Let's Encrypt SSL Issue

Warpline

New member
Joined
Jul 1, 2019
Messages
4
We were recently rate limited by Let's Encrypt on our biggest server with about 900 domains on it. Per the advice of DA support, I was told the following:

Well, you should be able to re-request certs by removing directadmin letsencrypt main key.
cd /usr/local/directadmin/
rm -f conf/letsencrypt*

So, that's what I did. This spawned a ton of "/usr/bin/openssl/ genrsa 4096" processes which brought our loads up to 500+ for some time.

After trying to generate an SSL certificate, we now get the error:

hown: cannot access ‘/usr/local/directadmin/conf/letsencrypt.key’: No such file or directory
Error opening Private Key /usr/local/directadmin/conf/letsencrypt.key
140500054321040:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
140500054321040:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
Error opening Private Key /usr/local/directadmin/conf/letsencrypt.key
140429798471568:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
140429798471568:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
Error opening key file /usr/local/directadmin/conf/letsencrypt.key
139626398738320:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/usr/local/directadmin/conf/letsencrypt.key','r')
139626398738320:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load key file
Account registration error. Response: HTTP/2 400
server: nginx
date: Fri, 01 Nov 2019 22:37:47 GMT
content-type: application/problem+json
content-length: 108
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002M9O4cHl_7spbRYkxqIfhcqxgxEixoqgOTpbrmbeF3E4

{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}.


I have already tried:
cd /usr/local/directadmin/custombuild
./build letsencrypt

Can anyone point me in the right direction?
 

Warpline

New member
Joined
Jul 1, 2019
Messages
4
Additionally, it seems as if the key file is being created, permission is being changed on it, and then deleted after some time. There is no key entry in it either. It seems to create an empty file and then delete it.
 

Warpline

New member
Joined
Jul 1, 2019
Messages
4
Just to follow up for anyone who might have this problem in the future...

DirectAdmin support replied with the following message:

letsencrypt.key is still in use by some processes. Would it be possible to reboot the server? You may do it at anytime you prefer, after reboot, just do:
cd /usr/local/directadmin/custombuild
./build letsencrypt

So, I rebooted the server and performed the above commands. That did the trick. It seems like we have a workaround to the issue for now.
 

webhostingux

Verified User
Joined
Oct 29, 2019
Messages
18
Just to follow up for anyone who might have this problem in the future...

DirectAdmin support replied with the following message:

letsencrypt.key is still in use by some processes. Would it be possible to reboot the server? You may do it at anytime you prefer, after reboot, just do:
cd /usr/local/directadmin/custombuild
./build letsencrypt

So, I rebooted the server and performed the above commands. That did the trick. It seems like we have a workaround to the issue for now.
Hem...why need to reboot? maybe better just to find all LE process and then try re-rung LE as rebooting server will bring down server for few minutes and if it's production... :)
 
Top