Urgent problem with LetsEncrypt failing to renew certificates

Roberto

Verified User
Joined
Apr 6, 2013
Messages
127
Location
London
I'm getting problems with LetsEncrypt, which is now failing to renew existing SSL certificates for a number of domains. Here is one example error message in system messages relating to one of the domains.


Subject: Error during automated certificate renewal for exampledomain.com
grep: /usr/local/directadmin/data/users/admin/user.conf: No such file or directory
2020/07/07 00:16:05 [INFO] acme: Registering account for admin@server
2020/07/07 00:16:05 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: contact email "admin@server" has invalid domain : Domain name needs at least one dot, url:
Certificate generation failed.
<br>

When I manually try and create the certificate from scratch whilst logged into that domain, I get this:-

Cannot Execute Your Request​
Details
grep: /usr/local/directadmin/data/users/admin/user.conf: No such file or directory
2020/07/07 02:22:47 [INFO] acme: Registering account for admin@server
2020/07/07 02:22:47 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: contact email "admin@server" has invalid domain : Domain name needs at least one dot, url:
Certificate generation failed.​

Reading another post from 2016, I tried to rebuild LetsEncrypt, but still get the problem. I used this command set:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

Still getting the errors. I have no idea what's causing this, and would appreciate some advice, please?

Regards
 
Reading the error, I notice the line
grep: /usr/local/directadmin/data/users/admin/user.conf: No such file or directory

When I setup the server, I changed the name of the admin user to something else so it wasn't easy to guess the main admin user. LetsEncrypt has not had a problem with this until around last week when the errors started when it came to renewal. It seems to be looking for the user.conf in the admin folder, and my admin username is different. Likewise the admin folder in /usr/local/directadmin/data/users/ is also different.

Any thoughts?
 
Last edited:
Emailadres / user for that letsencrypt domain account in DA working searcg Forum SMTALK did write react on kind of the same her for a while ago.

If you have ther none, a not working or maybe even admin email but not sure because not in my mind to remember all.

( the letsencrypt needs emailadres that is working)

I Guess we need a howto / help topic for that to solve it afterwards?

 
Last edited:
Hi ikkeben

Thank you for your response and help.

After resetting the email for the main admin user, I am still getting this error when I manually try and create a certificate for a user:



Cannot Execute Your Request​

Details
grep: /usr/local/directadmin/data/users/admin/user.conf: No such file or directory
2020/07/07 09:06:32 [INFO] acme: Registering account for admin@server
2020/07/07 09:06:32 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: contact email "admin@server" has invalid domain : Domain name needs at least one dot, url:
Certificate generation failed.​

The error is actually different from the one in the link you provided. The error on my server is referring to this file...
/usr/local/directadmin/data/users/admin/user.conf:

This file does not exist, because my admin username is not the standard "admin" name, it was changed during the time I set up the server years ago. LetsEncrypt has been working well up until a week or so ago. DirectAdmin or LetsEncrypt is now assuming all admin users have the name "admin" I think. This is a change from before. (I'm assuming here).
 
Last edited:
May you check if version 2.0.5 solves it? Just use custom_versions.txt for the override, or edit it in versions.txt (md5sum can be removed).
 
May you check if version 2.0.5 solves it? Just use custom_versions.txt for the override, or edit it in versions.txt (md5sum can be removed).

Should I run this set of commands?

cd /usr/local/directadmin/custombuild
echo "letsencrypt:2.0.5:a944b069ac70c3e574c25def6e1d6b2f" > custom_versions.txt
./build letsencrypt
 
Last edited:
When I ran the above, I got the output...

Let's encrypt client 2.0.4 has been installed.

even though I specified 2.0.5 in the custom_versions.txt file
 
OK, update. I tried to change customs versions from CustomBuild 2 instead of the command prompt.

/CMD_PLUGINS_ADMIN/custombuild/versions.html

Here I was able to specificy 2.0.5 and then update the software to 2.0.5, not sure why it failed at the command prompt.

I then logged in as a user and generated an SSL from scratch. I got this output:



Certificate and Key Saved.​

Details
2020/07/07 10:56:32 No key found for account [email protected]. Generating a 4096 key.
2020/07/07 10:56:34 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/server.mydomain.com/keys/[email protected]
2020/07/07 10:56:35 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/usr/local/directadmin/data/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2020/07/07 10:56:35 [INFO] [userdomain.com, www.userdomain.com] acme: Obtaining SAN certificate
2020/07/07 10:56:35 [INFO] [userdomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx
2020/07/07 10:56:35 [INFO] [www.userdomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxx
2020/07/07 10:56:35 [INFO] [userdomain.com] acme: Could not find solver for: tls-alpn-01
2020/07/07 10:56:35 [INFO] [userdomain.com] acme: use http-01 solver
2020/07/07 10:56:35 [INFO] [www.userdomain.com] acme: Could not find solver for: tls-alpn-01
2020/07/07 10:56:35 [INFO] [www.userdomain.com] acme: use http-01 solver
2020/07/07 10:56:35 [INFO] [userdomain.com] acme: Trying to solve HTTP-01
2020/07/07 10:56:40 [INFO] [userdomain.com] The server validated our request
2020/07/07 10:56:40 [INFO] [www.userdomain.com] acme: Trying to solve HTTP-01
2020/07/07 10:56:47 [INFO] [www.userdomain.com] The server validated our request
2020/07/07 10:56:47 [INFO] [userdomain.com, www.userdomain.com] acme: Validations succeeded; requesting certificates
2020/07/07 10:56:51 [INFO] [userdomain.com] Server responded with a certificate.
Certificate for userdomain.com,www.userdomain.com has been created successfully!userdomain.com​

It appears to have allowed the certificate to be created again from scratch using version 2.0.5. However, I noticed from the above output, it is still referring to [email protected] and not the email I updated earlier. (I changed my actual server domain to mydomain.com for this thread.)
 
Last edited:
Can you tell me if v2.0.5 is the next version of letsencrypt and my above changes forced it to update to that? Why was it not already updating to that? I fail to understand why it was not already updating to the latest if it was meant to?
 
Can you tell me if v2.0.5 is the next version of letsencrypt and my above changes forced it to update to that? Why was it not already updating to that? I fail to understand why it was not already updating to the latest if it was meant to?
2.0.5 is not yet released, I placed it just for a test :) I’ll update it accordingly to find renamed admin’s email.
 
2.0.5 is not yet released, I placed it just for a test :) I’ll update it accordingly to find renamed admin’s email.

OK, thanks for explaining. That makes some sense now.

I am hoping that when other domains come to renew their certificates, it'll work smoothly now. I think I'll remove the custom_versions.txt file now so it doesn't interfere with future updates.

Many thanks. Please let me know if you have any further instructions once you have finished what you're doing for the next version?
 
May you try 2.0.5 one more time? It should use your renamed admin's email now :) If everything is alright - I'll put it to public. Thanks.
 
Hi

I rolled back to 2.0.4 and then updated to 2.0.5 using CustomBuild 2.0 method as before. It worked, I am now seeing the email address I entered in as the admin server when I updated the admin email. Here is the output from a user regenerating the SSL cert from scratch after the rollback and update again.

Certificate and Key Saved.​
Details
2020/07/07 22:59:34 No key found for account [email protected]. Generating a 4096 key.
2020/07/07 22:59:35 Saved key to /usr/local/directadmin/data/.lego/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2020/07/07 22:59:35 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/usr/local/directadmin/data/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2020/07/07 22:59:36 [INFO] [exampledomain.com, www.exampledomain.com] acme: Obtaining SAN certificate
2020/07/07 22:59:36 [INFO] [exampledomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2020/07/07 22:59:36 [INFO] [www.exampledomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxx
2020/07/07 22:59:36 [INFO] [exampledomain.com] acme: Could not find solver for: tls-alpn-01
2020/07/07 22:59:36 [INFO] [exampledomain.com] acme: use http-01 solver
2020/07/07 22:59:36 [INFO] [www.exampledomain.com] acme: Could not find solver for: tls-alpn-01
2020/07/07 22:59:36 [INFO] [www.exampledomain.com] acme: use http-01 solver
2020/07/07 22:59:36 [INFO] [exampledomain.com] acme: Trying to solve HTTP-01
2020/07/07 22:59:41 [INFO] [exampledomain.com] The server validated our request
2020/07/07 22:59:41 [INFO] [www.exampledomain.com] acme: Trying to solve HTTP-01
2020/07/07 22:59:47 [INFO] [www.exampledomain.com] The server validated our request
2020/07/07 22:59:47 [INFO] [exampledomain.com, www.exampledomain.com] acme: Validations succeeded; requesting certificates
2020/07/07 22:59:50 [INFO] [exampledomain.com] Server responded with a certificate.
Certificate for exampledomain.com,www.exampledomain.com has been created successfully!exampledomain.com​

It worked!

Many thanks!
 
Good morning,

I discovered the same issue yesterday and I updated LetsEncrypt but still the same error:

Code:
2020/07/14 09:30:45 [INFO] acme: Registering account for admin@localhost
2020/07/14 09:30:49 Could not complete registration
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:invalidEmail :: Error creating new account :: contact email "admin@localhost" has invalid domain : Domain name needs at least one dot, url:
Certificate generation failed.

What to do next? I hope someone can help me..... Thanks a lot!

Vincent Volmer
 
Just had the same issue, if anyone is wondering where to change the password for the admin account:

Edit this file:
/usr/local/directadmin/data/users/admin/user.conf

Then restart directadmin and Letsencrypt should work again (it did for me).
 
Back
Top