[BlueOnyx:26739] Re: SSL/LE
Michael Stauber
mstauber at blueonyx.it
Mon Jan 29 21:12:28 -05 2024
Hi Herbert,
> This issue is related to Let's Encrypt. The process is failing to get a
> renewal of the certificate. I believe there is a strange catch-22. It
> rewrites the vhosts/site2 file in some damaged way.
> Then httpd does not properly restart. Then letsencrypt fails obviously
> and we are in a down webserver state.
>
> This is happening over and over again because of the expired certificate.
>
> Jan 29 12:04:58 d06 pperld /usr/sau[1802823]: pperld
> /usr/sausalito/handlers/base/ssl/le_install.pl <http://le_install.pl>: :
> WARNING: CertFail: 1 - NO VALID CERT WAS GENERATED!!
> Jan 29 12:04:58 d06 cced(smd)[1802819]: client
> 5:handlers/base/ssl/le_install.pl <http://le_install.pl>: SET 49 . SSL
> LEclientRet =
> "{\"Error\":\"[[base-ssl.LE_CA_Request_Error]]\",\"Status\":\"1\",\"ErrMsg\":\"
There may be an issue with your SSL key file for that Vsite. Typically
the key is re-used (if present) when a new certificate is being requested.
Try this:
In the GUI go to the Vsite in question and turn off SSL for it.
Then (as root and from SSH) find the "certs" directory of the Vsite in
question. It should be something like this:
5209R:
/home/sites/<FQDN>/certs/
5210R/5211R:
/home/sites/<FQDN>//wwwroot/certs/
Delete everything inside that directory. Then try to request a new SSL
certificate via Let's Encrypt.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list