LetsEncrypt not renewing hostname certificate

BlueCola

Verified User
Joined
Jan 12, 2012
Messages
75
Hi there,

We use LetsEncrypt (with SNI) on our servers and are very happy with it. Renewal of certificates are working fine for all our clients (da user accounts) but not for the server certificate.

We exactly followed this guide: https://help.directadmin.com/item.php?id=629. The certificate is working fine after this, but it will expire without renewal.

Does anyone know how to fix this?

Thanks a lot!
- Marijn
 
Hello,

If the cert is still not renewed try this:

Code:
echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800 2>&1 | tee out.txt

and see debug output, it might give you some tips.
 
We renewed the certs manually the last time, and today was the expiry. They're still not automatically renewed by DirectAdmin.

I ran the commands you posted:

Code:
[root@delta ~]# /usr/local/directadmin/dataskq d800 2>&1 | tee out.txt
Debug mode. Level 800

root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
staring queue
dataskq: command: action=rewrite&value=letsencrypt
LetsEncrypt renewal on domeinfromclient.com has succeeded. Not sending a notice.
exim1: Unable to find ip_after from 
done queue
[root@delta ~]#

Not a single mention of the hostname certificate. The hostname certificate wasn't renewed either after running this command.

The only way to renew the hostname certificate is by running the following commands manually:

Code:
cd /usr/local/directadmin/scripts/
./letsencrypt.sh request hostname.com 4096

Any other idea on what the problem could be?
 
I have the same feeling that there is something wrong with renewing certs for a hostname. At least it fails on some servers. Currently I don't have much information on the matter, if you think you have enough for reporting a bug please go further and report it to directadmin developers via tickets: https://tickets.directadmin.com/
 
Did it worked at the beginning?

If yes what time was that install / first letsencrypt cert ?

Maybe a ( Half/false) "update/change" screwed some.

Autorenew is 60 day's ? as with this update > https://www.directadmin.com/features.php?id=1850

if you have had older version / installed letsencrypt before this update or some other updates..... some bugfixes maybe not done for the hostname or "screweded" only this one.

this:

"letsencrypt=1" or "letsencrypt=2" ?

and do you have installed such options/features as this one?
https://help.directadmin.com/item.php?id=645
 
Last edited:
Yes, it worked fine. The 2 latest incidents with a cert for hostname happened due to the fact that it included additional domains which happened to be expired at the moment of renewal. So SSL certs failed to renew. I use Let's Encrypt certs since the official release of Directadmin version 1.5.

Currently I don't have evidences that it's completely broken, just a feeling, and I'd like to check it with others.

Always update letsencrypt.sh to the latest version, soon after its release.

letsencrypt=1 is my choice with a ton of additional domains.
 
Back
Top