krisiskris
Verified User
- Joined
- Jan 2, 2019
- Messages
- 24
We've been running DirectAdmin with Let's Encrypt on one specific server for years, without any issues. But all of a sudden, it's not possible to create or renew SSL certificates for any of the domains on the server.
The error we're getting for all domains is more or less:
We've tried forcing the renewal via IPv4, as I've read IPv6 can cause issues, also without any luck.
To test if the users' public_html/.well-known/ directories are accessible, we created a basic test file. These are all working fine; its contents are readable from remote web browsers.
We did notice when creating the subdirectory public_html/.well-known/acme-challenge and placing the test file in there, it wasn't accessible remotely with a 404-error. This is both the case when accessing via http as https. Not sure if this is normal behaviour though.
We've compared situations with a similar server running the same OS and DirectAdmin versions, but can't seem to find any reason why that server is working correctly, compared to the one we're having issues with.
edit:
DirectAdmin systemlog shows the following error:
Any help on this would be greatly appreciated. Thanks in advance,
Kris
The error we're getting for all domains is more or less:
As this looks like DNS issues at first glance, we double-checked all A and AAAA records but these all point to the correct server. This is also the case for all domains running into the same issues. We also changed the letsencrypt.sh script to use 1.1.1.1 as DNS, instead of Googles default DNS server, with no difference in outcome. The domains also all have a CAA record permitting Let's Encrypt certificate issuing.my.domain was skipped due to unreachable http://my.domain/.well-known/acme-challenge/letsencrypt_cbc569309e0eaaecea80f917e070bc81 file.
www.my.domain was skipped due to unreachable http://www.my.domain/.well-known/acme-challenge/letsencrypt_0c3667bb8c9b20a82d401c58a038ffde file.
No domains pointing to this server to generate the certificate for.
We've tried forcing the renewal via IPv4, as I've read IPv6 can cause issues, also without any luck.
To test if the users' public_html/.well-known/ directories are accessible, we created a basic test file. These are all working fine; its contents are readable from remote web browsers.
We did notice when creating the subdirectory public_html/.well-known/acme-challenge and placing the test file in there, it wasn't accessible remotely with a 404-error. This is both the case when accessing via http as https. Not sure if this is normal behaviour though.
We've compared situations with a similar server running the same OS and DirectAdmin versions, but can't seem to find any reason why that server is working correctly, compared to the one we're having issues with.
edit:
DirectAdmin systemlog shows the following error:
2024:08:26-13:22:44: LetsEncrypt(164759): /usr/local/directadmin/scripts/letsencrypt.sh request 'my.domain' secp384r1 /usr/local/directadmin/data/users/user/domains/my.domain.ssltmpVD1g4v
2024:08:26-13:22:50: LetsEncrypt(164759): exit code: 1 for domain='my.domain'
2024:08:26-13:23:48: httpd reloaded
Any help on this would be greatly appreciated. Thanks in advance,
Kris
Last edited: