Skip invalid cert / Return code: 2

Help
1

Hello

We cannot activate LE cert via ISPConfig on our second IP Failover server.
Website are managed with ISPC 3.2.6

  • DNS, aliases and website settings are identical to the ISPC config settings on our main production server

  • The problem exists only for 1 domain, other certs are checked/renewed without any trouble

  • By comparing files in /root/acme.sh/xxxxx.net/ there are 3 more files on the production server, these files doesn't exist on the backup server for the problematic domain generating the "invalid cert" message during renewal attempt :

-rw-r--r-- 1 root root 4003 Oct 28 09:10 xxxxx.net.cer
-rw-r--r-- 1 root root 3751 Oct 28 09:10 ca.cer
-rw-r--r-- 1 root root 7754 Oct 28 09:10 fullchain.cer

With this observation what is the best thing to do ?

  1. Perform additional checks ?
  2. Delete all /root/acme.sh/xxxxx.net/ files and try to renew certs via ISPC ?

Thank you in advance for your help !

2

Could you perhaps post the actual error message, preferably including the entire output/log file?

3 Likes
3

For information buyco.market has numerous website aliases
thanks

Here is the ISPC LE log :

[Mon 27 Dec 2021 12:48:01 AM UTC] Running cmd: cron
[Mon 27 Dec 2021 12:48:01 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:01 AM UTC] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:01 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:01 AM UTC] ===Starting cron===
[Mon 27 Dec 2021 12:48:01 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:01 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:01 AM UTC] Retrying GET
[Mon 27 Dec 2021 12:48:01 AM UTC] GET
[Mon 27 Dec 2021 12:48:01 AM UTC] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Mon 27 Dec 2021 12:48:01 AM UTC] timeout=
[Mon 27 Dec 2021 12:48:01 AM UTC] displayError='1'
[Mon 27 Dec 2021 12:48:01 AM UTC] _WGET='wget -q --content-on-error '
[Mon 27 Dec 2021 12:48:02 AM UTC] ret='0'
[Mon 27 Dec 2021 12:48:02 AM UTC] _hcode='0'
[Mon 27 Dec 2021 12:48:02 AM UTC] Already uptodate!
[Mon 27 Dec 2021 12:48:02 AM UTC] Upgrade success!
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Auto upgraded to: 3.0.2
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] _stopRenewOnError
[Mon 27 Dec 2021 12:48:02 AM UTC] _set_level='2'
[Mon 27 Dec 2021 12:48:02 AM UTC] di='/root/.acme.sh/buyco.market/'
[Mon 27 Dec 2021 12:48:02 AM UTC] d='buyco.market'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] DOMAIN_PATH='/root/.acme.sh/buyco.market'
[Mon 27 Dec 2021 12:48:02 AM UTC] Renew: 'buyco.market'
[Mon 27 Dec 2021 12:48:02 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Skip invalid cert for: buyco.market
[Mon 27 Dec 2021 12:48:02 AM UTC] Return code: 2 <-------------------------------------------------------------------
[Mon 27 Dec 2021 12:48:02 AM UTC] Skipped buyco.market
[Mon 27 Dec 2021 12:48:02 AM UTC] di='/root/.acme.sh/cposolutions.ch/'
[Mon 27 Dec 2021 12:48:02 AM UTC] d='cposolutions.ch'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] DOMAIN_PATH='/root/.acme.sh/cposolutions.ch'
[Mon 27 Dec 2021 12:48:02 AM UTC] Renew: 'cposolutions.ch'
[Mon 27 Dec 2021 12:48:02 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Skip, Next renewal time is: Sat 08 Jan 2022 10:23:18 AM UTC
[Mon 27 Dec 2021 12:48:02 AM UTC] Add '--force' to force to renew.
[Mon 27 Dec 2021 12:48:02 AM UTC] Return code: 2
[Mon 27 Dec 2021 12:48:02 AM UTC] Skipped cposolutions.ch
[Mon 27 Dec 2021 12:48:02 AM UTC] di='/root/.acme.sh/cposolutions.fr/'
[Mon 27 Dec 2021 12:48:02 AM UTC] d='cposolutions.fr'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] DOMAIN_PATH='/root/.acme.sh/cposolutions.fr'
[Mon 27 Dec 2021 12:48:02 AM UTC] Renew: 'cposolutions.fr'
[Mon 27 Dec 2021 12:48:02 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Skip, Next renewal time is: Sun 09 Jan 2022 07:58:54 AM UTC
[Mon 27 Dec 2021 12:48:02 AM UTC] Add '--force' to force to renew.
[Mon 27 Dec 2021 12:48:02 AM UTC] Return code: 2
[Mon 27 Dec 2021 12:48:02 AM UTC] Skipped cposolutions.fr
[Mon 27 Dec 2021 12:48:02 AM UTC] di='/root/.acme.sh/ns367202.ip-94-23-24.eu/'
[Mon 27 Dec 2021 12:48:02 AM UTC] d='ns367202.ip-94-23-24.eu'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] DOMAIN_PATH='/root/.acme.sh/ns367202.ip-94-23-24.eu'
[Mon 27 Dec 2021 12:48:02 AM UTC] Renew: 'ns367202.ip-94-23-24.eu'
[Mon 27 Dec 2021 12:48:02 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Using config home:/root/.acme.sh
[Mon 27 Dec 2021 12:48:02 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 27 Dec 2021 12:48:02 AM UTC] Skip, Next renewal time is: Sat 08 Jan 2022 10:14:49 AM UTC
[Mon 27 Dec 2021 12:48:02 AM UTC] Add '--force' to force to renew.
[Mon 27 Dec 2021 12:48:02 AM UTC] Return code: 2
[Mon 27 Dec 2021 12:48:02 AM UTC] Skipped ns367202.ip-94-23-24.eu
[Mon 27 Dec 2021 12:48:02 AM UTC] _error_level='3'
[Mon 27 Dec 2021 12:48:02 AM UTC] _set_level='2'
[Mon 27 Dec 2021 12:48:02 AM UTC] ===End cron===
1 Like
4

Please show:
/root/.acme.sh/acme.sh --list
ls -lR /root/.acme.sh/buyco.market

1 Like
5 
Main_Domain              KeyLength  SAN_Domains                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             CA               Created                          Renew
buyco.market             "4096"     www.buyco.market,alternashop.fr,www.alternashop.fr,apiachats.fr,www.apiachats.fr,argosveterinaireachats.fr,www.argosveterinaireachats.fr,bodyhitachats.fr,www.bodyhitachats.fr,buy.aprium-pharmacie.fr,www.buy.aprium-pharmacie.fr,buy.pharmacie-monge.fr,www.buy.pharmacie-monge.fr,buy.pharmonaturel.fr,www.buy.pharmonaturel.fr,capachats.fr,www.capachats.fr,cinovachats.fr,www.cinovachats.fr,conciergerie-pharmavie.fr,www.conciergerie-pharmavie.fr,dynamisachats.fr,www.dynamisachats.fr,ecotelachats.fr,www.ecotelachats.fr,franchisemarket.club,www.franchisemarket.club,hexapharmachats.fr,www.hexapharmachats.fr,homeserveachats.fr,www.homeserveachats.fr,mannesachats.fr,www.mannesachats.fr,mesachatspro.club,www.mesachatspro.club,montessoriachats.fr,www.montessoriachats.fr,myconciergerie-a-ma-pharmacie.fr,www.myconciergerie-a-ma-pharmacie.fr,mypharmacyservices.fr,www.mypharmacyservices.fr,myservicesceido.fr,www.myservicesceido.fr,optimoachats.fr,www.optimoachats.fr,partnersachats.fr,www.partnersachats.fr,programmeavantages.fr,www.programmeavantages.fr,reducpro.fr,www.reducpro.fr,servetiqachats.fr,www.servetiqachats.fr,sezaneachats.fr,www.sezaneachats.fr,synpaseachats.fr,www.synpaseachats.fr,vraimentproachats.fr,www.vraimentproachats.fr,wcpmarketplace.fr,www.wcpmarketplace.fr,blog.ecotelachats.fr                     LetsEncrypt.org
cposolutions.ch          "4096"     www.cposolutions.ch                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     LetsEncrypt.org  Tue 09 Nov 2021 10:23:18 AM UTC  Sat 08 Jan 2022 10:23:18 AM UTC
cposolutions.fr          "4096"     www.cposolutions.fr,alliancemarineachats.fr,www.alliancemarineachats.fr,blog.alternashop.fr,blog.apiachats.fr,blog.argosveterinaireachats.fr,blog.bodyhitachats.fr,blog.buyco.fr,blog.buyco.market,blog.capachats.fr,blog.cinovachats.fr,blog.dynamisachats.fr,blog.franchisemarket.club,blog.hexapharmachats.fr,blog.homeserveachats.fr,blog.mesachatspro.club,blog.montessoriachats.fr,blog.myconciergerie-a-ma-pharmacie.fr,blog.mypharmacyservices.fr,blog.optimoachats.fr,blog.partnersachats.fr,blog.programmeavantages.fr,blog.reducpro.fr,blog.servetiqachats.fr,blog.synpaseachats.fr,blog.vraimentproachats.fr,blog.wcpmarketplace.fr,buyco.fr,www.buyco.fr,catalogue.alternashop.fr,catalogue.apiachats.fr,catalogue.argosveterinaireachats.fr,catalogue.bodyhitachats.fr,catalogue.buyco.market,catalogue.capachats.fr,catalogue.cinovachats.fr,catalogue.dynamisachats.fr,catalogue.ecotelachats.fr,catalogue.franchisemarket.club,catalogue.hexapharmachats.fr,catalogue.homeserveachats.fr,catalogue.mesachatspro.club,catalogue.montessoriachats.fr,catalogue.myconciergerie-a-ma-pharmacie.fr,catalogue.mypharmacyservices.fr,catalogue.optimoachats.fr,catalogue.programmeavantages.fr,catalogue.reducpro.fr,catalogue.servetiqachats.fr,catalogue.synpaseachats.fr,catalogue.vraimentproachats.fr,catalogue.wcpmarketplace.fr,tools.cposolutions.fr  LetsEncrypt.org  Wed 10 Nov 2021 07:58:54 AM UTC  Sun 09 Jan 2022 07:58:54 AM UTC
ns367202.ip-94-23-24.eu  ""         no                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            

/root/.acme.sh/buyco.market:
total 16
-rw-r--r-- 1 root root 1596 Dec 27 07:52 buyco.market.conf
-rw-r--r-- 1 root root 3507 Dec 27 07:52 buyco.market.csr
-rw-r--r-- 1 root root 1695 Dec 27 07:52 buyco.market.csr.conf
-rw-r--r-- 1 root root 3243 Dec 27 07:52 buyco.market.key
8

Ok please show:
ls -l /root/.acme.sh/buyco.market/

The first cert ("buyco.market") is damaged:
image

1 Like
9

 

(Although I'm not sure why it says "total 16" where we only see 4..??)

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.