Problem with Certificate Auto Renew Let's Encrypt

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
Hello,

Try and check directadmin logs and system messages, they should give clues on why automatic renewal fails.
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
System message no info about ssl
Which exactly log? Error Log, Cron Log..?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
If DIrectadmin fails to renew a cert admins get notified about it via system messages and by email.

Check /var/log/directadmin/ for clues.

Reset creation time to 0 in the files or selectively per domain:

/usr/local/directadmin/data/users/*/domains/*.cert.creation_time

and run a process in a debug mode:



Code:
echo "action=rewrite&value=letsencrypt" >> /usr/local/directadmin/data/task.queue && /usr/local/directadmin/dataskq d800
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
I do not see any info in the logs about ssl maybe i gonna wait to 30 may
In the domains/*.cert.creation_time there is on file 'cert.creation_time ' i do no how to reset creation time to 0


Debug mode. Level 800

root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
done queue


Edit ok i found *.cert.creation_time i need open and change to 0?
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
the second command should be executed now, it has no sense to run it without prior resetting creation time.

#4
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
Sorry, i do not expert in DA :) i get now :


root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
done queue
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
expected reply:

Code:
Debug mode. Level 800


root priv set: uid:0 gid:0 euid:0 egid:0
pidfile written
starting queue
dataskq: command: action=rewrite&value=letsencrypt
[B]LetsEncrypt renewal on domain.com has succeeded. Not sending a notice.[/B]
done queue
Change time to 100 instead of 0, otherwise it will give

Code:
Unable to read the time from the string '0' from the file /usr/local/directadmin/data/users/userbob/domains/domain.com.cert.creation_time
and try the same.

+ Then post here in text results from

Code:
/usr/local/directadmin/directadmin c | grep letsencrypt
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_max_requests_per_week=20
letsencrypt_multidomain_cert=2
letsencrypt_renewal_success_notice=0
renew_letsencrypt_on_suspended_domain=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
Contact directadmin developers for a possibly free audit on your server or me for a paid support.
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
I asked DA Support "So I'd recommend changing your hostname to be something like: server.domain.com" now is domain.com
https://help.directadmin.com/item.php?id=405

But when i do this domain.com do not work i get
DNS_PROBE_FINISHED_NXDOMAIN"

MX, A records exist
I have Local Data :NO hmm..

I don't understand step 2 i have to add to directadmin.conf named_rename_hostname_zone=1 ?
DA as well do not work, webmail. but subdomain (demo)works good.


Thanks
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
if you changed your domain name or hostname, make sure you still have the correct DNS zone and records.

Kindly provide a real domain name if you need more detailed help.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
server.web-komp.eu, and web-komp.eu resolve fine.

Directadmin is not accessible. What error do you see in Directadmin logs under /var/log/directadmin/?

I could fix it for you quickly, if you want, contact me privately for a paid support. It is OK if we proceed here, and it might take a while to check/test/fix.
 

michcio29

Verified User
Joined
Dec 2, 2017
Messages
41
Now seems to be works good I will let you know if auto renew SSl do not work correct. Is the any possible check early? now i need wait 14 day :|
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
Directadmin starts attempts to renew existing certs 30 days before it's expiration date. So you have to wait 59-60 days, unless you reset creation time stored in *.cert.creation_time to 100 for example or another value (do not set it to zero though).
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,818
Location
GMT +7.00
Try

Code:
echo $(hostname -f) >> /etc/virtual/domainowners
and request a cert for your hostname
 
Top