httpd not restarted after generation of LetsEncrypt certificate

Erik66

Verified User
Joined
Sep 21, 2016
Messages
28
Location
Zwolle, The Netherlnads
On my DA (1.55) server, httpd is not automatically restarted when a LetsEncrypt certificate is issued to a domain for the first time. Manually restarting httpd solves this. It used be automatic though and at some point in time this broke on my server. Is this a general issue of pecific to my server. And how can I restore automatic restart of httpd in these cases?

Many thanks for you help,

Erik
 
Erik.

If not possible anymore, ?

Next time take a look in the error logs and log files

There could be the cause to late cert file in the path when httpd.conf and httpd restarted

If the LE cert was to late and have a error, not succeeded failed and so on.
Shortly after that the renew succeeded succes, but HTTPD is then not started ...

Then the httpd.conf should give a error with the restart saying the cert file path is false or not there.
Preventing to start. ( restart after such error)

I post this error is for another CP and a little bit different at renew , but main problem could be the same see log files. ( take care of IPV6 for all the LE ..)
Or the cert file wasn't there quick enough???

HTTPD down after failed let's encrypt didn't restart itself


A let's encrypt autorenew failure , then httpd down with error
AH00526: Syntax error on line 1232 of /etc/httpd/conf/httpd.conf.
SSLCACertificateFile: file '/var/www/html/mydomain.tld/ssl.ca' does not exist or is empty

That line is where the SSLCACertificateFile line is and should

Short after this the let's encrypt succeeded succesfull

So can't find wich text was on that line at the time of error. Then mainproblem is: But httpd didn't restart itself

So first don't know why let's encrypt fails one time ( didn't before) Must have then problem with the SSLCACertificateFile line while httpd down for that line / error

Then the same Minute LE succeeded succesfull.

The SSLCACertificateFile line is again ok, but no restart of the down httpd?
An error occurred requesting a new certificate for mydomain.tld, www.mydomain.tld, autoconfig.mydomain.tld, autodiscover.mydomain.tld, mail.mydomain.tldl from Let's Encrypt : Web-based validation failed : Failed to request certificate : <pre>mail.mydomain.tld challenge did not pass: Invalid response from http://mail.mydomain.tld/.well-known/acme-challenge/eeugY50iSkNqTPDJ82kICYC6DoWihHkho: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"</pre>
DNS-based validation failed : Failed to request certificate : <pre>Gave up waiting for validation</pre>

After this same Minute
A new certificate was successfully requested from Let's Encrypt, and installed for mydomain.tld, www.mydomain.tld, autoconfig.mydomain.tld, autodiscover.mydomain.tld, mail.mydomain.tld.

It is therefore important to catch the problem because httpd is down and stay's down, have to start it manually!

Domain is over a year active with LE CERT ipv6 and ipv4 need them both!.


I have this problem with another CP also, so there should be a protection to have such solved if error


Which LE script version do you use on DA?

Let's Encrypt client 1.1.18 to 1.1.19 update is available.


With IPv6 and also more domainnames in the LE causing to long wait times for the script and LE maybe?

If you try with less so only the thedomain.tld and www.thedomain.tld itself? if this is going right, Then this could be cause..
 
Last edited:
Thank you for the suggestions ikkeben. Next time I'll look in the error log.

However, I think this is not the underlying issue. The same problem occurs on this server when I create a new domain. httpd should be restarted automatically after that, but is not. The newly created domain will not start to work until httpd is manually restarted.

In other words: I am guessing that all processes that need httpd to restart automatically suffer from the same problem.

Erik
 
Also test if problem is with gracefull restart only, so try to test several, gracefull, and not gracefull.

Still if the cert file is not there within the right time the problem could somewhat the same.
 
Back
Top