Ssl verify memory setup failure, how to create a new cert when the ip changed


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: domain.com

I ran this command: na

It produced this output: na

My web server is (include version): httpd

The operating system my web server runs on is (include version): openbsd

My hosting provider, if applicable, is: na

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hello,
Recently IPs have been changed, and renew of existing certificates failed with this error “ssl verify memory setup failure”.
So deleted the account key, domain key, and the certificate, and tried to create (not renew) a new certificate, but still get the same error.
What is the proper way to create a new certificate when the IP has been changed?
Any help would be much appreciated.


#2

Hi @cblu2se5t

the IP of your server is irrelevant. The correct dns entries are relevant.

This doesn’t help.

There is a problem, but it’s not clear, what’s the problem.

So please answer all these questions - domain name, client, command, hoster, specific result of the command etc.


#3

Thank you for your reply, JuergenAuer.
client: acme-client
command: acme-client -vv
hoster: own hosting
result: …ssl verify memory setup failure…

The below 8 lines are all I get when I enter the command.
…domain key
…account key
…cert … days left
…directory
…DNS: ip …
ip:tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify memory setup failure
…bad comm
bad exit…

The process ends very shortly…
http-01 challenge type. Changed/rewrote dns records (also some network, firewall, etc. configurations are changed).
A, NS, SOA records seem to be working. (command dig, host gets answers.)
What can cause the ssl verify memory setup failure, if not invalid dns records?
Could you also let me know what the dns entries required are, when it is http-01 challenge type?
Sorry indeed, I can’t tell domain.
I would appreciate your time and any help. Thank you indeed.


#4

I don’t know what this client is doing.

But that

sounds, that this client is buggy. Do you have enough RAM? Or is it possible to use another client?