Create/Renew cert in Shared Server x 1 specific domain

Hello my friends. I have a VPS with 2 IPs and several domains. I created and autorenew the SSL certificates for lots of my domains with the same IP, but im having problems RENEWING/creating for one of them. Tried removing and re-creating the certificate for this specific domain but with no luck, and the error is not very descriptive.
THANKS in advance!

information bellow:

My domain is:
pasaportecervecero.com

I ran this command:
renew or create from DirectAdmin

It produced this output:
Requesting new certificate order…
Nonce is empty. Exiting. dig output of acme-v02.api.letsencrypt.org:
prod.api.letsencrypt.org.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
172.65.32.248
Full nonce request output:
HTTP/2 200
server: nginx
date: Sun, 20 Oct 2019 04:10:15 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw
x-frame-options: DENY
strict-transport-security: max-age=604800

My web server is (include version):
Apache 2.4.39

My hosting provider, if applicable, is:
Private VPS

I can login to a root shell on my machine (yes or no, or I don’t know):
YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin 1.57.2

Hi @tomich

first step: Is there an update? Do you use DirectAdmin with your other domains or is this the only domain with DirectAdmin?

What says

traceroute acme-v02.api.letsencrypt.org

PS: Your answer has a replay-nonce:

PS: There

is version 1.59.1 listed.

That may fix the problem.

hi Thanks for the quick answer.
I use directAdmin for all my domains, and successfully installed my SSL certificates for them with no problem.

Just updated to DirectAdmin version 1.59.4 but problem persists.

Traceroutes from reserver resolves:
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
send: Operation not permitted

sorry im a newbie with SSL Certificates, dont know what replay-nonce means

replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw

is there anything else i could do?

soory CSF was blocking traceroute. Update answer:

PING 100% success

[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (190.105.227.1) 1.960 ms 1.841 ms 1.767 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
…
30 ***

There

you see the problem. Your server can't talk with the Letsencrypt server.

Something like

D:\temp>tracert -4 acme-v02.api.letsencrypt.org.

1 <1 ms <1 ms <1 ms fritz.box [192.168.0.1]
2 5 ms 4 ms 4 ms 62.155.240.117
3 6 ms 5 ms 6 ms 217.239.55.2
4 6 ms 6 ms 6 ms 217.239.55.2
5 6 ms 6 ms 6 ms lag-10.edge4.Berlin1.Level3.net [4.68.73.5]
6 7 ms 6 ms 7 ms ae-1-3502.edge3.Berlin1.Level3.net [4.69.159.1]
7 6 ms 6 ms 6 ms unknown.Level3.net [212.162.40.34]
8 6 ms 6 ms 6 ms 172.65.32.248

is expected.

Perhaps reduce the MTU from 1500 to 1300, sometimes that had helped. Or there is a blocking firewall. Outgoing connections are required.

i disabled CSF completly and retry to get certificate but failed with same error. Also tried traceroute with out success.

csf and lfd have been disabled
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
** 1 gateway (190.105.227.1) 0.941 ms 2.038 ms 1.241 ms**
**2 * * ***
** 3 * * ***
....

I made a ticket to my hosting provider, they did the following and encryption was successfull. Im leaving this here to see if its usefull for somebody else.

Panel: DirectAdmin.
Procedure:
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

Yep, looks like your DirectAdmin was broken.

That's the only way to fix it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.