Results 1 to 20 of 20

Thread: Problem with Certificate Auto Renew Let's Encrypt

  1. #1
    Join Date
    Dec 2017
    Posts
    34

    Problem with Certificate Auto Renew Let's Encrypt

    Hello,


    I have a problem with my ssl renew. i need every 90 day renew manually any suggestions?

    http://prntscr.com/jfpk7e


    Thx

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Hello,

    Try and check directadmin logs and system messages, they should give clues on why automatic renewal fails.

  3. #3
    Join Date
    Dec 2017
    Posts
    34
    System message no info about ssl
    Which exactly log? Error Log, Cron Log..?

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    If DIrectadmin fails to renew a cert admins get notified about it via system messages and by email.

    Check /var/log/directadmin/ for clues.

    Reset creation time to 0 in the files or selectively per domain:

    /usr/local/directadmin/data/users/*/domains/*.cert.creation_time

    and run a process in a debug mode:



    Code:
    echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue && /usr/local/directadmin/dataskq d800

  5. #5
    Join Date
    Dec 2017
    Posts
    34
    I do not see any info in the logs about ssl maybe i gonna wait to 30 may
    In the domains/*.cert.creation_time there is on file 'cert.creation_time ' i do no how to reset creation time to 0


    Debug mode. Level 800

    root priv set: uid:0 gid:0 euid:0 egid:0
    pidfile written
    starting queue
    dataskq: command: action=rewrite&value=letsencrypt
    done queue


    Edit ok i found *.cert.creation_time i need open and change to 0?
    Last edited by michcio29; 05-09-2018 at 12:53 PM.

  6. #6
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    need open and change to 0

  7. #7
    Join Date
    Dec 2017
    Posts
    34

  8. #8
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    the second command should be executed now, it has no sense to run it without prior resetting creation time.

    #4

  9. #9
    Join Date
    Dec 2017
    Posts
    34
    Sorry, i do not expert in DA i get now :


    root priv set: uid:0 gid:0 euid:0 egid:0
    pidfile written
    starting queue
    dataskq: command: action=rewrite&value=letsencrypt
    done queue

  10. #10
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    expected reply:

    Code:
    Debug mode. Level 800
    
    
    root priv set: uid:0 gid:0 euid:0 egid:0
    pidfile written
    starting queue
    dataskq: command: action=rewrite&value=letsencrypt
    LetsEncrypt renewal on domain.com has succeeded. Not sending a notice.
    done queue
    Change time to 100 instead of 0, otherwise it will give

    Code:
    Unable to read the time from the string '0' from the file /usr/local/directadmin/data/users/userbob/domains/domain.com.cert.creation_time
    and try the same.

    + Then post here in text results from

    Code:
    /usr/local/directadmin/directadmin c | grep letsencrypt

  11. #11
    Join Date
    Dec 2017
    Posts
    34
    letsencrypt=1
    letsencrypt_renewal_days=60
    letsencrypt_max_requests_per_week=20
    letsencrypt_multidomain_cert=2
    letsencrypt_renewal_success_notice=0
    renew_letsencrypt_on_suspended_domain=0
    letsencrypt_list=www:mail:ftpop:smtp
    letsencrypt_list_selected=www

  12. #12
    Join Date
    Dec 2017
    Posts
    34
    Any idea how to fixed this issue?

  13. #13
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Contact directadmin developers for a possibly free audit on your server or me for a paid support.

  14. #14
    Join Date
    Dec 2017
    Posts
    34
    I asked DA Support "So I'd recommend changing your hostname to be something like: server.domain.com" now is domain.com
    https://help.directadmin.com/item.php?id=405

    But when i do this domain.com do not work i get
    DNS_PROBE_FINISHED_NXDOMAIN"

    MX, A records exist
    I have Local Data :NO hmm..

    I don't understand step 2 i have to add to directadmin.conf named_rename_hostname_zone=1 ?
    DA as well do not work, webmail. but subdomain (demo)works good.


    Thanks
    Last edited by michcio29; 10-05-2018 at 12:41 AM.

  15. #15
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    if you changed your domain name or hostname, make sure you still have the correct DNS zone and records.

    Kindly provide a real domain name if you need more detailed help.

  16. #16
    Join Date
    Dec 2017
    Posts
    34
    web-komp.eu

  17. #17
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    server.web-komp.eu, and web-komp.eu resolve fine.

    Directadmin is not accessible. What error do you see in Directadmin logs under /var/log/directadmin/?

    I could fix it for you quickly, if you want, contact me privately for a paid support. It is OK if we proceed here, and it might take a while to check/test/fix.

  18. #18
    Join Date
    Dec 2017
    Posts
    34
    Now seems to be works good I will let you know if auto renew SSl do not work correct. Is the any possible check early? now i need wait 14 day :|

  19. #19
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Directadmin starts attempts to renew existing certs 30 days before it's expiration date. So you have to wait 59-60 days, unless you reset creation time stored in *.cert.creation_time to 100 for example or another value (do not set it to zero though).

  20. #20
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Try

    Code:
    echo $(hostname -f) >> /etc/virtual/domainowners
    and request a cert for your hostname

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •