Problem with generate SSL

djcart

djcart

Verified User
Joined
Jun 29, 2021
Messages
126
Hi,

we are experiencing a persistent issue with Let’s Encrypt certificate generation via the DirectAdmin GUI.
Generating Let’s Encrypt certificates from the DirectAdmin GUI fails for all domains.
Directadmin logs error ends with the following error in logs:

cgo::UseLetsencrypt: EOF

This happens for every domain, not just a single one.
Generating certificates via CLI works correctly:

/usr/local/directadmin/scripts/letsencrypt.sh request domain.tld username

Certificates are issued successfully by Let’s Encrypt.
The issue occurs after the certificate is issued, during GUI processing.


Does anyone have any ideas?
 
@djcart please try checking this file:
Code: 
/usr/local/directadmin/data/admin/letsencrypt_rate_limits/weekly.json
If it is completely empty, then just add the pair of square brackets there, like:
Code: 
[]
and then try to re-generate SSL for your domains once again.
 
Hi,
we are experiencing a persistent problem with Let’s Encrypt certificate generation via the DirectAdmin GUI on multiple servers.

Problem description​

  • Generating Let’s Encrypt certificates via the DirectAdmin GUI fails for all domains
  • The issue affects existing domains (renewals) as well as new domains

Error / symptoms​

  • Could not execute the request

Environment​

  • DirectAdmin versions affected: 1.691, 1.692, 1.693
  • OS: AlmaLinux 8
  • Happens on multiple servers (in our case ~20 DirectAdmin servers)
 
Last edited:
@Marwen please provide the result of this command from the one of DA server where you have the problem with SSL generation:
Code: 
find /usr/local/directadmin/ -name custom | xargs ls -la
 
Code: 
/usr/local/directadmin/scripts/custom:
insgesamt 100
drwx--x--x 2 root     root     4096  7. Jan 11:43 .
drwxr-xr-x 3 root     root     4096  7. Jan 11:43 ..
-rwx------ 1 diradmin diradmin  142 18. Feb 2021  all_backups_post.sh
-rwx------ 1 diradmin diradmin  441 18. Feb 2021  all_backups_pre.sh
-rwx------ 1 diradmin diradmin 3518 18. Feb 2021  block_ip.sh
-rwx------ 1 diradmin diradmin  406 18. Feb 2021  brute_force_notice_ip.sh
-rwx------ 1 diradmin diradmin  259 18. Feb 2021  dns_create_post.sh
-rwx------ 1 diradmin diradmin  186 18. Feb 2021  dns_delete_post.sh
-rwx------ 1 diradmin diradmin 1294 18. Feb 2021  domain_create_post.sh
-rwx------ 1 diradmin diradmin 1117 18. Feb 2021  domain_destroy_post.sh
-rwx------ 1 diradmin diradmin 2904 18. Feb 2021  ftp_download.php
-rwx------ 1 diradmin diradmin 5460 18. Feb 2021  ftp_list.php
-rwx------ 1 diradmin diradmin 6459 18. Feb 2021  ftp_upload.php
-rw-r--r-- 1 root     root     6714  7. Jan 11:43 README
-rwx------ 1 diradmin diradmin  102 18. Feb 2021  show_blocked_ips.sh
-rwx------ 1 diradmin diradmin 2564 18. Feb 2021  unblock_ip.sh
-rwx------ 1 diradmin diradmin  429 18. Feb 2021  user_backup_post.sh
-rwx------ 1 diradmin diradmin  962 18. Feb 2021  user_create_post.sh
-rwx------ 1 diradmin diradmin  115 18. Feb 2021  user_destroy_post.sh
-rwx------ 1 diradmin diradmin   10 18. Feb 2021  user_destroy_pre.sh
-rwx------ 1 diradmin diradmin   10 18. Feb 2021  user_restore_post.sh
 
Do not see anything special or bad there.
@Marwen Please open the ticket, provide SSH access the one of the problematic server and the name of domain which can be used for testing SSL issue.
 
Hello,

I'm struggling with the same issue on both of my servers. Is there a solution already?
 
As I investigated further in this file:
/usr/local/directadmin/data/users/USERNAME/openlitespeed.conf
there is an include:
# include aliases
include /usr/local/lsws/conf/httpd-alias.conf

but this file is not there. It is at /etc/openlitespeed/

Is it possible the last OLS update broke it? Or is it possible to fix this route in directadmin conf file somewhere?

The workaround was to copy
/etc/openlitespeed/httpd-alias.conf
to
/usr/local/lsws/conf/
and reload Openlitespeed.
 
Since yesterday one domain on my Directadmin server can't generate a Letsencrypt certificate.
As far as I understand the issue is:
domain.com was skipped due to unreachable http://domain.com/.well-known/acme-challenge/letsencrypt_910a9371aab97379d03e3e1b7bc7a9dc file.
www.domain.com was skipped due to unreachable http://www.domain.com/.well-known/acme-challenge/letsencrypt_20494df59038e3f6366da66193be5359 file.
No domains pointing to this server to generate the certificate for.

However, I created a test file and disabled Cloudflare for testing, and I can access a file the test file just fine:
http://domain.com/.well-known/acme-challenge/test.txt

If I try to generate the cert manually through Directadmin user panel, it only says:
"Could not execute your request"

I also get a message with the following:
The file:
/usr/local/directadmin/data/users/username/domains/domain.com.cacert
belonging to account user, domain , is either empty or missing,
but it's set to be used in that domain's config.
This is an incorrect state, so please re-add or unset file, and notify DirectAdmin support if it re-occurs.

I've verified that the file domain.com.cacert is in fact missing.

I've restarted openlitespeed, named and Directadmin. Cloudflare doesn't force HTTPS redirect. I'm running Almalinux 8.10 and Directadmin 1.693, with OpenLitespeed as web server.

Three things I should mention:
- This domain is the same domain used for the Directadmin server, but with the hostname da (da.domain.com).
- This domain was working fine up until yesterday.
- I have 20+ domains on that same server working fine as always.
 
I removed the old custom templates from /usr/local/directadmin/data/templates/custom/ and I was able to regenerate the SSL cert.
Thanks community!
 
You must log in or register to reply here.
Back
Top