I've got a couple of odd issues that just crept up with Let's Encrypt.
On December 19th, I started getting these system messages:
That domain had expired on December 14th.
I didn't do anything about it until Dec. 25th, at which point I deleted the domain from DA after also having received an email from the Let's Encrypt Expiry Bot.
I thought it was all sorted out at this point, until I got another email from the Let's Encrypt Expiry Bot last night. There were no system messages about it, however, so I was surprised to get the email.
I checked the logs and apparently on December 17th, errortaskq started throwing these:
However, there are no domains for user root, which explains why it can't reach that file. That domain is owned by admin. But, why did this suddenly start?
Later, on the 26th errortaskq logs started throwing these:
This is especially odd, because there was never a www.hosting1... subdomain. Why suddenly did LE think there was?
I checked DA's settings and found:
But the letsencrypt_list[_selected] was implemented in Version 1.501, but I'm running 1.59.5, so if this setting somehow affected things, it should have started to cause issues around when I upgraded to 1.50.1, which apparently was late 2016.
So I have no idea why I'm getting those last two error logs now, daily.
I'm running CustomBuild 2.0.0.2337, and I do recall doing some updates about a week or so ago. I don't remember exactly what those updates were. The log files aged out a week ago, and all I have now are logs from upgrades I just did today for nginx and phpMyAdmin. Regardless, I can't imagine why a CB plugin upgrade would cause this...
Any pointers?
On December 19th, I started getting these system messages:
Code:
Error: http://mail.otherexample.ca/.well-known/acme-challenge/letsencrypt_1576645853 is not reachable. Aborting the script.
dig output for mail.otherexample.ca:
Please make sure /.well-known alias is setup in WWW server.
<br>
That domain had expired on December 14th.
I didn't do anything about it until Dec. 25th, at which point I deleted the domain from DA after also having received an email from the Let's Encrypt Expiry Bot.
I thought it was all sorted out at this point, until I got another email from the Let's Encrypt Expiry Bot last night. There were no system messages about it, however, so I was surprised to get the email.
I checked the logs and apparently on December 17th, errortaskq started throwing these:
Code:
2019:12:17-00:12:11: Ssl::can_retry_renewal(root, hosting1.tor1.example.ca): error writing /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for 4 retries: Unable to open /usr/local/directadmin/data/users/root/domains/hosting1.tor1.example.ca.letsencrypt_remaining_retries for writing: No such file or directory<br>
However, there are no domains for user root, which explains why it can't reach that file. That domain is owned by admin. But, why did this suddenly start?
Later, on the 26th errortaskq logs started throwing these:
Code:
2019:12:26-00:10:44: int Ssl::use_letsencrypt: could not find 'www.hosting1.tor1.example.ca' locally, so removing it from the /usr/local/directadmin/conf/ca.san_config
This is especially odd, because there was never a www.hosting1... subdomain. Why suddenly did LE think there was?
I checked DA's settings and found:
Code:
root@hosting1:/var/log/directadmin# /usr/local/directadmin/directadmin c | grep letsencrypt
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_foreground_http_max=10
letsencrypt_renewal_failure_notice_after_attempt=5
letsencrypt_disable_renew_after_renew_failure=0
letsencrypt_max_requests_per_week=100
letsencrypt_multidomain_cert=3
letsencrypt_renewal_success_notice=0
letsencrypt_renewal_notice_to_admins=1
letsencrypt_renewal_error_to_users=1
renew_letsencrypt_on_suspended_domain=0
letsencrypt_account_email=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
root@hosting1:/var/log/directadmin#
But the letsencrypt_list[_selected] was implemented in Version 1.501, but I'm running 1.59.5, so if this setting somehow affected things, it should have started to cause issues around when I upgraded to 1.50.1, which apparently was late 2016.
So I have no idea why I'm getting those last two error logs now, daily.
I'm running CustomBuild 2.0.0.2337, and I do recall doing some updates about a week or so ago. I don't remember exactly what those updates were. The log files aged out a week ago, and all I have now are logs from upgrades I just did today for nginx and phpMyAdmin. Regardless, I can't imagine why a CB plugin upgrade would cause this...
Any pointers?
Last edited: