The certs on my server did not renew and expired the other day. Managed to renew them manually with rwssl.

The automatic renewal apparently did not work. On inspection I notice that no CRON job had been created. No /etc/cron.weekly/rwssl-sslrenewals is present.

Reinstalled rwssl with:

pip3 install --upgrade --force-reinstall rwssl

However still no rwssl-sslrenewals CRON job got installed to /etc/cron.weekly/

Can/Should I install such a CRON job manually?

P.S. OS is Ubuntu 18.04 LTS server (DigitalOcean droplet + ServerPilot).

Hi.

I've error when run rwssl -a command.

root@***********r:~# rwssl -a
Finding apps...
4 apps found in total. Proceeding further...
Obtaining SSL certificate for the app gotfrm.
Certbot (Let's Encrypt libraries) not found. Installing libs.
Finished installing required libraries.
Retrying SSL certificate retrieval for the app gotfrm.
DNS check failed. Please ensure that the domain(s) old.******.com www.old.****.com are resolving to your server as well as you have provided the correct root path of your app (including public).
Obtaining SSL certificate for the app gotviki.
DNS check failed. Please ensure that the domain(s) viki.*******.com www.viki.********.com are resolving to your server as well as you have provided the correct root path of your app (including public).
Obtaining SSL certificate for the app zettabayt.
Something went wrong. SSL certificate cannot be installed for server-zettabayt zettabayt.com www.zettabayt.com
Obtaining SSL certificate for the app ******.
Something went wrong. SSL certificate cannot be installed for server-*******
*****.com www.******.com

How can i fix that?

Do you really want to obtain an SSL certificate for the app wp20.mydomain.icu? [Y/N] Y

Activating SSL for app wp20.mydomain.icu...

'NoneType' object has no attribute 'decode'
`
am getting this error while requesting SSL- cretificate

root@linux:~# rwssl -n matrimonyhrm
Obtaining SSL certificate for the app matrimonyhrm.
DNS check failed. Please ensure that the domain(s) hm.dewsprout.com www.hm.dewsprout.com are resolving to your server.

www.hm.dewsprout.com this gives a problem - because it dosent resolve - can add a ignore subdomain www. to be optional ?

when i run the command rwssl -n app name. the results come back as"The app name seems to be invalid." what could this issue be.

Hi guys,

I tried to create a new ssl to my project (with this commad: rwssl -n project-public) however the console gives me this error : " SSL certificates limit reached for ... Please wait before obtaining another SSL.".
I waited almost two weeks and the error still remains. Do i need to wait more time? There is other way to jump this error and create a new ssl?

I will appreciate any help ;)

Hi,
migrate from an old script to yours but no cert was installed. I have a DNS check failed on all domains. However, the domains have been ok for years and nothing has changed on the DNS. Ping and DNS propag tests are ok.
Thanks.

Hi, I'm trying to get an SSL certificate and after the command is executed it always returns "SSL not available for this app yet."
I had tried various times and got the same result. I have others websites and I have no problem with them, only with this one.

Could you give me some clue of what this errors means? So I can try to solve it

Thanks.

I followed the pip3 install instructions under "Getting Started", but noticed no weekly cron entry was added to /etc/cron.weekly.
The cron file is mention in the uninstall section. (/etc/cron.weekly/rwssl-sslrenewals)

What should it look like?

Hey, amazing script.
So i have used this in my server and i have cloudflare enabled, will letsencrypt be able to renew the cert?

I have wp multi-site and need to install each site domain ssl and currently I am not able to do it, can you please help to resolve this ?

Thank you
Ram

hi,

when i see "You are using pip version 8.1.1, however version 18.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command." i did that.

but after that pip command regarding rwssl seems broken

Traceback (most recent call last):
File "/usr/bin/pip", line 9, in
from pip import main
ImportError: cannot import name main

hey, I'm getting this error when I try to install rwssl.
Serverpilot + Ubuntu 18.04

root@test3:~# pip install rwssl
Collecting rwssl
Using cached https://files.pythonhosted.org/packages/db/81/b339b745e0159c1e5fbc3f6d61517312b2a437b2d276159fcb4e2843144f/rwssl-1.0.4.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
ImportError: No module named setuptools

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-FXhuGJ/rwssl/

Hi,

First of all thanks for the amazing script, it's been a lifesaver on my grandfathered free plan.

I just got an email regarding an SSL cert I created with this and wondering what the deal might be. It says the Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue my certificate, that this validation method is reaching end of life and that the client needs to use an alternative one or things will break.

Not sure if this is because I might be using a slightly older version of the script, or if this is just not going to work anymore with this new change.

The main content of the email is copied below for reference. Thanks in advance for your time/advice!

Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):

MYDOMAIN.com (162.243.x.xx) on 2019-01-02

TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
expire.

After I ran rwssl getcert --app myapp

I got this error A possible DNS issue found. app.ga may be pointing to a wrong IP (111.11.11.11) A possible DNS issue found. www.app.ga may be pointing to a wrong IP (111.11.11.11) SSL not available for this app yet.

111.11.11.11 refers to my digitalocean server IP

I don't know well what the error means.

Thanks for any help.

Hi

Apologies if this is off-topic but I'm currently using another serverpilot lets encrypt solution (https://github.com/lesaff/serverpilot-letsencrypt) but it has a lot of issues and fewer features.

I was wondering if you can see any potential conflicts with moving to your script? and if you have any tips for migration.

Cheers

H Rehmat, kindly respond to mail.
Thanks

I'm getting the following error:

"A possible DNS issue found. may be pointing to a wrong IP (xxx.xxx.xx.xx)"

The IP address listed is the correct IP for the domain. What would cause this?

Hi there,
I keep getting this error for a number of my existing/old apps when doing a "-n APP":

Obtaining SSL certificate for the app portal.
2 valid domains found for the app
SSL certificates limit reached for xyz.domain.com www.xyz.domain.com. Please wait before obtaining another SSL.

I've waited a week and still getting it. Do you know how i would get around this? Thanks

For uninstall instruction, you are missing the removal of all the acme.conf files that get created under /etc/nginx/vhosts.d/. If those aren't removed, any future ".well-known" ACME requests get redirect to an area that does not exist or is invalid (/var/.rwssl/...)

Hi Rehmat,

Today some of my certificates expired. When trying to renew them, I get the following error:

DNS check failed. Please ensure that the domain(s) example.com www.example.com are resolving to your server.

Of course, they are resolving to my server, that's the first thing I checked. But it happened to lots of my domains, all with certificates expiring today.

Please let me know what I can do to help debug this issue.

Thanks,

Ricardo

When i try to install ssl with the new script i get this error:
A possible DNS issue found. domain.com may be pointing to a wrong IP ()
what might be the issue? it was working perfectly before.

Hi get the error
A possible DNS issue found. mysite.com may be pointing to a wrong IP (128.xx.xx.xx)
A possible DNS issue found. www.mysite.com may be pointing to a wrong IP (128.xxx.xx.xx)
SSL not available for this app yet.

Uninstalled all previous, no Cloudflare, just DO - can't install for any APP

any ideas? thanks

Hi there,
Would be nice to have an option to delete all certs created by rwssl, so that we can start again fresh, or just clean up...

Thank you for this script.

Hi,
This script has broken my entire server, i was following all instructions correctly, still not sure what was the issue?

Thanks for this awesome script!

Only one problem, and its a big one. Autorenewal is not working as it should. I use this script on 5 sites and ive found three of them unable to auto renew. So when i visit the site i suddenly get SSL warning etc. This is absolutely terrible for the sites rankings.

I would be very grateful if you could fix this as this is an awesome script, simple to use. When i manually run rwssl, it renews without any issue at all.

hello, i have updated to the latest version and ran the command rwssl -n appname and it showed all domains listed as being able to access the site and completes successfully but when I try to use one of those domains I just secured I get an error saying the cert is only valid for one of the domains on the list and not the others which throws the secure error page message.

I've installed rwssl on my server and it is working successfully for one app, but I have two installed on my server. I have tried rwssl -a, -f, and typing in the app name directly with -n, but it still only detects one app.

I did run some updates on my server and uninstalled then reinstalled rwssl, after which the second app stopped detecting. Any help is appreciated.

I recently upgraded RWSSL. It's saying the cert was successfully installed but the old cert is still loading. Looking for the best way to debug this.

For anyone else having this issue, try to turn off proxying requests through a CDN like CloudFlare.

I had an old version of the script, and when my cert expired and didn't update I updated my script to the latest version but now just get this error when trying to install ??

I had this script running ok on my server pilot server and all existing domains ssl enabled.
I have added a new app and now trying to get ssl enabled but I get the error:

This package is intended to be used only on ServerPilot servers. Aborting!

I get that message if i try to run any of the commands.

I have replaced the old script (which was working just fine) with the new python one but nothing works.
Requesting a new cert, renewing, refreshing... doesn't work.
The answer is "SSL should have been installed and activated for the app APPNAME" but it doesn't actually change the cert with the new one.....
I've been trying this on different servers, same result.

is it possible to ignore certain domain names from getting a duplicate cert and only request a cert for newly added domains on the app?

Hi, when I generate a new certificate for an app it finds the domains and installs correctly but the SSL never appears when visiting the URL.

The certifate has been generated in /etc/letsencrypt/live and also the *-ssl.conf file in /etc/nginx-sp/vhosts.d.

Also cant see anything obvious in the .conf file, any ideas?

Hi,

I was using the previous version of rwssl. I tried updating and got an error.

pip3 install --upgrade --force-reinstall rwssl

pip3 install --upgrade --force-reinstall rwssl
The program 'pip3' is currently not installed. You can install it by typing:
apt-get install python3-pip

apt-get install python3-pip
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 python3-pip : Depends: python3-setuptools but it is not going to be installed
N: Ignoring file '20auto-upgrades.ucf-dist' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension
E: Unable to correct problems, you have held broken packages.

which python
/usr/bin/python

which python3
/usr/bin/python3

python --version
Python 2.7.6

python3 --version
Python 3.4.3

After trying a little, a different result came up

apt-get install python3-setuptools
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 python3-setuptools : Depends: python3-pkg-resources (= 3.3-1ubuntu2) but 33.1.1-1+certbot~trusty+1 is to be installed
N: Ignoring file '20auto-upgrades.ucf-dist' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension
E: Unable to correct problems, you have held broken packages.

Any ideas?

Thanks.

I keep having this error no matter what options I try. I also have the same error on an another server. Note that I did use a previous version of rwssl on both servers.

Any help would be greatly appreciated,

cheers

#36 Having the same issues as here. Fully updated and not behind cloudflare or anything like that.

I obtain this error when I try to generate certificate with

rwssl getcert --app

In Ubuntu 18.04

Hi,

First of all, congratulations and thank you for your work.

I wanted to report a bug when adding new domains to an existing ServerPilot app. When trying to issue the new certificate, it always says

DNS check failed. Please ensure that the domain(s) example.com www.example.com are resolving to your server.

even though all domains are pointed correctly.

Is there any workaround for this?

Thanks,

Ricardo

Hey can you update the repo to use Let's Encrypt new ACME v2?

Incase you may not aware that ServerPilot has removed their Free plan. Meaning you have to pay if you are gonna use their services. Although old servers are not affected, you just can't add new servers unless you pay!

Here comes RunCloud. They offer free plan as well. But it does not gives you the ability to add LE SSL.

So, I definitely think now it's time to fork this for RunCloud. They're are very identical, so you don't have to recreate the script from the scratch. I believe a little tweaking will get the job done.

What do you think..?

How can I uninstall serverpilot-letsencrypt?

I've already run rwssl with uninstall command. What else should I do?

Thanks!

I know just within the past few days, SP has updated their Apache version. I don't know if that has anything to do with that but now I get this error message: https://i.imgur.com/gcV4ERT.png

Edit: I'm an idiot. I had the wrong IP on the A record. Please close this issue as the issue doesn't lie with the project but the user.

Hello, any of the apps I try to install on say that they don't resolve to my server. How do I fix this? All of the websites are up and running. Not sure what the issue is? Sorry for the question. I'm new to all of this stuff.

What is the maximum domain name for multisite setup?

RunCloud.io is the best alternative for ServerPilot. I was hoping if you could add support or create similar SSL generator for the free plan. They're almost identical.