Let's Encrypt: Certificate won't renew for one particular domain (.san_conf error)

[dyna]

Im reporting the same problem with the automatic renewal of SSL certificates.

Every 3 months the renewal fails with subject title

`Subject: Error during automated certificate renewal for domain.com`:

CSR config file /usr/local/directadmin/data/users/user/domains/domain.com.san_config passed but does not exist or is empty.
ls: cannot access /usr/local/directadmin/data/users/user/domains/domain.com.san_config: No such file or directory

Characteristics:
-This DirectAdmin server is running version 1.61.3 on Centos 7
- It seems that these are only generated for the newer domains on the server.
- Old domains are renewing fine (perhabs because they do have a .san_config)
- Newers domains dont have .san_config and fail.
- However, manually installing the certificates does work, as reported by cmyden

Support requested plz.

 

[cmyden]

Hello, original poster here, from way back in October of 2020 (1 year anniversary of this issue is coming up!)

I just wanted to mention that this problem has not resolved itself between versions 1.61.3 and the version I am running now (1.62.4).

Reviewing the suggestion mentioned in this thread...

The first thing I'd be looking for would be a retry file set to 0 in /usr/local/directadmin/data/users/username/domains/domain.com.letsencrypt_remaining_retries

I can confirm that my domain.com.letsencrypt_remaining_retries files contain the number 0.


Googling around, I stumbled across a website in Vietnamese that contained the exact error message I'm receiving.

When I translated the website, it says:

Here is a guide for customers to fix errors related to san_config when installing lets encrypt on DirectAdmin

For example, when installing SSL, you get an error similar to the following:

CSR config file /usr/local/directadmin/data/users/userhosting/domains/domain.com.san_config passed but does not exist or is empty.
ls: cannot access /usr/local/directadmin/data/users/userhosting/domains/domain.com.san_config: No such file or directory

The fix is as follows:

touch /usr/local/directadmin/data/users/userhosting/domains/domain.com.san_config
chown diradmin:diradmin /usr/local/directadmin/data/users/userhosting/domains/domain.com.san_config

Please customize the user and domain to suit your own.

After creating the file and chowning the file, you need to install lets encrypt again.

Good luck.

It made me wonder if the problem had anything to do with the permissions of domain.com.san_config ?

Here is what mine look like:

https://i.ibb.co/ggBqZT2/Clipboard01.jpg

Currently I am just manually renewing my certificates every 3 months for all my domains.

The issue isn't critical, but annoying.

 

[cmyden]

Ok, I'm not 100% sure if this has solved it, but I'll know the next time it goes to automatically renew my certificates.

What I did was...

1. Went to /usr/local/directadmin/data/users/username/domains/

2. Created a domain.com.san_config file for each domain.

The file cannot be empty, or you'll still get the error.

3. Changed the permissions on each domain.com.san_config file.

chown diradmin:diradmin domain.com.san_config

4. Waited overnight, and the certificate for each domain.com did automatically update and I did not receive the error message in my messages panel (normally it sends one for each domain, every night).