Let's Encrypt SSL Issue

[Warpline]

We were recently rate limited by Let's Encrypt on our biggest server with about 900 domains on it. Per the advice of DA support, I was told the following:

Well, you should be able to re-request certs by removing directadmin letsencrypt main key.
cd /usr/local/directadmin/
rm -f conf/letsencrypt*

So, that's what I did. This spawned a ton of "/usr/bin/openssl/ genrsa 4096" processes which brought our loads up to 500+ for some time.

After trying to generate an SSL certificate, we now get the error:

hown: cannot access ‘/usr/local/directadmin/conf/letsencrypt.key’: No such file or directory
Error opening Private Key /usr/local/directadmin/conf/letsencrypt.key
140500054321040:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
140500054321040:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
Error opening Private Key /usr/local/directadmin/conf/letsencrypt.key
140429798471568:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
140429798471568:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
Error opening key file /usr/local/directadmin/conf/letsencrypt.key
139626398738320:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
139626398738320:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load key file
Account registration error. Response: HTTP/2 400
server: nginx
date: Fri, 01 Nov 2019 22:37:47 GMT
content-type: application/problem+json
content-length: 108
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002M9O4cHl_7spbRYkxqIfhcqxgxEixoqgOTpbrmbeF3E4

{
"type": "urn:ietfarams:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}.


I have already tried:
cd /usr/local/directadmin/custombuild
./build letsencrypt

Can anyone point me in the right direction?

 

[Warpline]

Additionally, it seems as if the key file is being created, permission is being changed on it, and then deleted after some time. There is no key entry in it either. It seems to create an empty file and then delete it.

 

[Warpline]

Just to follow up for anyone who might have this problem in the future...

DirectAdmin support replied with the following message:

letsencrypt.key is still in use by some processes. Would it be possible to reboot the server? You may do it at anytime you prefer, after reboot, just do:
cd /usr/local/directadmin/custombuild
./build letsencrypt

So, I rebooted the server and performed the above commands. That did the trick. It seems like we have a workaround to the issue for now.

 

[hakabe]

Just to follow up for anyone who might have this problem in the future...

DirectAdmin support replied with the following message:

letsencrypt.key is still in use by some processes. Would it be possible to reboot the server? You may do it at anytime you prefer, after reboot, just do:
cd /usr/local/directadmin/custombuild
./build letsencrypt

So, I rebooted the server and performed the above commands. That did the trick. It seems like we have a workaround to the issue for now.

Did not work for me. Isn't there a way to completely wipe the Let's encrypt support and bring it back with build command? Finding missing files based on complete script is just pain.

Also, as I'm at this stage, missing the .key file by following 2-3 years old howto's, I'd like DA's support team to make a _SOLID_ howto about how to enable SSL on the hostname given to the server on port 2222 plus the exim etc (via shell as admin should not add any domains via web interface).

Don't have time to poke around, so I'll just transfer the emails to a freshly installed DA-server. Hopefully that one won't break.

Edit: Found the HOWTO: https://help.directadmin.com/item.php?id=15