Let's Encrypt oddities seemingly out of nowhere (but in reality maybe due to a CB plugin upgrade??)

jlixfeld

Verified User
Joined
Jun 1, 2009
Messages
58
I've got a couple of odd issues that just crept up with Let's Encrypt.

On December 19th, I started getting these system messages:

Code:
Error: http://mail.otherexample.ca/.well-known/acme-challenge/letsencrypt_1576645853 is not reachable. Aborting the script.
dig output for mail.otherexample.ca:
Please make sure /.well-known alias is setup in WWW server.
<br>
That domain had expired on December 14th.

I didn't do anything about it until Dec. 25th, at which point I deleted the domain from DA after also having received an email from the Let's Encrypt Expiry Bot.

I thought it was all sorted out at this point, until I got another email from the Let's Encrypt Expiry Bot last night. There were no system messages about it, however, so I was surprised to get the email.

I checked the logs and apparently on December 17th, errortaskq started throwing these:

Code:
2019:12:17-00:12:11: Ssl::can_retry_renewal(root, hosting1.tor1.example.ca): error writing /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for 4 retries: Unable to open /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for writing: No such file or directory<br>
However, there are no domains for user root, which explains why it can't reach that file. That domain is owned by admin. But, why did this suddenly start?

Later, on the 26th errortaskq logs started throwing these:

Code:
2019:12:26-00:10:44: int Ssl::use_letsencrypt: could not find 'www.hosting1.tor1.example.ca' locally, so removing it from the /usr/local/directadmin/conf/ca.san_config
This is especially odd, because there was never a www.hosting1... subdomain. Why suddenly did LE think there was?

I checked DA's settings and found:

Code:
root@hosting1:/var/log/directadmin# /usr/local/directadmin/directadmin c | grep letsencrypt
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_foreground_http_max=10
letsencrypt_renewal_failure_notice_after_attempt=5
letsencrypt_disable_renew_after_renew_failure=0
letsencrypt_max_requests_per_week=100
letsencrypt_multidomain_cert=3
letsencrypt_renewal_success_notice=0
letsencrypt_renewal_notice_to_admins=1
letsencrypt_renewal_error_to_users=1
renew_letsencrypt_on_suspended_domain=0
letsencrypt_account_email=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
root@hosting1:/var/log/directadmin#
But the letsencrypt_list[_selected] was implemented in Version 1.501, but I'm running 1.59.5, so if this setting somehow affected things, it should have started to cause issues around when I upgraded to 1.50.1, which apparently was late 2016.

So I have no idea why I'm getting those last two error logs now, daily.

I'm running CustomBuild 2.0.0.2337, and I do recall doing some updates about a week or so ago. I don't remember exactly what those updates were. The log files aged out a week ago, and all I have now are logs from upgrades I just did today for nginx and phpMyAdmin. Regardless, I can't imagine why a CB plugin upgrade would cause this...

Any pointers?
 
Last edited:

jlixfeld

Verified User
Joined
Jun 1, 2009
Messages
58
As a follow-up to this, I looked in /usr/local/directadmin/conf/ca.san_config to see if www.hosting1.tor1.example.ca had actually been removed, since the same error about that hostname is repeating repeating every day (with the same attempt number, which also strikes me as strange).

That hostname is still in the file. The timestamp on the file matches the last log entry about the error. The permissions look correct.

Any ideas?

Code:
2019:12:31-00:10:50: int Ssl::use_letsencrypt: could not find 'www.hosting1.tor1.example.ca' locally, so removing it from the /usr/local/directadmin/conf/ca.san_config
Error: http://www.hosting1.tor1.example.ca/.well-known/acme-challenge/letsencrypt_1577769050 is not reachable. Aborting the script.
2019:12:31-00:11:05: Ssl::can_retry_renewal(root, hosting1.tor1.example.ca): error writing /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for 4 retries: Unable to open /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for writing: No such file or directory<br>
2019:12:31-00:11:05: Let's encrypt renewal attempt 4/5 for hosting1.tor1.example.ca failed, but will try again tomorrow.  No notice has been sent.
2020:01:01-00:10:50: int Ssl::use_letsencrypt: could not find 'www.hosting1.tor1.example.ca' locally, so removing it from the /usr/local/directadmin/conf/ca.san_config
Error: http://www.hosting1.tor1.example.ca/.well-known/acme-challenge/letsencrypt_1577855450 is not reachable. Aborting the script.
2020:01:01-00:11:03: Ssl::can_retry_renewal(root, hosting1.tor1.example.ca): error writing /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for 4 retries: Unable to open /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for writing: No such file or directory<br>
2020:01:01-00:11:03: Let's encrypt renewal attempt 4/5 for hosting1.tor1.example.ca failed, but will try again tomorrow.  No notice has been sent.
2020:01:01-04:21:36: int Ssl::use_letsencrypt: could not find 'www.hosting1.tor1.example.ca' locally, so removing it from the /usr/local/directadmin/conf/ca.san_config
Error: http://www.hosting1.tor1.example.ca/.well-known/acme-challenge/letsencrypt_1577870497 is not reachable. Aborting the script.
2020:01:01-04:21:52: Ssl::can_retry_renewal(root, hosting1.tor1.example.ca): error writing /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for 4 retries: Unable to open /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for writing: No such file or directory<br>
2020:01:01-04:21:52: Let's encrypt renewal attempt 4/5 for hosting1.tor1.example.ca failed, but will try again tomorrow.  No notice has been sent.
Code:
root@hosting1:/var/log/directadmin# ls -al /usr/local/directadmin/conf/ca.san_config
-rw------- 1 diradmin diradmin 442 Jan  1 04:21 /usr/local/directadmin/conf/ca.san_config
root@hosting1:/var/log/directadmin#
 
Top