Let's encrypt stopped working

Neograph734

Verified User
Joined
Sep 17, 2014
Messages
18
Yesterday an automated renewal of a letsencrypt certificate failed with this message:

Code:
Getting challenge for domain.nl from acme-server...
/usr/local/directadmin/scripts/letsencrypt.sh: line 319: /var/www/html/.well-known/acme-challenge/: Is a directory
/usr/local/directadmin/scripts/letsencrypt.sh: line 322: [: -ne: unary operator expected
Waiting for domain verification...
rm: cannot remove `/var/www/html/.well-known/acme-challenge/': Is a directory
Challenge is . Details: . Exiting...

In fact every other request I make now seems to fail as well with a similar message. Did letsencrypt update their API and has the DA script become incompatible? Or is this a letsencrypt issue? The services seem to be working: https://letsencrypt.status.io
 
Thanks, I will check those out. Any idea when a new stable release will be available? (I have had some bad experiences with beta software)
 
Is it only the script that has changed to fix this, or are the new binaries really needed?

If it's only the script, anybody who would like to upload it so we can replace it manually without the need to go to pre-release binaries on a production system?
 
I'm curious to know when a new stable release including this fix will be available as well?

Also what exactly is causing the problem?
 
I'm curious to know when a new stable release including this fix will be available as well?

Also what exactly is causing the problem?

Hi,

If you download the pre release tar.gz and extract it, you can copy the letsencrypt.sh file from the scripts folder over to the directadmin scripts folder.
It will get replaced on the next upgraded since it's not in the custom directory, but that won't be a problem since the fix will be in there anyways.

This worked for me, I was able to create a new let's encrypt certificate for a website.
I'm now only wondering if the failed renewal will be tried again tomorrow.

regards,
Stijn
 
Hi,

If you download the pre release tar.gz and extract it, you can copy the letsencrypt.sh file from the scripts folder over to the directadmin scripts folder.
It will get replaced on the next upgraded since it's not in the custom directory, but that won't be a problem since the fix will be in there anyways.

This worked for me, I was able to create a new let's encrypt certificate for a website.
I'm now only wondering if the failed renewal will be tried again tomorrow.

regards,
Stijn

I grabbed the update.tar.gz via this process (I hope that's the right file?). I took the letsencrypt.sh script from there and put it in my /usr/local/directadmin/scripts, restarted DirectAdmin, but it's still failing with the same error.

Edit: Disregard the above. I went to the Client Area and grabbed the pre-release binaries and used the script out of that and it's working now. Thanks!
 
Last edited:
Weird. I replaced almost all my certs by hand through the panel last friday, because it turned out the automatic renewal hadn't worked right, despite of mailing me it did.
I wanted to renew a cert from another site today and now I get the same error as in the opening post, didn't recall on updating Custombuild yesterday, but whatever.

I purchased my license through a reselling hoster in the Netherlands which means I can't login to the client area of DirectAdmin. Is there any way this can be fixed another way around, smtalk? It's became a nasty problem right now. Had to get the old cert from a backup, but will expire in a few days.

Maybe someone can post the new letsencrypt.sh here? Or would that be illegal?
 
I purchased my license through a reselling hoster in the Netherlands which means I can't login to the client area of DirectAdmin. Is there any way this can be fixed another way around, smtalk?

Yup it appears the same applies to me. No way for me to get the script and most domains are near expiry... If the letsencrypt script cannot be posted here, could we perhaps get it via Personal Message or something?
 
All this manual 'pre-release'-stuff is nice, but I'm kinda wondering why DA doesn't simply push out the update, since there's obviously something important needing to be fixed which causes plenty of issues for some?
 
All this manual 'pre-release'-stuff is nice, but I'm kinda wondering why DA doesn't simply push out the update, since there's obviously something important needing to be fixed which causes plenty of issues for some?

This. Puzzles me completely.
 
Let's encrypt support was marked as BETA in DirectAdmin 1.50: https://www.directadmin.com/features.php?id=1828. That's the reason why a new version of DA hasn't been released just to fix the let's encrypt issue.

To fix the script for DA 1.50 it's enough to change the following line:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"
 
Let's encrypt support was marked as BETA in DirectAdmin 1.50: https://www.directadmin.com/features.php?id=1828. That's the reason why a new version of DA hasn't been released just to fix the let's encrypt issue.

To fix the script for DA 1.50 it's enough to change the following line:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"

Thanks for explaining and helping here! This fixed the issue for me.
 
hi smtalk,
Could you tell me where to modify these lines.
many thanks

Let's encrypt support was marked as BETA in DirectAdmin 1.50: https://www.directadmin.com/features.php?id=1828. That's the reason why a new version of DA hasn't been released just to fix the let's encrypt issue.

To fix the script for DA 1.50 it's enough to change the following line:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"
 
Worked

Great, it worked for me with replacing to:

HTML:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"
 
Let's encrypt support was marked as BETA in DirectAdmin 1.50: https://www.directadmin.com/features.php?id=1828. That's the reason why a new version of DA hasn't been released just to fix the let's encrypt issue.

To fix the script for DA 1.50 it's enough to change the following line:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"

Thank you! Works great.
 
Let's encrypt support was marked as BETA in DirectAdmin 1.50: https://www.directadmin.com/features.php?id=1828. That's the reason why a new version of DA hasn't been released just to fix the let's encrypt issue.

To fix the script for DA 1.50 it's enough to change the following line:
Code:
CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:
Code:
CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"

Thank you! I can confirm this works great!
 
Back
Top