Let's Encrypt: Certificate won't renew for one particular domain (.san_conf error)

cmyden

Verified User
Joined
Oct 8, 2020
Messages
55
On my fairly recent (August) DirectAdmin install, on a server with 10 domains, I've been receiving the following error message once a day:

CSR config file /usr/local/directadmin/data/users/admin/domains/domain.com.san_config passed but does not exist or is empty.
ls: cannot access /usr/local/directadmin/data/users/admin/domains/domain.com.san_config: No such file or directory

As far as I know, every domain is set up in an identical fashion.

The file that it claims does not exist, or cannnot access, does not exist.

But for every other domain, there is not a domain.com.san_config file either.

I've noticed that for this particular domain, it shows: Let's Encrypt in use. Auto Renewal in -26 Days.

For all other domains, it shows: Let's Encrypt in use. Auto Renewal in 0 Days.

DirectAdmin is up to date.

Just wondering what I should try.

Thank you
 
Thanks for the reply Brent. I ended up resolving this error by going to into SSL Certificates for this particular domain, and selecting Free & Automatic certificate from Let's Encrypt, to renew the certificate myself.

However, this particular domain was also the first domain I setup on DirectAdmin back in late August.

I get the feeling as the newer domains attempt to renew, I might see the error message pop up again.

If it happens again, I'll definitely go through all those steps.

Taking a quick look at the guide, I can see that Step 1 is fine.

In Step 2, the guide says I should see Alias /.well-known in /etc/httpd/conf/extra/httpd-alias.conf

In mine, it shows:
Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge

Could be the problem?
 
Were the SSL certs. Transferred over from another control panel. OR were the created through the DA panel like you did this one you had issue with?
 
Last edited:
- I was running an old version of DirectAdmin, on an old server. That version of DirectAdmin didn't support anything to do with Let's Encrypt certificates.

- On this old server, I had 10 domains, and I was renewing the Let's Encrypt certificates myself, by using certbot through the command line and cron. example: certbot-auto renew

- I then setup a brand new server, with the latest version of DA. As far as I know, nothing relating to the old server control panel should have any impact on the control panel on the new server. Nothing was transferred over, I had to setup DA from scratch.

- On the new server, with the new DA install, I created the same 10 domains, and only ever used the DA interface to setup and manage the Let's Encrypt certificates.
 
Update: As expected, the other domains started trying to renew last night, but are producing the same error.

2. Next, we'll want to confirm the Alias /.well-known has been added to the file...

I performed these steps, but
/etc/httpd/conf/extra/httpd-alias.conf

does not appear in the file.

It still shows:
Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge

Should I add it manually?

3. To manually test things, create a file like this:
and then test it via:

^^^ This works fine

4. If that works, but you still get the error, then try out exactly what curl is running. Login to ssh as root, and type:
/usr/local/bin/curl -I -L -k -X GET http://mydomain.com/.well-known/acme-challenge/test.txt

My output (edited out my domain name) shows:
HTTP/1.1 200 OK
Date: Wed, 14 Oct 2020 19:49:24 GMT
Content-Type: text/plain
Content-Length: 5
Connection: keep-alive
Set-Cookie: __cfduid=da7bd0fbf26bedeb9884c57ac32984e891602704964; expires=Fri, 13-Nov-20 19:49:24 GMT; path=/; domain=.mydomain.com; HttpOnly; SameSite=Lax
Last-Modified: Wed, 14 Oct 2020 19:42:40 GMT
ETag: "5-5b1a6bbfdcf1b"
Accept-Ranges: bytes
Vary: User-Agent
CF-Cache-Status: DYNAMIC
cf-request-id: 05ca4211dc0000eceac021e000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=70&lkg-time=1602704964"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 5e23d2c95a48ecea-YUL

5. Another testing tool is to run bash in -x mode, eg:

staging=yes bash -x ./letsencrypt.sh request mydomain.com

Just to note When I executed this command, it could not find letsencrypt.sh

I had to change to the /usr/local/directadmin/scripts directory

Executing it here worked.

The output is long. I can attach it as a file if needed.

Here are some snippets (domain name edited):

+ /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 8.8.8.8 --accept-tos -s https://acme-staging-v02.api.letsencrypt.org/directory -m [email protected]4D3L-NETWORK.COM --http --http.webroot /var/www/html -d www.mydomain.com -d mydomain.com --key-type ec256 run --no-bundle
2020/10/14 13:56:38 No key found for account [email protected]4D3L-NETWORK.COM. Generating a P256 key.
2020/10/14 13:56:38 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]4D3L-NETWORK.COM/keys/[email protected]4D3L-NETWORK.COM.key
2020/10/14 13:56:39 [INFO] acme: Registering account for [email protected]4D3L-NETWORK.COM

^^ Anything to do with the problem?

2020/10/14 13:56:40 [INFO] [www.mydomain.com, mydomain.com] acme: Obtaining SAN certificate
2020/10/14 13:56:40 [INFO] [www.mydomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1XXXXXXX
2020/10/14 13:56:40 [INFO] [mydomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1XXXXXX
2020/10/14 13:56:40 [INFO] [www.mydomain.com] acme: Could not find solver for: tls-alpn-01
2020/10/14 13:56:40 [INFO] [www.mydomain.com] acme: use http-01 solver
2020/10/14 13:56:40 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01
2020/10/14 13:56:40 [INFO] [mydomain.com] acme: use http-01 solver
2020/10/14 13:56:40 [INFO] [www.mydomain.com] acme: Trying to solve HTTP-01
2020/10/14 13:56:45 [INFO] [www.mydomain.com] The server validated our request
2020/10/14 13:56:45 [INFO] [mydomain.com] acme: Trying to solve HTTP-01
2020/10/14 13:56:51 [INFO] [mydomain.com] The server validated our request
2020/10/14 13:56:51 [INFO] [www.mydomain.com, mydomain.com] acme: Validations succeeded; requesting certificates
2020/10/14 13:56:51 [INFO] [www.mydomain.com] Server responded with a certificate.

+ echo 'Certificate for www.mydomain.com,mydomain.com has been created successfully!'
Certificate for www.mydomain.com,mydomain.com has been created successfully!
 
by using certbot through the command line
Update: As expected, the other domains started trying to renew last night, but are producing the same error.

There have been some posts around the system that won't renew old certs done by some other means correctly. I would renew all the certs early if you want through the User panel.
 
I have the same problem.

When I re-request the certificate from the user panel or via CLI it does not create the .san_config of that domain and its errors out when it want to auto-renew.

while it does process the request (not renew) without errors.

For me it are also migrated accounts, from an old server to a new server, on the new server I enabled lets encrypt for these domains, as it happens with all ssl domains on that server.
 
CSR config file /usr/local/directadmin/data/users/<user>/domains/<domain>.san_config passed but does not exist or is empty.
ls: cannot access '/usr/local/directadmin/data/users/<user>/domains/<domain>.san_config': No such file or directory

The error is correct as the file is indeed missing.

Also the time of install is around august, like the OP. first renew worked around it with the idea to fix it later. I also have this issue on a similar server where the client moved to from a old server around the same time.
 
Last edited:
CSR config file /usr/local/directadmin/data/users/<user>/domains/<domain>.san_config passed but does not exist or is empty.
ls: cannot access '/usr/local/directadmin/data/users/<user>/domains/<domain>.san_config': No such file or directory

The error is correct as the file is indeed missing.

Also the time of install is around august, like the OP. first renew worked around it with the idea to fix it later.
Are you sure you run latest version of DirectAdmin?
 
Are you sure you run latest version of DirectAdmin?
I updated last renew, to be sure. but did not fix it apparently then.

I see its was out of date 1.61.3 so updated to .5 and re-requested the certificate. but the .san_config files are still missing.

I also updated lets encrypt today.
 
I also ran `staging=yes bash -x ./letsencrypt.sh request`

but I dont see any errors that it was not able to create the .san_config file.
Code:
staging=yes bash -x ./letsencrypt.sh request <DOMAIN>

++ /usr/bin/id -u

+ MYUID=0

+ '[' 0 '!=' 0 ']'

+ LEGO=/usr/local/bin/lego

+ DNS_SERVER=8.8.8.8

+ DNS6_SERVER=2001:4860:4860::8888

+ NEW_IP=1.1.1.1

+ NEW6_IP=2606:4700:4700::1111

+ DA_IPV6=false

+ TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb

+ LEGO_DATA_PATH=/usr/local/directadmin/data/.lego

+ '[' 2 -lt 2 ']'

+ '[' 2 -lt 3 ']'

+ KEY_SIZE=ec256

+ ECC_USED=true

+ ECC=secp384r1

+ KEY_SIZE=

+ '[' '' = secp384r1 ']'

+ '[' '' = prime256v1 ']'

+ '[' '' = 4096 ']'

+ '[' '' = 2048 ']'

+ '[' '' = 8192 ']'

+ ECC=prime256v1

+ KEY_SIZE=ec256

+ ECC_USED=true

+ DA_BIN=/usr/local/directadmin/directadmin

+ '[' '!' -s /usr/local/directadmin/directadmin ']'

+ '[' request = present ']'

+ '[' request = cleanup ']'

+ /usr/local/directadmin/directadmin c

+ grep -m1 -q '^ipv6=1$'

+ CURL=/usr/local/bin/curl

+ '[' '!' -x /usr/local/bin/curl ']'

+ DIG=/usr/bin/dig

+ '[' '!' -x /usr/bin/dig ']'

+ '[' yes = yes ']'

+ API_URI=acme-staging-v02.api.letsencrypt.org

+ API=https://acme-staging-v02.api.letsencrypt.org

+ CHALLENGETYPE=http

+ GENERAL_TIMEOUT=40

+ CURL_OPTIONS='--connect-timeout 40 -k --silent'

++ uname

+ OS=Linux

+ OPENSSL=/usr/bin/openssl

++ date +%s

+ TIMESTAMP=1609757198

++ /usr/local/directadmin/directadmin c

++ grep '^letsencrypt='

++ cut -d= -f2

+ LETSENCRYPT_OPTION=1

++ /usr/local/directadmin/directadmin c

++ grep '^secure_access_group='

++ cut -d= -f2

+ ACCESS_GROUP_OPTION=access

+ FILE_CHOWN=diradmin:mail

+ FILE_CHMOD=640

+ '[' access '!=' '' ']'

+ FILE_CHOWN=diradmin:access

+ '[' '!' -x /usr/local/bin/lego ']'

+ DOCUMENT_ROOT=

+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge

+ '[' '!' -z '' ']'

+ APPEND_SERVER='-s https://acme-staging-v02.api.letsencrypt.org/directory'

++ hostname -f

+ SERVER_HOSTNAME=<HOSTNAME>

+ '[' -z <HOSTNAME> ']'

+ '[' '!' -s /usr/local/directadmin/data/users/admin/user.conf ']'

+ ADMIN_USERCONF=/usr/local/directadmin/data/users/admin/user.conf

+ '[' '!' -z /usr/local/directadmin/data/users/admin/user.conf ']'

+ '[' -s /usr/local/directadmin/data/users/admin/user.conf ']'

++ grep -m1 '^email=' /usr/local/directadmin/data/users/admin/user.conf

++ cut -d= -f2

++ cut -d, -f1

+ EMAIL=admin@<HOSTNAME>

+ '[' -z admin@<HOSTNAME> ']'

+ DOMAIN=<DOMAIN>

+ '[' '' '!=' yes ']'

+ FOUNDDOMAIN=0

++ echo <DOMAIN>

++ tr , ' '

+ for TDOMAIN in `echo "${DOMAIN}" | tr ',' ' '`

+ DOMAIN_NAME_FOUND=<DOMAIN>

++ echo <DOMAIN>

++ perl -p0 -e 's#\.#\\.#g'

+ DOMAIN_ESCAPED='<DOMAIN ESCAPED>'

+ grep -m1 -q '^<DOMAIN ESCAPED>:' /etc/virtual/domainowners

++ grep -m1 '^<DOMAIN ESCAPED>:' /etc/virtual/domainowners

++ cut '-d ' -f2

+ USER=<USER>

+ HOSTNAME=0

+ FOUNDDOMAIN=1

+ break

+ '[' 1 -eq 0 ']'

+ CSR_CF_FILE=

+ '[' '' '!=' '' ']'

+ DA_USERDIR=/usr/local/directadmin/data/users/<USER>

+ DA_CONFDIR=/usr/local/directadmin/conf

+ HOSTNAME_DIR=/var/www/html

+ '[' '!' -d /usr/local/directadmin/data/users/<USER> ']'

+ '[' '!' -d /usr/local/directadmin/conf ']'

+ '[' 0 -eq 0 ']'

+ DNSPROVIDER_FALLBACK=/usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.dnsprovider

+ '[' -s /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.dnsprovider ']'

+ KEY=/usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.key

+ CERT=/usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert

+ CACERT=/usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cacert

+ '[' '' '!=' '' ']'

+ /usr/local/directadmin/directadmin c

+ grep -m1 -q '^letsencrypt=2$'

+ DOMAIN_DIR=/var/www/html

+ WELLKNOWN_PATH=/var/www/html/.well-known/acme-challenge

+ '[' -s /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert ']'

+ '[' request = renew ']'

+ '[' request = request ']'

+ echo <DOMAIN>

+ grep -m1 -q ,

+ '[' -s '' ']'

+ '[' -s /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert ']'

+ /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert

+ grep -m1 -q 'Subject Alternative Name:'

++ /usr/bin/openssl x509 -text -noout -in /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert

++ grep -m1 'Subject Alternative Name:' -A1

++ perl -p0 -e 's|DNS:||g'

++ grep DNS:

++ tr -d ' '

+ DOMAIN=<DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN>

+ '[' '!' -e /var/www/html ']'

+ echo <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN>

+ grep -m1 -q ,

++ echo <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN>

++ perl -p0 -e 's/,/ -d /g'

+ DOMAINS='<DOMAIN> -d ftp.<DOMAIN> -d mail.<DOMAIN> -d pop.<DOMAIN> -d smtp.<DOMAIN> -d www.<DOMAIN>'

+ DOMAIN_FLAG='-d <DOMAIN> -d ftp.<DOMAIN> -d mail.<DOMAIN> -d pop.<DOMAIN> -d smtp.<DOMAIN> -d www.<DOMAIN>'

++ echo <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN>

++ cut -d, -f1

+ FIRST_DOMAIN=<DOMAIN>

+ CHALLENGETYPE=http

+ '[' -s /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.dnsprovider ']'

+ '[' '!' -z '' ']'

+ echo '-d <DOMAIN> -d ftp.<DOMAIN> -d mail.<DOMAIN> -d pop.<DOMAIN> -d smtp.<DOMAIN> -d www.<DOMAIN>'

+ grep -m1 -q '*\.'

++ echo <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN>

++ perl -p0 -e 's/,/ /g'

++ perl -p0 -e 's/^\*.//g'

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check <DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA <DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo <DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- issue

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ true

+ '[' http = http ']'

+ challenge_check <DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA <DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ grep -m1 -q :

+ echo ''

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 <DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig <DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 <DOMAIN>

++ /usr/bin/dig @8.8.8.8 <DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig <DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ /usr/local/bin/curl --help

+ grep -m1 -q resolve

+ CURL_RESOLV_OPTIONS='--resolve <DOMAIN>:80:<IP> --resolve <DOMAIN>:443:<IP>'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve <DOMAIN>:80:<IP> --resolve <DOMAIN>:443:<IP> -I -L -X GET http://<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ grep -m1 -q 'HTTP.*200'

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check ftp.<DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA ftp.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo ftp.<DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ grep -m1 -q -F -- SERVFAIL

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA ftp.<DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA ftp.<DOMAIN> @8.8.8.8

+ true

+ '[' http = http ']'

+ challenge_check ftp.<DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA ftp.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ echo ''

+ grep -m1 -q :

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 ftp.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig ftp.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 ftp.<DOMAIN>

++ /usr/bin/dig @8.8.8.8 ftp.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig ftp.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ /usr/local/bin/curl --help

+ grep -m1 -q resolve

+ CURL_RESOLV_OPTIONS='--resolve ftp.<DOMAIN>:80:<IP> --resolve ftp.<DOMAIN>:443:<IP>'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve ftp.<DOMAIN>:80:<IP> --resolve ftp.<DOMAIN>:443:<IP> -I -L -X GET http://ftp.<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ grep -m1 -q 'HTTP.*200'

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check mail.<DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA mail.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo mail.<DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ grep -m1 -q -F -- SERVFAIL

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA mail.<DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA mail.<DOMAIN> @8.8.8.8

+ true

+ '[' http = http ']'

+ challenge_check mail.<DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA mail.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ grep -m1 -q :

+ echo ''

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 mail.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig mail.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 mail.<DOMAIN>

++ /usr/bin/dig @8.8.8.8 mail.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig mail.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ /usr/local/bin/curl --help

+ grep -m1 -q resolve

+ CURL_RESOLV_OPTIONS='--resolve mail.<DOMAIN>:80:<IP> --resolve mail.<DOMAIN>:443:<IP>'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve mail.<DOMAIN>:80:<IP> --resolve mail.<DOMAIN>:443:<IP> -I -L -X GET http://mail.<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ grep -m1 -q 'HTTP.*200'

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check pop.<DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA pop.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo pop.<DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA pop.<DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA pop.<DOMAIN> @8.8.8.8

+ true

+ '[' http = http ']'

+ challenge_check pop.<DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA pop.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ grep -m1 -q :

+ echo ''

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 pop.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig pop.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 pop.<DOMAIN>

++ tail -n1

++ /usr/bin/dig @8.8.8.8 pop.<DOMAIN> +short

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig pop.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ grep -m1 -q resolve

+ /usr/local/bin/curl --help

+ CURL_RESOLV_OPTIONS='--resolve pop.<DOMAIN>:80:<IP> --resolve pop.<DOMAIN>:443:<IP>'

+ grep -m1 -q 'HTTP.*200'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve pop.<DOMAIN>:80:<IP> --resolve pop.<DOMAIN>:443:<IP> -I -L -X GET http://pop.<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check smtp.<DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA smtp.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo smtp.<DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ grep -m1 -q -F -- issue

+ grep -m1 -q -F -- SERVFAIL

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA smtp.<DOMAIN> @8.8.8.8 +short

+ /usr/bin/dig CAA smtp.<DOMAIN> @8.8.8.8

+ grep -m1 -q -F -- SERVFAIL

+ true

+ '[' http = http ']'

+ challenge_check smtp.<DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA smtp.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ echo ''

+ grep -m1 -q :

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 smtp.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig smtp.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 smtp.<DOMAIN>

++ /usr/bin/dig @8.8.8.8 smtp.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig smtp.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ grep -m1 -q resolve

+ /usr/local/bin/curl --help

+ CURL_RESOLV_OPTIONS='--resolve smtp.<DOMAIN>:80:<IP> --resolve smtp.<DOMAIN>:443:<IP>'

+ grep -m1 -q 'HTTP.*200'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve smtp.<DOMAIN>:80:<IP> --resolve smtp.<DOMAIN>:443:<IP> -I -L -X GET http://smtp.<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ for domain_name in `echo ${DOMAIN} | perl -p0 -e "s/,/ /g" | perl -p0 -e "s/^\*.//g"`

+ caa_check www.<DOMAIN>

+ CAA_OK=true

++ /usr/bin/dig @8.8.8.8 AAAA www.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

++ echo www.<DOMAIN>

++ awk -F. '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8 +short

+ /usr/bin/dig CAA <DOMAIN> @8.8.8.8

+ grep -m1 -q -F -- SERVFAIL

+ for i in `echo ${1} | awk -F'.' '{b=$NF;for(i=NF-1;i>0;i--){b=$i FS b;print b}}'`

+ grep -m1 -q -F -- issue

+ /usr/bin/dig CAA www.<DOMAIN> @8.8.8.8 +short

+ /usr/bin/dig CAA www.<DOMAIN> @8.8.8.8

+ grep -m1 -q -F -- SERVFAIL

+ true

+ '[' http = http ']'

+ challenge_check www.<DOMAIN>

+ '[' '!' -d /var/www/html/.well-known/acme-challenge ']'

+ touch /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chmod 644 /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ chown webapps:webapps /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ CURL_RESOLV_OPTIONS=

++ /usr/bin/dig @8.8.8.8 AAAA www.<DOMAIN> +short

++ grep -v '\.$'

++ tail -n1

+ IP_TO_RESOLV=

+ '[' 0 -eq 9 ']'

+ grep -m1 -q :

+ echo ''

+ IP_TO_RESOLV=

+ '[' -z '' ']'

++ /usr/bin/dig @8.8.8.8 www.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig www.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' -z <IP> ']'

+ '[' -x /sbin/ping6 ']'

+ false

+ ping6 -q -c 1 -W 1 www.<DOMAIN>

++ /usr/bin/dig @8.8.8.8 www.<DOMAIN> +short

++ tail -n1

+ IP_TO_RESOLV=<IP>

++ /usr/bin/dig www.<DOMAIN> +short

++ tail -n1

+ CURRENT_RESOLV=<IP>

+ '[' '!' -z <IP> ']'

+ /usr/local/bin/curl --help

+ grep -m1 -q resolve

+ CURL_RESOLV_OPTIONS='--resolve www.<DOMAIN>:80:<IP> --resolve www.<DOMAIN>:443:<IP>'

+ /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve www.<DOMAIN>:80:<IP> --resolve www.<DOMAIN>:443:<IP> -I -L -X GET http://www.<DOMAIN>/.well-known/acme-challenge/letsencrypt_1609757198

+ grep -m1 -q 'HTTP.*200'

+ '[' '' = silent ']'

+ rm -f /var/www/html/.well-known/acme-challenge/letsencrypt_1609757198

+ '[' request = request_full ']'

+ '[' request = request_single ']'

+ '[' request = request ']'

+ /usr/local/bin/lego --path /usr/local/directadmin/data/.lego --dns.resolvers 8.8.8.8 --accept-tos -s https://acme-staging-v02.api.letsencrypt.org/directory -m admin@<HOSTNAME> --http --http.webroot /var/www/html -d <DOMAIN> -d ftp.<DOMAIN> -d mail.<DOMAIN> -d pop.<DOMAIN> -d smtp.<DOMAIN> -d www.<DOMAIN> --key-type ec256 run --no-bundle

2021/01/04 11:46:39 No key found for account admin@<HOSTNAME>. Generating a P256 key.

2021/01/04 11:46:39 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-staging-v02.api.letsencrypt.org/admin@<HOSTNAME>/keys/admin@<HOSTNAME>.key

2021/01/04 11:46:40 [INFO] acme: Registering account for admin@<HOSTNAME>

!!!! HEADS UP !!!!



Your account credentials have been saved in your Let's Encrypt

configuration directory at "/usr/local/directadmin/data/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2021/01/04 11:46:40 [INFO] [<DOMAIN>, ftp.<DOMAIN>, mail.<DOMAIN>, pop.<DOMAIN>, smtp.<DOMAIN>, www.<DOMAIN>] acme: Obtaining SAN certificate
2021/01/04 11:46:41 [INFO] [<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482226
2021/01/04 11:46:41 [INFO] [ftp.<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482227
2021/01/04 11:46:41 [INFO] [mail.<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482228
2021/01/04 11:46:41 [INFO] [pop.<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482229
2021/01/04 11:46:41 [INFO] [smtp.<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482230
2021/01/04 11:46:41 [INFO] [www.<DOMAIN>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/184482231
2021/01/04 11:46:41 [INFO] [<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [pop.<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [pop.<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [ftp.<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [ftp.<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [mail.<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [mail.<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [smtp.<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [smtp.<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [www.<DOMAIN>] acme: Could not find solver for: tls-alpn-01
2021/01/04 11:46:41 [INFO] [www.<DOMAIN>] acme: use http-01 solver
2021/01/04 11:46:41 [INFO] [<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:46:46 [INFO] [<DOMAIN>] The server validated our request
2021/01/04 11:46:46 [INFO] [pop.<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:46:51 [INFO] [pop.<DOMAIN>] The server validated our request
2021/01/04 11:46:51 [INFO] [ftp.<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:46:55 [INFO] [ftp.<DOMAIN>] The server validated our request
2021/01/04 11:46:55 [INFO] [mail.<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:47:00 [INFO] [mail.<DOMAIN>] The server validated our request
2021/01/04 11:47:00 [INFO] [smtp.<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:47:06 [INFO] [smtp.<DOMAIN>] The server validated our request
2021/01/04 11:47:06 [INFO] [www.<DOMAIN>] acme: Trying to solve HTTP-01
2021/01/04 11:47:10 [INFO] [www.<DOMAIN>] The server validated our request
2021/01/04 11:47:10 [INFO] [<DOMAIN>, ftp.<DOMAIN>, mail.<DOMAIN>, pop.<DOMAIN>, smtp.<DOMAIN>, www.<DOMAIN>] acme: Validations succeeded; requesting certificates
2021/01/04 11:47:11 [INFO] [<DOMAIN>] Server responded with a certificate.
+ '[' 0 -eq 0 ']'
+ '[' '' '!=' yes ']'
++ echo <DOMAIN>
++ tr '*' _
+ CERT_DOMAIN_FILE=<DOMAIN>
+ LEGO_CERT_PATH=/usr/local/directadmin/data/.lego/certificates/<DOMAIN>.crt
+ LEGO_KEY_PATH=/usr/local/directadmin/data/.lego/certificates/<DOMAIN>.key
++ echo /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.crt
++ perl -p0 -e 's|\.crt$|.issuer.crt|g'
+ LEGO_ISSUER_CERT_PATH=/usr/local/directadmin/data/.lego/certificates/<DOMAIN>.issuer.crt
+ '[' -s /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.crt ']'
+ '[' -s /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.key ']'
++ grep -c 'BEGIN CERTIFICATE' /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.crt
+ '[' 2 -eq 1 ']'
+ /usr/bin/openssl x509 -in /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.crt -out /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert
+ cp -pf /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.key /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.key
+ '[' -s /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.issuer.crt ']'
+ cp -pf /usr/local/directadmin/data/.lego/certificates/<DOMAIN>.issuer.crt /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cacert
+ cat /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cacert
+ date +%s
+ chown diradmin:access /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.key /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert.combined /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cacert /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert.creation_time
+ chmod 640 /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.key /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert.combined /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cacert /usr/local/directadmin/data/users/<USER>/domains/<DOMAIN>.cert.creation_time
+ echo 'Certificate for <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN> has been created successfully!'
Certificate for <DOMAIN>,ftp.<DOMAIN>,mail.<DOMAIN>,pop.<DOMAIN>,smtp.<DOMAIN>,www.<DOMAIN> has been created successfully!
+ '[' '' '!=' yes ']'
+ '[' 0 -eq 1 ']'
 
Last edited:
I see its was out of date 1.61.3 so updated to .5 and re-requested the certificate. but the .san_config files are still missing.
This is normal. It won't just error because of that now :)
 
Hello, OP here. I don't have anything useful to report. Just wanted to mention that 3 months later, I still get this error, and currently I need to manually renew my certificates for all domains as they are set to expire ('Free & automatic certificate from Let's Encrypt -> Save').

CSR config file /usr/local/directadmin/data/users/admin/domains/domain.com.san_config passed but does not exist or is empty.
ls: cannot access /usr/local/directadmin/data/users/admin/domains/domain.com.san_config: No such file or directory

Currently running Directadmin version 1.61.5

I have received messages from other users asking if I was ever able to resolve this.

The subject of this thread should probably be:

Let's Encrypt: Certificate won't automatically renew for any of my domains (.san_conf error)​

 
Last edited:
Hello, OP here. I don't have anything useful to report. Just wanted to mention that 3 months later, I still get this error, and currently I need to manually renew my certificates for all domains as they are set to expire ('Free & automatic certificate from Let's Encrypt -> Save').



Currently running Directadmin version 1.61.5

I have received messages from other users asking if I was ever able to resolve this.

The subject of this thread should probably be:

Let's Encrypt: Certificate won't automatically renew for any of my domains (.san_conf error)​

Hello,

Would you be able to try the pre-release binaries? This might be fixed already. Let us know if that works.
If not, please create a ticket, we may need to login to check.
The first thing I'd be looking for would be a retry file set to 0 in /usr/local/directadmin/data/users/username/domains/domain.com.letsencrypt_remaining_retries

John
 
We had yesterday an LE update with Custom Build, has any thing to do with this ?
No, the only thing it fixes is some leftover pre-check files (minor fix). It has no known issues.
 
Hello, OP here. I don't have anything useful to report. Just wanted to mention that 3 months later, I still get this error, and currently I need to manually renew my certificates for all domains as they are set to expire ('Free & automatic certificate from Let's Encrypt -> Save').



Currently running Directadmin version 1.61.5

I have received messages from other users asking if I was ever able to resolve this.

The subject of this thread should probably be:

Let's Encrypt: Certificate won't automatically renew for any of my domains (.san_conf error)​


The only time I have ever had issues is related to Letsencrypt. Other than rate limiting.

I had both the OS package for curl and the Custombuild curl installed at same time. Once I set
curl=no
in options.conf
then made sure only the OS curl package was installed no issues.

Note: you can do the opposite of this as well
curl=yes
in options.conf
then made sure only the CB curl package was installed.

But having both is an issue.

The only other time was way back when I came from Cpanel.
Cpanel stores the .well-known in a folder in the domains public_html directory.
I had to delete those and redo the ssl certs through DA. I think the cpanel to da script fixes that now.
If you migrated from Cpanel worth a look,
 
You might use this to check. mark Hide if you need to...
 
Back
Top