Results 1 to 6 of 6

Thread: LetsEncrypt not renewing hostname certificate

  1. #1
    Join Date
    Jan 2012
    Posts
    74

    LetsEncrypt not renewing hostname certificate

    Hi there,

    We use LetsEncrypt (with SNI) on our servers and are very happy with it. Renewal of certificates are working fine for all our clients (da user accounts) but not for the server certificate.

    We exactly followed this guide: https://help.directadmin.com/item.php?id=629. The certificate is working fine after this, but it will expire without renewal.

    Does anyone know how to fix this?

    Thanks a lot!
    - Marijn

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,100
    Hello,

    If the cert is still not renewed try this:

    Code:
    echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue
    /usr/local/directadmin/dataskq d800 2>&1 | tee out.txt
    and see debug output, it might give you some tips.
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Jan 2012
    Posts
    74
    We renewed the certs manually the last time, and today was the expiry. They're still not automatically renewed by DirectAdmin.

    I ran the commands you posted:

    Code:
    [root@delta ~]# /usr/local/directadmin/dataskq d800 2>&1 | tee out.txt
    Debug mode. Level 800
    
    root priv set: uid:0 gid:0 euid:0 egid:0
    pidfile written
    staring queue
    dataskq: command: action=rewrite&value=letsencrypt
    LetsEncrypt renewal on domeinfromclient.com has succeeded. Not sending a notice.
    exim1: Unable to find ip_after from 
    done queue
    [root@delta ~]#
    Not a single mention of the hostname certificate. The hostname certificate wasn't renewed either after running this command.

    The only way to renew the hostname certificate is by running the following commands manually:

    Code:
    cd /usr/local/directadmin/scripts/
    ./letsencrypt.sh request hostname.com 4096
    Any other idea on what the problem could be?

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,100
    I have the same feeling that there is something wrong with renewing certs for a hostname. At least it fails on some servers. Currently I don't have much information on the matter, if you think you have enough for reporting a bug please go further and report it to directadmin developers via tickets: https://tickets.directadmin.com/
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  5. #5
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    403
    Did it worked at the beginning?

    If yes what time was that install / first letsencrypt cert ?

    Maybe a ( Half/false) "update/change" screwed some.

    Autorenew is 60 day's ? as with this update > https://www.directadmin.com/features.php?id=1850

    if you have had older version / installed letsencrypt before this update or some other updates..... some bugfixes maybe not done for the hostname or "screweded" only this one.

    this:

    "letsencrypt=1" or "letsencrypt=2" ?

    and do you have installed such options/features as this one?
    https://help.directadmin.com/item.php?id=645
    Last edited by ikkeben; 04-14-2017 at 01:48 AM.
    DUTCH GERMAN, GERMAN DUTCH

  6. #6
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,100
    Yes, it worked fine. The 2 latest incidents with a cert for hostname happened due to the fact that it included additional domains which happened to be expired at the moment of renewal. So SSL certs failed to renew. I use Let's Encrypt certs since the official release of Directadmin version 1.5.

    Currently I don't have evidences that it's completely broken, just a feeling, and I'd like to check it with others.

    Always update letsencrypt.sh to the latest version, soon after its release.

    letsencrypt=1 is my choice with a ton of additional domains.
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •