Problem with Certificate Auto Renew Let's Encrypt

zEitEr

Super Moderator
Hello,

Try and check directadmin logs and system messages, they should give clues on why automatic renewal fails.
 

zEitEr

Super Moderator
If DIrectadmin fails to renew a cert admins get notified about it via system messages and by email.

Check /var/log/directadmin/ for clues.

Reset creation time to 0 in the files or selectively per domain:

/usr/local/directadmin/data/users/*/domains/*.cert.creation_time

and run a process in a debug mode:



Code:
echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue && /usr/local/directadmin/dataskq d800
 

michcio29

Verified User
I do not see any info in the logs about ssl maybe i gonna wait to 30 may
In the domains/*.cert.creation_time there is on file 'cert.creation_time ' i do no how to reset creation time to 0


Debug mode. Level 800

root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
done queue


Edit ok i found *.cert.creation_time i need open and change to 0?
 
Last edited:

zEitEr

Super Moderator
the second command should be executed now, it has no sense to run it without prior resetting creation time.

#4
 

michcio29

Verified User
Sorry, i do not expert in DA :) i get now :


root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
done queue
 

zEitEr

Super Moderator
expected reply:

Code:
Debug mode. Level 800


root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
[B]LetsEncrypt renewal on domain.com has succeeded. Not sending a notice.[/B]
done queue
Change time to 100 instead of 0, otherwise it will give

Code:
Unable to read the time from the string '0' from the file /usr/local/directadmin/data/users/userbob/domains/domain.com.cert.creation_time
and try the same.

+ Then post here in text results from

Code:
/usr/local/directadmin/directadmin c | grep letsencrypt
 

michcio29

Verified User
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_max_requests_per_week=20
letsencrypt_multidomain_cert=2
letsencrypt_renewal_success_notice=0
renew_letsencrypt_on_suspended_domain=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
 

zEitEr

Super Moderator
Contact directadmin developers for a possibly free audit on your server or me for a paid support.
 

michcio29

Verified User
I asked DA Support "So I'd recommend changing your hostname to be something like: server.domain.com" now is domain.com
https://help.directadmin.com/item.php?id=405

But when i do this domain.com do not work i get
DNS_PROBE_FINISHED_NXDOMAIN"

MX, A records exist
I have Local Data :NO hmm..

I don't understand step 2 i have to add to directadmin.conf named_rename_hostname_zone=1 ?
DA as well do not work, webmail. but subdomain (demo)works good.


Thanks
 
Last edited:

zEitEr

Super Moderator
if you changed your domain name or hostname, make sure you still have the correct DNS zone and records.

Kindly provide a real domain name if you need more detailed help.
 

zEitEr

Super Moderator
server.web-komp.eu, and web-komp.eu resolve fine.

Directadmin is not accessible. What error do you see in Directadmin logs under /var/log/directadmin/?

I could fix it for you quickly, if you want, contact me privately for a paid support. It is OK if we proceed here, and it might take a while to check/test/fix.
 

michcio29

Verified User
Now seems to be works good I will let you know if auto renew SSl do not work correct. Is the any possible check early? now i need wait 14 day :|
 

zEitEr

Super Moderator
Directadmin starts attempts to renew existing certs 30 days before it's expiration date. So you have to wait 59-60 days, unless you reset creation time stored in *.cert.creation_time to 100 for example or another value (do not set it to zero though).
 

zEitEr

Super Moderator
Try

Code:
echo $(hostname -f) >> /etc/virtual/domainowners
and request a cert for your hostname
 
Top