i finally decided to do lets-encrypt on my live (now regretting),
i get the following error while doing so
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA
when i searched online i found this
looks like a recent issue with lets-encrypt …
But now my site is stuck on sorry! we will be back soon screen.
how do i undo it?
Thanks
try to clear browser data / cache or maybe use a different browser
and see if you can still open the site?
What did you run to setup letsencrypt?
Run bench setup nginx in frappe-bench and then sudo service nginx restart
I did normal procedures ,
Sudo bench setup lets-encrypt
i think its not a ERPNext issue , there was a security incident with lets-encrypt ,
for the time being i have solved my urgency by doing set-maintainance-mode off …
will have to try again after the problem is solved from lets-encrypt side.
refer above link.
and Let's Encrypt Status
Thanks
having the same problem
looking at this solution now Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA - Help - Let's Encrypt Community Support
The method used by ERPNext in its lets-encrypt implementation cannot be used i.e TLS-SN
According to Forum They will try and make it up again in the next 48 hours,
Till then I think you should announce to the ERPNext users to hold to setting up the secure connection ,Else they could face issues and down their live site.
Thanks
According to their latest update - 2018.01.11 Update Regarding ACME TLS-SNI and Shared Hosting Infrastructure - Incidents - Let's Encrypt Community Support - it will be permanently disabled for new accounts.
Have created issue
Hi @kt2152,
there is a manual procedure to issue certificates:
$ sudo service nginx stop
$ sudo certbot certonly
(enter mode)2: standalone
(enter domain)www.example.com
$ sudo service nginx start
This has worked with ERPNext. It remains open how to renew automatically…
Could you tell the dependencies required for this?
i am getting sudo: certbot: command not found on the second command
Thanks
You need to install certbot. Or sudo apt-get install certbot
Thanks, read the github guide to install manually and set it up , thanks
Thanks not yet. But will try the manual today
I have test a modification in this PR
It works in my instances and you could apply it easily
You must remove /etc/letsencrypt/configs/{site}.cfg if it exists because the last line should be standalone-supported-challenges = tls-sni-01
Then a sudo bench setup lets-encrypt {site} is working
To clarify. Yes @jodeq your pull request works properly. Until the fix is in place, do these steps on your local install first and then retry the lets encrypt command.
from the root folder, (one up from frappe-bench)
nano ~/.bench/bench/config/templates/letsencrypt.cfg
You don’t want the last line. So comment it out and save… To do this you just add a # before the last line. It should look like this:
# standalone-supported-challenges = tls-sni-01
control + X to exit and Y to save.
Go back to frappe-bench directory and try again with the lets-encrypt command.
This change will need to be undone before you can run a bench update as it changes the source code.
It works like a charm. Thanks
Fixed in bench via
plugins selected: Authenticator standalone, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
INFO:bench.utils:sudo systemctl start nginx
There was a problem trying to setup SSL for your site
I am getting this error. any body know how to fix it