SSL certificate couldn’t be generated
Posted: Thu Jul 11, 2024 7:08 am
Hello,
I hope this message finds you well! I am currently working on configuring a Vicidial server for making calls in my country.
I have configured the server for inbound and outbound calls, and everything works fine so far. However, I have encountered several
problems creating an SSL certificate because I want to configure ViciPhone on my server.
I created a subdomain (DNS record) for my server on ScalaHosting, but when I try to generate the certificate, it isn't possible.
Here is the path I followed:
-Edit manually Yast LAN
Step 1: Set the server IP address and domain with nano /etc/hosts
Step 2: Set the domain with nano /etc/hostname
-Edit Apache configuration
Step 1: Update 0000-default.conf and set the subdomain at ServerName with nano /etc/apache2/vhosts.d/0000-default.conf
Step 2: Set the subdomain at ServerName with nano /etc/apache2/vhosts.d/0000-default-ssl.conf
Step 3: service apache2 reload
Step 4: apachectl configtest
Output: Syntax OK
-Install SSL certificate
Step 1: vicibox-ssl
The ViciBox free SSL setup script provides the following instructions:
Please make sure you have a Fully Qualified Domain Name pointed at this server.
For example, if the FQDN of this server was 'vicibox.vicidial.com' and was
properly directed at this server, you should be able to log into Vicidial at
http://vicibox.vicidial.com
What is your email address: xxx@xxxxxxx.com
What is your Fully Qualified Domain Name (FQDN): xx.xxxxxxx.com
The Server IP (192.xxx.x.xxx) and the detected remote IP (xx.xx.xx.13)
do not match! This will cause the SSL certificate challenge to fail
authentication. Please double-check that your FQDN matches your IP.
Do you want to continue with the SSL setup? (N/y): y
E-Mail: xxx@xxxxxxx.com
FQDN: xx.xxxxxxx.com
Do you want to generate an SSL certificate now? (N/y): y
Using CA: https://acme-v02.api.letsencrypt.org/directory
Creating domain key
The domain key is here: /root/.acme.sh/xx.xxxxxxx.com_ecc/xx.xxxxxxx.com.key
Single domain='xx.xxxxxxx.com'
Getting webroot for domain='xx.xxxxxxx.com'
Verifying: xx.xxxxxxx.com
Pending, The CA is processing your order, please just wait. (1/30)
Invalid status, xx.xxxxxxx.com: Verify error detail: no valid A records found for xx.xxxxxxx.com; no valid AAAA records found for xx.xxxxxxx.com
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme ... ug-acme.sh
Doing fixup for acme.sh _ecc weirdness!
mv: cannot move '/root/.acme.sh//xx.xxxxxxx.com_ecc' to '/root/.acme.sh//xx.xxxxxxx.com/xx.xxxxxxx.com_ecc': Directory not empty
acme.sh was unable to verify your FQDN reaches this server and was unable
to generate a valid SSL certificate. Please check your firewall settings,
DNS entries, and Apache for any possible issues. You can re-run this script
to test if the issue is resolved.
Then it blocked my URL and the server IP, which means I can't access the server through the browser.
The only way to access it was to add something after .conf in those files: 0000-default-ssl.conf and 0000-default.conf.
As I have Googled it, I think the problem comes from the DNS. The IP address in my A record is for a private IP address,
but I don't understand how to fix it. I'm new here.
I would be thankful for any help.
ViciBox v.11.0.1
VERSION: 2.14-706c
BUILD: 240429-2237
Asterisk 16.30.0-vici
I hope this message finds you well! I am currently working on configuring a Vicidial server for making calls in my country.
I have configured the server for inbound and outbound calls, and everything works fine so far. However, I have encountered several
problems creating an SSL certificate because I want to configure ViciPhone on my server.
I created a subdomain (DNS record) for my server on ScalaHosting, but when I try to generate the certificate, it isn't possible.
Here is the path I followed:
-Edit manually Yast LAN
Step 1: Set the server IP address and domain with nano /etc/hosts
Step 2: Set the domain with nano /etc/hostname
-Edit Apache configuration
Step 1: Update 0000-default.conf and set the subdomain at ServerName with nano /etc/apache2/vhosts.d/0000-default.conf
Step 2: Set the subdomain at ServerName with nano /etc/apache2/vhosts.d/0000-default-ssl.conf
Step 3: service apache2 reload
Step 4: apachectl configtest
Output: Syntax OK
-Install SSL certificate
Step 1: vicibox-ssl
The ViciBox free SSL setup script provides the following instructions:
Please make sure you have a Fully Qualified Domain Name pointed at this server.
For example, if the FQDN of this server was 'vicibox.vicidial.com' and was
properly directed at this server, you should be able to log into Vicidial at
http://vicibox.vicidial.com
What is your email address: xxx@xxxxxxx.com
What is your Fully Qualified Domain Name (FQDN): xx.xxxxxxx.com
The Server IP (192.xxx.x.xxx) and the detected remote IP (xx.xx.xx.13)
do not match! This will cause the SSL certificate challenge to fail
authentication. Please double-check that your FQDN matches your IP.
Do you want to continue with the SSL setup? (N/y): y
E-Mail: xxx@xxxxxxx.com
FQDN: xx.xxxxxxx.com
Do you want to generate an SSL certificate now? (N/y): y
Using CA: https://acme-v02.api.letsencrypt.org/directory
Creating domain key
The domain key is here: /root/.acme.sh/xx.xxxxxxx.com_ecc/xx.xxxxxxx.com.key
Single domain='xx.xxxxxxx.com'
Getting webroot for domain='xx.xxxxxxx.com'
Verifying: xx.xxxxxxx.com
Pending, The CA is processing your order, please just wait. (1/30)
Invalid status, xx.xxxxxxx.com: Verify error detail: no valid A records found for xx.xxxxxxx.com; no valid AAAA records found for xx.xxxxxxx.com
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme ... ug-acme.sh
Doing fixup for acme.sh _ecc weirdness!
mv: cannot move '/root/.acme.sh//xx.xxxxxxx.com_ecc' to '/root/.acme.sh//xx.xxxxxxx.com/xx.xxxxxxx.com_ecc': Directory not empty
acme.sh was unable to verify your FQDN reaches this server and was unable
to generate a valid SSL certificate. Please check your firewall settings,
DNS entries, and Apache for any possible issues. You can re-run this script
to test if the issue is resolved.
Then it blocked my URL and the server IP, which means I can't access the server through the browser.
The only way to access it was to add something after .conf in those files: 0000-default-ssl.conf and 0000-default.conf.
As I have Googled it, I think the problem comes from the DNS. The IP address in my A record is for a private IP address,
but I don't understand how to fix it. I'm new here.
I would be thankful for any help.
ViciBox v.11.0.1
VERSION: 2.14-706c
BUILD: 240429-2237
Asterisk 16.30.0-vici