Create/Renew cert in Shared Server x 1 specific domain

Hello my friends. I have a VPS with 2 IPs and several domains. I created and autorenew the SSL certificates for lots of my domains with the same IP, but im having problems RENEWING/creating for one of them. Tried removing and re-creating the certificate for this specific domain but with no luck, and the error is not very descriptive.
THANKS in advance!

information bellow:

My domain is:

I ran this command:
renew or create from DirectAdmin

It produced this output:
Requesting new certificate order…
Nonce is empty. Exiting. dig output of
Full nonce request output:
HTTP/2 200
server: nginx
date: Sun, 20 Oct 2019 04:10:15 GMT
cache-control: public, max-age=0, no-cache
replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw
x-frame-options: DENY
strict-transport-security: max-age=604800

My web server is (include version):
Apache 2.4.39

My hosting provider, if applicable, is:
Private VPS

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin 1.57.2

Hi @tomich

first step: Is there an update? Do you use DirectAdmin with your other domains or is this the only domain with DirectAdmin?

What says


PS: Your answer has a replay-nonce:

PS: There

is version 1.59.1 listed.

That may fix the problem.

hi Thanks for the quick answer.
I use directAdmin for all my domains, and successfully installed my SSL certificates for them with no problem.

Just updated to DirectAdmin version 1.59.4 but problem persists.

Traceroutes from reserver resolves:
[root@server ~]# traceroute
traceroute to (, 30 hops max, 60 byte packets
send: Operation not permitted

sorry im a newbie with SSL Certificates, dont know what replay-nonce means :sweat_smile:

replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw

is there anything else i could do?

soory CSF was blocking traceroute. Update answer:

PING 100% success

[root@server ~]# traceroute
traceroute to (, 30 hops max, 60 byte packets
1 gateway ( 1.960 ms 1.841 ms 1.767 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *

30 ***


you see the problem. Your server can’t talk with the Letsencrypt server.

Something like

D:\temp>tracert -4

1 <1 ms <1 ms <1 ms []
2 5 ms 4 ms 4 ms
3 6 ms 5 ms 6 ms
4 6 ms 6 ms 6 ms
5 6 ms 6 ms 6 ms []
6 7 ms 6 ms 7 ms []
7 6 ms 6 ms 6 ms []
8 6 ms 6 ms 6 ms

is expected.

Perhaps reduce the MTU from 1500 to 1300, sometimes that had helped. Or there is a blocking firewall. Outgoing connections are required.

i disabled CSF completly and retry to get certificate but failed with same error. Also tried traceroute with out success.

csf and lfd have been disabled
[root@server ~]# traceroute
traceroute to (, 30 hops max, 60 byte packets
** 1 gateway ( 0.941 ms 2.038 ms 1.241 ms**
**2 * * ***
** 3 * * ***

I made a ticket to my hosting provider, they did the following and encryption was successfull. Im leaving this here to see if its usefull for somebody else.

Panel: DirectAdmin.
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt


1 Like

Yep, looks like your DirectAdmin was broken.

That’s the only way to fix it.