tomich
November 6, 2019, 3:02pm
1
Hello my friends. I have a VPS with 2 IPs and several domains. I created and autorenew the SSL certificates for lots of my domains with the same IP, but im having problems RENEWING/creating for one of them. Tried removing and re-creating the certificate for this specific domain but with no luck, and the error is not very descriptive.
THANKS in advance!
information bellow:
My domain is:
pasaportecervecero.com
I ran this command:
renew or create from DirectAdmin
It produced this output:
Requesting new certificate order…
Nonce is empty. Exiting. dig output of acme-v02.api.letsencrypt.org :
prod.api.letsencrypt.org .
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com .
172.65.32.248
Full nonce request output:
HTTP/2 200
server: nginx
date: Sun, 20 Oct 2019 04:10:15 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory ;rel="index"
replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw
x-frame-options: DENY
strict-transport-security: max-age=604800
My web server is (include version):
Apache 2.4.39
My hosting provider, if applicable, is:
Private VPS
I can login to a root shell on my machine (yes or no, or I don’t know):
YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin 1.57.2
Hi @tomich
tomich:
DirectAdmin 1.57.2
first step: Is there an update? Do you use DirectAdmin with your other domains or is this the only domain with DirectAdmin?
What says
traceroute acme-v02.api.letsencrypt.org
PS: Your answer has a replay-nonce:
PS: There
DirectAdmin is a graphical web-based web hosting control panel allowing administration of websites through a web browser. The software is configurable to enable standalone, reseller, and shared web hosting from a single instance. DirectAdmin also permits management of server tasks and upgrades to package software (such as Apache HTTP Server, PHP, and MySQL ) from within the control panel - simplifying server and hosting configuration.
DirectAdmin is compatible with several versions of CloudLinu...
is version 1.59.1 listed.
That may fix the problem.
tomich
November 6, 2019, 3:47pm
3
hi Thanks for the quick answer.
I use directAdmin for all my domains, and successfully installed my SSL certificates for them with no problem.
Just updated to DirectAdmin version 1.59.4 but problem persists.
Traceroutes from reserver resolves:
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
send: Operation not permitted
sorry im a newbie with SSL Certificates, dont know what replay-nonce means
replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw
is there anything else i could do?
tomich
November 6, 2019, 4:06pm
4
soory CSF was blocking traceroute. Update answer:
PING 100% success
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (190.105.227.1) 1.960 ms 1.841 ms 1.767 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
…
30 ***
There
you see the problem. Your server can't talk with the Letsencrypt server.
Something like
D:\temp>tracert -4 acme-v02.api.letsencrypt.org .
1 <1 ms <1 ms <1 ms fritz.box [192.168.0.1]
2 5 ms 4 ms 4 ms 62.155.240.117
3 6 ms 5 ms 6 ms 217.239.55.2
4 6 ms 6 ms 6 ms 217.239.55.2
5 6 ms 6 ms 6 ms lag-10.edge4.Berlin1.Level3.net [4.68.73.5]
6 7 ms 6 ms 7 ms ae-1-3502.edge3.Berlin1.Level3.net [4.69.159.1]
7 6 ms 6 ms 6 ms unknown.Level3.net [212.162.40.34]
8 6 ms 6 ms 6 ms 172.65.32.248
is expected.
Perhaps reduce the MTU from 1500 to 1300, sometimes that had helped. Or there is a blocking firewall. Outgoing connections are required.
tomich
November 6, 2019, 4:40pm
6
tomich:
172.65.32.248
i disabled CSF completly and retry to get certificate but failed with same error. Also tried traceroute with out success.
csf and lfd have been disabled
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
** 1 gateway (190.105.227.1) 0.941 ms 2.038 ms 1.241 ms**
**2 * * ***
** 3 * * ***
....
tomich
November 7, 2019, 3:37am
7
I made a ticket to my hosting provider, they did the following and encryption was successfull. Im leaving this here to see if its usefull for somebody else.
Panel: DirectAdmin.
Procedure:
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt
1 Like
Yep, looks like your DirectAdmin was broken.
That's the only way to fix it.
system
Closed
December 7, 2019, 7:22am
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.