Create/Renew cert in Shared Server x 1 specific domain

Hello my friends. I have a VPS with 2 IPs and several domains. I created and autorenew the SSL certificates for lots of my domains with the same IP, but im having problems RENEWING/creating for one of them. Tried removing and re-creating the certificate for this specific domain but with no luck, and the error is not very descriptive.
THANKS in advance!

information bellow:

My domain is:
pasaportecervecero.com

I ran this command:
renew or create from DirectAdmin

It produced this output:
Requesting new certificate order…
Nonce is empty. Exiting. dig output of acme-v02.api.letsencrypt.org:
prod.api.letsencrypt.org.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
172.65.32.248
Full nonce request output:
HTTP/2 200
server: nginx
date: Sun, 20 Oct 2019 04:10:15 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw
x-frame-options: DENY
strict-transport-security: max-age=604800

My web server is (include version):
Apache 2.4.39

My hosting provider, if applicable, is:
Private VPS

I can login to a root shell on my machine (yes or no, or I don’t know):
YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin 1.57.2

Hi @tomich

first step: Is there an update? Do you use DirectAdmin with your other domains or is this the only domain with DirectAdmin?

What says

traceroute acme-v02.api.letsencrypt.org

PS: Your answer has a replay-nonce:

PS: There

is version 1.59.1 listed.

That may fix the problem.

hi Thanks for the quick answer.
I use directAdmin for all my domains, and successfully installed my SSL certificates for them with no problem.


Just updated to DirectAdmin version 1.59.4 but problem persists.


Traceroutes from reserver resolves:
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
send: Operation not permitted

sorry im a newbie with SSL Certificates, dont know what replay-nonce means :sweat_smile:

replay-nonce: 0002w5HwgK-z-t7xrDivTZw3mFdYc5thB7WojSe-pqIzvGw


is there anything else i could do?

soory CSF was blocking traceroute. Update answer:

PING 100% success

[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (190.105.227.1) 1.960 ms 1.841 ms 1.767 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *

30 ***

There

you see the problem. Your server can’t talk with the Letsencrypt server.

Something like

D:\temp>tracert -4 acme-v02.api.letsencrypt.org.

1 <1 ms <1 ms <1 ms fritz.box [192.168.0.1]
2 5 ms 4 ms 4 ms 62.155.240.117
3 6 ms 5 ms 6 ms 217.239.55.2
4 6 ms 6 ms 6 ms 217.239.55.2
5 6 ms 6 ms 6 ms lag-10.edge4.Berlin1.Level3.net [4.68.73.5]
6 7 ms 6 ms 7 ms ae-1-3502.edge3.Berlin1.Level3.net [4.69.159.1]
7 6 ms 6 ms 6 ms unknown.Level3.net [212.162.40.34]
8 6 ms 6 ms 6 ms 172.65.32.248

is expected.

Perhaps reduce the MTU from 1500 to 1300, sometimes that had helped. Or there is a blocking firewall. Outgoing connections are required.

i disabled CSF completly and retry to get certificate but failed with same error. Also tried traceroute with out success.

csf and lfd have been disabled
[root@server ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
** 1 gateway (190.105.227.1) 0.941 ms 2.038 ms 1.241 ms**
**2 * * ***
** 3 * * ***

I made a ticket to my hosting provider, they did the following and encryption was successfull. Im leaving this here to see if its usefull for somebody else.

Panel: DirectAdmin.
Procedure:
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

:grinning::grinning:

1 Like

Yep, looks like your DirectAdmin was broken.

That’s the only way to fix it.