Let's Encrypt - Something went wrong, Sorry

I have three domains set up that need to have a TLS/SSL set up.

When I run the provisioning, it goes through it’s 60 seconds spiel, and provides me with the [Finish (ready)] button. Pushing that button yields the dreaded message “Something went wrong, Sorry”.

Sadly, no further explanation (really gotta work on more descriptive error messages)

Where can I find the error log for LetsEncrypt, or for what MailinBox encounters at this point?

I suspect it might be one the three domains that is causing the error, so as a secondary question, how can I ‘suppress’ one domain and let it continue with the rest?

Have you determined if the certificates have indeed been provisioned? if they have not have you run the command from the command line to provision the certificates?

There may be some useful information in this thread:

I saw this thread already - it deals with a very different issue.

Here is a dump from the portions of the log-file that it displayed as part of the provisioning process:

Log:
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for fizbin.com.
Validation file is not present — a file must be installed on the web server.
Requesting new challenges for www.fizbin.com.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for nathanzakheim.com.
The challenges for nathanzakheim.com have been accepted.
Reusing existing challenges for www.nathanzakheim.com.
The challenges for www.nathanzakheim.com have been accepted.
Reusing existing challenges for nathanzakheimassociates.com.
The challenges for nathanzakheimassociates.com have been accepted.
Reusing existing challenges for www.nathanzakheimassociates.com.
The challenges for www.nathanzakheimassociates.com have been accepted.
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for fizbin.com.
Submitting challenge response file at http://fizbin.com/.well-known/acme-challenge/[REDACTED].
Reusing existing challenges for www.fizbin.com.
Submitting challenge response file at http://www.fizbin.com/.well-known/acme-challenge/[REDACTED].
Reusing existing challenges for nathanzakheim.com.
The challenges for nathanzakheim.com have been accepted.
Reusing existing challenges for www.nathanzakheim.com.
The challenges for www.nathanzakheim.com have been accepted.
Reusing existing challenges for nathanzakheimassociates.com.
The challenges for nathanzakheimassociates.com have been accepted.
Reusing existing challenges for www.nathanzakheimassociates.com.
The challenges for www.nathanzakheimassociates.com have been accepted.

The reason I am asking for the LOCATION OF THESE PARTICULAR LOG FILES is to be able to find a more specific error message or cause.

I suspect it is just one domain erring out (and yet causing all to fail), as well as the possibility that it could be an error message from LetsEncrypt (which this error dump apparently doesn’t display)

all logs are in /var/log/ folder…

You said 3 domains. I am counting at least 11 subdomains. How many do you actually have on that box?

I ask because of the similarities between your issue and my issue - even though you have dismissed it out of hand.

In the thread you dismissed is the location of some of the log files you need to look at.

syslog contains nothing of relevance to LetsEncrypt, and /var/log contains no LetsEncrypt (or mailinabox) log files. Also, my installation does not have systemctl as a command. Did you use systemctl successfully on your installation?

Do you know where LetsEncrypt log files are kept?

My system has a total 19 listed domains and sub-domains on it.

Based on your speculation relating to the number of domains, I will check if I can cull several redundant domains out, and if that makes any difference (I doubt it, as the issue affecting me relates to only 3 domains - 6 domains and sub-domains - and only to setting up LetsEncrypt).

I suspect one of the domains is generating an error, possibly from LetsEncrypt, which is why my question is about where to find relevant log files for LetsEncrypt or how to remove some domains from the provisioning process.

Alternately, how to perform the LetsEncrypt process, for individual domains, from the command line?

Same here. I suspect that @murgero was referring to a box that he runs as a unsuported modification as the systemctl command is found in Ubuntu 16.04 not 14.04. So, I ignored that once I had the same result as you.

I do not, and looking at the ssl_certificates.py script, it is not apparent that there are any.

I am only aware of the ability to run the ssl_certificates.py script which is located in the management folder of your mailinabox install.

I asked earlier but you did not confirm …

Have you checked the /home/user-data/ssl directory to determine that the certificates have indeed NOT been issued and that the problem is not simply that they have not been deployed? I have seen way to many times that NginX has not properly reloaded.

/home/user-data/ssl# ls
box.maildifferent.com-20180627-5989d1dc.pem
box.maildifferent.com-selfsigned-20180329.pem
dh2048.pem
interpressww.com-20180701-cabf32a4.pem
lets_encrypt
ssl_certificate.pem
ssl_private_key.pem
www.interpressww.com-20180701-9bcd40fb.pem
www.zinkdifferent.com-20180701-e93cc2b1.pem
zinkdifferent.com-20180701-a52a7d4a.pem

These are all domains that have had SSL certificates successfully issued to them.

The ones missing are not in there.

@alento FYI Ubuntu 14.04 LTS images can ship with systemd

Example is DigitalOcean images of 14.04 had systemd.

Hmm, interesting - I hadn’t noticed as I never tried … thanks for the correction. :slight_smile:

So, we are seemingly now getting issues with Let’s Encrypt and errors but no tell tale signs of what the errors are. I see yet another similar topic started.

Yea - with the new let’s encrypt update, the protocol changed. We need to fix our script for it. Assuming that is the issue.

That probably is the issue.
So, how can someone do a manual install of a certificate on a mailinabox installation?

Glad to find out that it’s apparently not just me.

I was thinking along the same lines. Just putting it on the list hoping we get an update in the next release. :smiley:

I too appear to be having the same issue. Has anyone had any update on a fix/work around for this?

Thanks for any help in advance

Cheers

What specifically is the issue? Simply the admin status page not loading yet everything seemingly working ok, or something else?

On my TSL Certificates page, it says:

Certificate status
Certificates expire after a period of time. All certificates will be automatically renewed through Let’s Encrypt 14 days prior to expiration.

I have half a dozen domain names. None of the certificates automatically renewed. This has never happened before. When I try to use the buttons on the Certificates page I get the error “Something went wrong. Sorry.”

Not sure what to do? The certification signing form (CSR) utility on that page is also not working (same errors).