Renew SSL for non-existing subdomain

T

Taro

Verified User
Joined
May 12, 2014
Messages
15
In the past I used to access DirectAdmin by using the URL server.domain1.com (example), while my website used to run on www.domain1.com. When LetsEncrypt functionality was added I somehow managed to create a SSL certificate for server.domain1.com to use HTTPS for DirectAdmin, but it failed to renew automatically. Since server.domain1.com isn't in the domains list, I can't renew or remove the certificate while using the DA GUI. I decided to disable SSL entirely and the reminders stopped.

Some days ago I updated the LetsEncrypt client, changed some settings and managed to add SSL certificates to domain1.com, domain2.com, domain3.com, etc. etc. But now I get a renew error in my mailbox for server.domain1.com every day. Server.domain1.com doesn't seem to be using the SSL certificate for domain1.com and I also can't select server.domain1.com in the checklist with all possible options for a multidomain certificate.

The error:

Setting up certificate for a hostname: server.domain1.com
Getting challenge for server.domain1.com from acme-server...
Error: http://server.domain1.com/.well-known/acme-challenge/letsencrypt_1483240868 is not reachable. Aborting the script.
dig output for server.domain1.com:
[IP-HERE]
Please make sure /.well-known alias is setup in WWW server.
<br>

Can I renew this certificate by using the GUI? Or is using the commandline the only option? How should I do that without messing up the proper SSL certificate which is already there for domain1.com?

Thanks!
 
Who is able to help with this problem? I'm still seeing the error every day....

Creating a subdomain called "server" for domain1.com also doesn't work, server.domain1.com shows up in the multidomain list then, but it won't renew the certificate with the same error as above.
 
If you don't want DirectAdmin to try to renew server.domain1.com anymore, you could delete this files:

Code: 
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.san_config
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.cert.creation_time
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.csr

Please see: https://www.directadmin.com/features.php?id=1860
 
ditto said:
If you don't want DirectAdmin to try to renew server.domain1.com anymore, you could delete this files:

Code: 
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.san_config
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.cert.creation_time
/usr/local/directadmin/data/users/USERNAME/domains/server.domain1.com.csr

Please see: https://www.directadmin.com/features.php?id=1860
Click to expand...

I forgot to mention that the server.domain1.com files can't be found there. I can only find domain1.com there, not server.domain1.com. Is there a chance they are combined with domain1.com and should I throw them away? Or is something else wrong?
 
Yes, you could try to edit:
/usr/local/directadmin/data/users/USERNAME/domains/domain1.com.san_config

If you find server.domain1.com and www.server.domain1.com in that file, remove them and save the file.
 
ditto said:
Yes, you could try to edit:
/usr/local/directadmin/data/users/USERNAME/domains/domain1.com.san_config

If you find server.domain1.com and www.server.domain1.com in that file, remove them and save the file.
Click to expand...

It's not in there, only domain1.com & www.domain1.com. But it maybe used to be there in the past because I have a new certificate for this domain. How should I fix this?
 
Ok, found it. It was the server certificate, not a domain certificate and located somewhere else. Hopefully I won't see an error tomorrow morning :)

Edit/update: Solved!
 
Last edited:
You must log in or register to reply here.
Back
Top