Interesting Problem; CA / certificate not working

Hi,

I think I have a quite interesting problem here:

So, I set up a new centOS server, and installed centminmod
following the instructions here: CentMinMod Tutorial 1 - Digital Ocean + Cloudflare + nginx - YouTube

I set up a vhost nginx domain,
with letsencrypt,
and after the installation I was able to choose ‘Full /strict’ mode in my Cloudflare dashboard.

All was working fine: The page was reloading, the full/strict mode was working.

However, following the tutorial from here on, I made a mistake and had to delete the complete instance, and restart from 0.

I also deleted the domain/site in my Cloudflare dashboard.

As I was setting up the site again, on a fresh centOS server, and added my domain name again & new to the Cloudflare dashboard, I realized that settings, that I had made in my Cloudflare dashboard > old domain were the same.
(It did not start from default, but took the advanced settings I had set up earlier on my old install. process).

That’s why the site was not reachable, I had to manually deactivate many settings and put it to default, to be able to work.

So, this was already suspicious to me:
Altough I had deleted that domain/site from Cloudflare,
it took the old advanced settings, and put them into the new domain/site account
that I just opened up again
(of course, using the same domain).

Then, after install. process, I should be able to upgrade from ‘full’ to ‘full/ strict’ mode,
as it had been before (and worked)
but when upgrading in my db, the site is out of reach and it says to me:
Not valid SSL certiciate.

So, my assumption here again is:
The system is still tied to the old server, I had set up, and where everything had worked.

Of course, when I set up the new Cloudflare domain/site account, I used the New IP adress
(as I restarted with a new centOS server).

Still, it took the old adv. settings from the old domain/site account - that I previously deleted.
And now I cannot make use of ‘full/strict’ mode.

I hope you understood, what I mean.

Can someone help me with that?

Thanks!

1 Like

That’s normal, and it’s been helpful for some, a hindrance to others.

Not really. If you’re talking about Cloudflare, those are domain settings. They’re not tied to any particular instance.

It’s best to either Pause Cloudflare, or just unproxy the relevant DNS entries (set them to :grey: DNS Only), then get the site up and running with HTTPS before proxying the site.

I’m curious as to what the mistake was. @eva2000 might have run across this before.

1 Like

Interesting, one of the first times I’ve had to deal with an issue on both Cloudflare and my own support forums as I believe this is your issue thread at https://community.centminmod.com/threads/astonishing-problem-with-letsencrypt-cloudflare.22446/ ? I posted my reply on suggestions to of what to do on my forums rather than jump between 2 forums :slight_smile:

FYI, in future look at DigitalOcean’s docs on how to use snapshot backups and restores. You can at stages of your journey in testing/using Centmin Mod Linux, make a backup snapshot before you make major changes. So if you screw up, all you need to do is restore a DigitalOcean droplet’s snapshot backup to restore your previous state. This is better than needing to wipe out your entire setup.

2 Likes

Thanks George,
I have replied you there.

Thanks for your answer.

I have replied at centminmod forum:
https://community.centminmod.com/threads/astonishing-problem-with-letsencrypt-cloudflare.22446/

I assume the letsencrypt certificate cannot be validated by Cloudflare, for what reason it is…

As I created it two times,
for the same domain,
I somehow assume there lies the problem.

(With “tied to the old server” I much more meant, tied to the old letsencrypt certificate.
Or vise versa.)

However, I will erase the vhost again, delete the Cloudflare site account,
wait for about an hour, and re-install.

So I deleted my Cloudflare site account, and my vhost nginx domain, waited some time,
and re-installed.

But this time I made a few notes:

After reopening my Cloudflare site account, with the same domain, I saw the following:

  1. IP adress was still saved.

  2. The following settings were on, like when I had deleted the site account
    (default is: they are off):

  • SSL/TLS encrypt mode: full (instead of flexible)
  • Always use https: on
  • Auto. https rewrites: on
  • Auth. origin pulls: on
  • page rules: on (and still saved)
  • Firewall / bot fight mode: on

I switched them all back to off.

Then I started to add my vhost nginx domain name in centminmod:

use letsencrypt was selected (yes) -
all just like in the guided hacking tutorial video 1.

I selected (4) for SSL generation.

Then I observed the following:
The first time, when I installed my vhost nginx domain, the SSL generation took quite a long time (approx. 2 mins).

This time, it just took around 30 sec.

And as you can see in the screenshot, the space used for it, is not much /
it had been a lot more on initial installation:

So may, at some time, the system realizes, there is already a letsencrypt certificate,
ends the SSL generation, and takes the old generated l.e. certificate -
which is unfortunately still binned to my old IP (IP of my old machine).

Does that make any sense?


The deletion of my previus vhost nginx domain was made by the log commands:
pure-pw userdel Admin
rm -rf /usr/local/nginx/conf/conf.d/domain.com.conf
rm -rf /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.crt
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.key
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.csr
rm -rf /usr/local/nginx/conf/ssl/domain.com
rm -rf /home/nginx/domains/domain.com
rm -rf /root/.acme.sh/domain.com
rm -rf /root/.acme.sh/domain.com_ecc
rm -rf /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf
service nginx restart

Best to just continue the discussion at https://community.centminmod.com/threads/astonishing-problem-with-letsencrypt-cloudflare.22446/

1 Like