Get order info failed, the local order info file doesn't exist

jasperf · November 5, 2020, 3:46am

We are using an ACME 2 package https://github.com/stonemax/acme2 to set up LE SSL certificates for our sites running on Laravel PHP. This is on an Ubuntu 20.0.4 server running Nginx.

I recently moved over to a new DigitalOcean Droplet. I copied over all Nginx configuration files, all LE SSL certificates and such from our shared data directory. But now I see that for some reason the order for one has gone.

  Get order info failed, the local order info file doesn't exist, the order info file path is: /home/forge/site.com/shared/storage/tls/le-storage/f42bxxxx/rsa/ORDER

I checked:

forge@server-w-2:~/site.com/shared/storage/tls/le-storage/f42bxxxx/rsa$ ll
total 8
drwxr-xr-x+ 2 forge forge 4096 Nov  5 03:19 ./
drwxr-xr-x+ 3 forge forge 4096 Nov  5 03:19 ../

Had this issue before https://github.com/stonemax/acme2/issues/40 but do not have a solid solution for this issue now and also do not understand how the order disappeared.

How can I enforce / get a new certificate now and basically reset all?

_az · November 5, 2020, 4:06am

It looks like the certificate files are immediately deleted any time $generateNewOder = TRUE is passed to OrderService / Client.getOrder.

If an order was attempted that way but failed, you would be left without anything in that directory, and subsequent calls with $generateNewOrder = FALSE would fail with your error.

Hard to say, since your application code will be determining how the library is called, but you haven't shared that part.

jasperf · November 6, 2020, 1:20am

Figured it out. I forgot to add

include /home/forge/site.com/shared/storage/tls/sites.d/*.conf;

to nginx.conf to load these generated config files that themselves load the generated Let's Encrypt SSL certificates. Once that was done the existing one started loading well again and warning in the browser disappeared. I also had to run

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

To have the .pem on the new server as well. Without it the Nginx server could not load the new configuration change as this .pem is asked for by our generated Nginx configuration files for sites that use LE SSL certificates.

Do think a new renewal should work out just fine now too.

Only thing I wonder about is where LE SSL ACME 2 stores its logs. This so I could see that orders failed because.. configuration files were not included.. More details anyway.

system · December 5, 2020, 5:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.