I upgraded my fully updated 4.4-9 server to 5.02 using the UCS web interface. Most things went pretty well. I needed to edit a couple of virtual hosts to get apache2 to load and I needed to add a UCR variable for postfix timeout. That said, I cannot get letsencrypt to work. I can’t even get it to uninstall and start over.
Unfortunately, this conversion happened over the day that the existing letsencrypt cert expired. So, nothing is easy…
Everything appears to work from the UCS web interface up to the point where the screen sales “Registering account…” At that point the system seems ‘stuck’. No further activity and it doesn’t complete the update.
Checking the appcenter.log:
10584 actions.configure 22-08-30 15:17:32 [ DEBUG]: Calling configure
10584 actions.configure.progress 22-08-30 15:17:32 [ DEBUG]: 0
10584 actions.configure 22-08-30 15:17:32 [ INFO]: Configuring letsencrypt=2.0.0-2
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/domains to ‘sp-svr01.infolocity.net www.ivyinfosys.com www.omegafsi.com www.pennreserve.com ucs-sso.infolocity.net www.byteflight.net’
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/services/apache2 to ‘true’
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/services/dovecot to ‘false’
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/services/postfix to ‘true’
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/status to ‘“detail”: “JWS has an invalid anti-replay nonce: \“0001bCbS7WDrN4h0EXKHNVKB8MMVgyqIs3w1qETbduxkIOw\””,’
10584 settings 22-08-30 15:17:32 [ INFO]: Setting letsencrypt/staging to ‘false’
10584 actions.configure 22-08-30 15:17:35 [ DEBUG]: Calling /var/cache/univention-appcenter/appcenter.software-univention.de/5.0/letsencrypt_20211006103329.configure_host settings --version 2.0.0-2 --error-file /tmp/tmpf3eu98dq --locale en
10584 actions.configure 22-08-30 15:17:36 [ INFO]: WARNING: UCR variable letsencrypt/domains does not match domains in CSR.
10584 actions.configure 22-08-30 15:17:36 [ INFO]: Removing domain.csr…
10584 actions.configure 22-08-30 15:17:36 [ INFO]: Creating domain.csr…
10584 actions.configure 22-08-30 15:17:36 [ INFO]: Multi domain mode
10584 actions.configure 22-08-30 15:17:36 [ WARNING]: run-parts: executing /etc/univention/letsencrypt/setup.d//apache2
10584 actions.configure 22-08-30 15:17:37 [ INFO]: Setting apache2/ssl/certificate
10584 actions.configure 22-08-30 15:17:37 [ INFO]: Setting apache2/ssl/key
10584 actions.configure 22-08-30 15:17:37 [ INFO]: Multifile: /etc/apache2/sites-available/default-ssl.conf
10584 actions.configure 22-08-30 15:17:37 [ INFO]: Module: kopano-cfg
10584 actions.configure 22-08-30 15:17:37 [ WARNING]: run-parts: executing /etc/univention/letsencrypt/setup.d//dovecot
10584 actions.configure 22-08-30 15:17:37 [ WARNING]: run-parts: executing /etc/univention/letsencrypt/setup.d//postfix
10584 actions.configure 22-08-30 15:17:38 [ INFO]: Setting mail/postfix/ssl/key
10584 actions.configure 22-08-30 15:17:38 [ INFO]: Setting mail/postfix/ssl/certificate
10584 actions.configure 22-08-30 15:17:38 [ INFO]: Setting mail/postfix/ssl/cafile
10584 actions.configure 22-08-30 15:17:38 [ INFO]: Multifile: /etc/postfix/main.cf
10584 actions.configure 22-08-30 15:17:38 [ INFO]: Module: kopano-cfg
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Tue 30 Aug 2022 03:17:39 PM EDT
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Refreshing certificate for following domains:
10584 actions.configure 22-08-30 15:17:39 [ INFO]: sp-svr01.infolocity.net www.ivyinfosys.com www.omegafsi.com www.pennreserve.com ucs-sso.infolocity.net www.byteflight.net
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Parsing account key…
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Parsing CSR…
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Found domains: www.ivyinfosys.com, ucs-sso.infolocity.net, sp-svr01.infolocity.net, www.omegafsi.com, www.byteflight.net, www.pennreserve.com
10584 actions.configure 22-08-30 15:17:39 [ INFO]: Getting directory…
10584 actions.configure 22-08-30 15:19:49 [ INFO]: Directory found!
10584 actions.configure 22-08-30 15:19:49 [ INFO]: Registering account…
root@sp-svr01:/var/log/univention#
And it just sits are “Registering account…” Thinking maybe a fresh install might help,I tried uninstalling using the UCS interface. Same result. I tried using the shell command with univention-app remove letsencrypt and it also gets stuck at “Registering account…”
Suggestions to solve this are greatly appreciated!
John