:
letsencrypt certonly -d jitsi.linux.it --webroot --webroot-path=/usr/share/jitsi-meet
NOTE: The prosody.service listening on internal port 5280 and serving /http-bind is showing some warnings:
$ journalctl -u prosody ott 01 10:32:20 VPS systemd[1]: Started LSB: Prosody XMPP Server. ott 01 10:32:20 VPS prosody[31378]: certmanager: SSL/TLS: Failed to load '/etc/prosody/certs/auth.jitsi.linux.it.key': Check that the path is correct, and the file exists. (for auth.jitsi.linux.it) ott 01 10:32:20 VPS prosody[31378]: auth.jitsi.linux.it:tls: Unable to initialize TLS: error loading private key (No such file or directory) ott 01 10:32:20 VPS prosody[31378]: certmanager: SSL/TLS: Failed to load '/etc/prosody/certs/auth.jitsi.linux.it.key': Previous error (see logs), or other system error. (for auth.jitsi.linux.it) ott 01 10:32:20 VPS prosody[31378]: auth.jitsi.linux.it:tls: Unable to initialize TLS: error loading private key (system lib) ott 01 10:32:20 VPS prosody[31378]: certmanager: SSL/TLS: Failed to load '/etc/prosody/certs/auth.jitsi.linux.it.key': Check that the path is correct, and the file exists. (for internal.auth.jitsi.linux.it) ott 01 10:32:20 VPS prosody[31378]: internal.auth.jitsi.linux.it:tls: Unable to initialize TLS: error loading private key (No such file or directory) ott 01 10:32:20 VPS prosody[31378]: certmanager: SSL/TLS: Failed to load '/etc/prosody/certs/auth.jitsi.linux.it.key': Previous error (see logs), or other system error. (for internal.auth.jitsi.linux.it) ott 01 10:32:20 VPS prosody[31378]: internal.auth.jitsi.linux.it:tls: Unable to initialize TLS: error loading private key (system lib)
Tested Jitsi on:
And it works. Mark as resolved.