I have used serverpilot to create an external server (a vagrant box) which works well, however letsencrypt fails to install the ssl certs properly. I imagine this is something to do with this not being a real server, however I wanted to create the issue just in-case there was a way to get this working.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's Encrypt SSL Certificate Generator
For ServerPilot-managed server instances
Written by Rudy Affandi (2016)
https://github.com/lesaff/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Please enter your app name:
wesayy-vagrant
Please enter the System User name for the app:
serverpilot
Please enter all the domain names and sub-domain names
you would like to use, separated by space
wesayy.dev www.wesayy.dev
Generating SSL certificate for wesayy-vagrant
Failed authorization procedure. wesayy.dev (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for wesayy.dev
, www.wesayy.dev (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for www.wesayy.dev
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: wesayy.dev
Type: unknownHost
Detail: No valid IP addresses found for wesayy.dev
Domain: www.wesayy.dev
Type: unknownHost
Detail: No valid IP addresses found for www.wesayy.dev
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Creating configuration file for wesayy-vagrant in the /etc/nginx-sp/vhosts.d
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name
wesayy.dev www.wesayy.dev ;
ssl on;
# letsencrypt certificates
ssl_certificate /etc/letsencrypt/live/wesayy.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wesayy.dev/privkey.pem;
#SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES12
8-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD
HE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!
eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response
ssl_trusted_certificate /etc/letsencrypt/live/wesayy.dev/chain.pem;
#root directory and logfiles
root /srv/users/serverpilot/apps/wesayy-vagrant/public;
access_log /srv/users/serverpilot/log/wesayy-vagrant/wesayy-vagrant_nginx.access.log main;
error_log /srv/users/serverpilot/log/wesayy-vagrant/wesayy-vagrant_nginx.error.log;
#proxyset
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
#includes
include /etc/nginx-sp/vhosts.d/wesayy-vagrant.d/*.conf;
include /etc/nginx-sp/letsencrypt.d/*.conf;
}
We're almost done here. Opening HTTPS Port and Restarting nginx...
Skipping adding existing rule
Skipping adding existing rule (v6)
Job for nginx-sp.service failed because the control process exited with error code. See "systemctl status nginx-sp.service" and "journalctl -xe" for details.
Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app
To enable auto-renewal, add the following to your crontab:
0 */12 * * * letsencrypt renew